forked from CrowdStrike/SuperMem
-
Notifications
You must be signed in to change notification settings - Fork 0
/
yara_signatures_repo_index.yar
577 lines (577 loc) · 33 KB
/
yara_signatures_repo_index.yar
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
/*
Expected location of this file is: /opt/yara_signatures_repo_index.yar
Neo23x0 Yara Rules: https://github.com/Neo23x0/signature-base
*/
include "/opt/signature-base/yara/gen_rar_exfil.yar"
include "/opt/signature-base/yara/apt_exile_rat.yar"
include "/opt/signature-base/yara/crime_shifu_trojan.yar"
include "/opt/signature-base/yara/crime_emotet.yar"
include "/opt/signature-base/yara/gen_nimpackt.yar"
include "/opt/signature-base/yara/crime_kasper_oct17.yar"
include "/opt/signature-base/yara/generic_dumps.yar"
include "/opt/signature-base/yara/gen_faked_versions.yar"
include "/opt/signature-base/yara/apt_sofacy_xtunnel_bundestag.yar"
include "/opt/signature-base/yara/apt_triton_mal_sshdoor.yar"
include "/opt/signature-base/yara/apt_backspace.yar"
include "/opt/signature-base/yara/gen_win_privesc.yar"
include "/opt/signature-base/yara/exploit_cve_2018_0802.yar"
include "/opt/signature-base/yara/apt_poshspy.yar"
include "/opt/signature-base/yara/crime_ransom_ragna_locker.yar"
include "/opt/signature-base/yara/gen_susp_wer_files.yar"
include "/opt/signature-base/yara/gen_cert_payloads.yar"
include "/opt/signature-base/yara/gen_xtreme_rat.yar"
include "/opt/signature-base/yara/apt_dtrack.yar"
include "/opt/signature-base/yara/expl_cve_2021_26084_confluence_log.yar"
include "/opt/signature-base/yara/apt_ke3chang.yar"
include "/opt/signature-base/yara/apt_slingshot.yar"
include "/opt/signature-base/yara/apt_lnx_kobalos.yar"
include "/opt/signature-base/yara/apt_nanocore_rat.yar"
include "/opt/signature-base/yara/apt_cn_reddelta.yar"
include "/opt/signature-base/yara/exploit_cve_2015_2545.yar"
include "/opt/signature-base/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar"
include "/opt/signature-base/yara/apt_hellsing_kaspersky.yar"
include "/opt/signature-base/yara/apt_tick_weaponized_usb.yar"
include "/opt/signature-base/yara/exploit_gitlab_cve_2021_22205.yar"
include "/opt/signature-base/yara/apt_ta18_074A.yar"
include "/opt/signature-base/yara/apt_sofacy_hospitality.yar"
include "/opt/signature-base/yara/crime_ransom_stealbit_lockbit.yar"
include "/opt/signature-base/yara/apt_wildneutron.yar"
include "/opt/signature-base/yara/apt_ruag.yar"
include "/opt/signature-base/yara/exploit_cve_2015_5119.yar"
include "/opt/signature-base/yara/apt_fin8.yar"
include "/opt/signature-base/yara/apt_icefog.yar"
include "/opt/signature-base/yara/expl_cve_2021_1647.yar"
include "/opt/signature-base/yara/crime_teledoor.yar"
include "/opt/signature-base/yara/crime_icedid.yar"
include "/opt/signature-base/yara/apt_leviathan.yar"
include "/opt/signature-base/yara/apt_cobaltstrike.yar"
include "/opt/signature-base/yara/apt_quasar_vermin.yar"
include "/opt/signature-base/yara/gen_rottenpotato.yar"
include "/opt/signature-base/yara/gen_winshells.yar"
include "/opt/signature-base/yara/apt_apt37.yar"
include "/opt/signature-base/yara/apt_project_m.yar"
include "/opt/signature-base/yara/apt_ism_rat.yar"
include "/opt/signature-base/yara/apt_sofacy.yar"
include "/opt/signature-base/yara/crime_bad_patch.yar"
include "/opt/signature-base/yara/apt_hafnium.yar"
include "/opt/signature-base/yara/apt_area1_phishing_diplomacy.yar"
include "/opt/signature-base/yara/apt_winnti_linux.yar"
include "/opt/signature-base/yara/gen_excel_xll_addin_suspicious.yar"
include "/opt/signature-base/yara/crime_parallax_rat.yar"
include "/opt/signature-base/yara/gen_recon_indicators.yar"
include "/opt/signature-base/yara/gen_susp_sfx.yar"
include "/opt/signature-base/yara/apt_solarwinds_sunburst.yar"
include "/opt/signature-base/yara/crime_rombertik_carbongrabber.yar"
include "/opt/signature-base/yara/apt_between-hk-and-burma.yar"
include "/opt/signature-base/yara/apt_duqu1_5_modules.yar"
include "/opt/signature-base/yara/apt_kaspersky_duqu2.yar"
include "/opt/signature-base/yara/gen_khepri.yar"
include "/opt/signature-base/yara/gen_powershell_susp.yar"
include "/opt/signature-base/yara/gen_url_persitence.yar"
include "/opt/signature-base/yara/vul_cve_2020_1938.yar"
include "/opt/signature-base/yara/apt_kwampirs.yar"
include "/opt/signature-base/yara/apt_foudre.yar"
include "/opt/signature-base/yara/gen_susp_office_dropper.yar"
include "/opt/signature-base/yara/general_officemacros.yar"
include "/opt/signature-base/yara/apt_xrat.yar"
include "/opt/signature-base/yara/apt_ta18_149A.yar"
include "/opt/signature-base/yara/crime_rat_parallax.yar"
include "/opt/signature-base/yara/crime_buzus_softpulse.yar"
include "/opt/signature-base/yara/apt_sofacy_jun16.yar"
include "/opt/signature-base/yara/apt_onhat_proxy.yar"
include "/opt/signature-base/yara/crime_ryuk_ransomware.yar"
include "/opt/signature-base/yara/expl_adselfservice_cve_2021_40539.yar"
include "/opt/signature-base/yara/gen_icon_anomalies.yar"
include "/opt/signature-base/yara/crime_ransom_conti.yar"
include "/opt/signature-base/yara/apt_dustman.yar"
include "/opt/signature-base/yara/apt_revenge_rat.yar"
include "/opt/signature-base/yara/gen_ace_with_exe.yar"
include "/opt/signature-base/yara/crime_andromeda_jun17.yar"
include "/opt/signature-base/yara/apt_sysscan.yar"
include "/opt/signature-base/yara/apt_greenbug.yar"
include "/opt/signature-base/yara/apt_saudi_aramco_phish.yar"
include "/opt/signature-base/yara/gen_gen_cactustorch.yar"
include "/opt/signature-base/yara/apt_sandworm_exim_expl.yar"
include "/opt/signature-base/yara/crime_nansh0u.yar"
include "/opt/signature-base/yara/apt_winnti_ms_report_201701.yar"
include "/opt/signature-base/yara/crime_fireball.yar"
include "/opt/signature-base/yara/exploit_rtf_ole2link.yar"
include "/opt/signature-base/yara/apt_apt19.yar"
include "/opt/signature-base/yara/crime_mikey_trojan.yar"
include "/opt/signature-base/yara/apt_magichound.yar"
include "/opt/signature-base/yara/cn_pentestset_tools.yar"
include "/opt/signature-base/yara/cn_pentestset_webshells.yar"
include "/opt/signature-base/yara/apt_sofacy_oct17_camp.yar"
include "/opt/signature-base/yara/apt_rokrat.yar"
include "/opt/signature-base/yara/mal_cryp_rat.yar"
include "/opt/signature-base/yara/gen_susp_bat_aux.yar"
include "/opt/signature-base/yara/crime_cmstar.yar"
include "/opt/signature-base/yara/apt_donotteam_ytyframework.yar"
include "/opt/signature-base/yara/crime_malumpos.yar"
include "/opt/signature-base/yara/gen_elf_file_anomalies.yar"
include "/opt/signature-base/yara/crime_mal_nitol.yar"
include "/opt/signature-base/yara/gen_powershdll.yar"
include "/opt/signature-base/yara/gen_ysoserial_payloads.yar"
include "/opt/signature-base/yara/mal_avemaria_rat.yar"
include "/opt/signature-base/yara/crime_locky.yar"
include "/opt/signature-base/yara/exploit_cve_2015_1701.yar"
include "/opt/signature-base/yara/gen_suspicious_InPage_dropper.yar"
include "/opt/signature-base/yara/apt_sofacy_fysbis.yar"
include "/opt/signature-base/yara/gen_susp_lnk.yar"
include "/opt/signature-base/yara/apt_muddywater.yar"
include "/opt/signature-base/yara/gen_redsails.yar"
include "/opt/signature-base/yara/apt_silence.yar"
include "/opt/signature-base/yara/crime_mirai.yar"
include "/opt/signature-base/yara/apt_nazar.yar"
include "/opt/signature-base/yara/apt_winnti_burning_umbrella.yar"
include "/opt/signature-base/yara/apt_waterbear.yar"
include "/opt/signature-base/yara/apt_turla_penquin.yar"
include "/opt/signature-base/yara/apt_codoso.yar"
include "/opt/signature-base/yara/crime_gozi_crypter.yar"
include "/opt/signature-base/yara/apt_apt32.yar"
include "/opt/signature-base/yara/apt_royalroad.yar"
include "/opt/signature-base/yara/mal_passwordstate_backdoor.yar"
include "/opt/signature-base/yara/exploit_f5_bigip_cve_2021_22986_log.yar"
include "/opt/signature-base/yara/apt_seaduke_unit42.yar"
include "/opt/signature-base/yara/apt_terracotta_liudoor.yar"
include "/opt/signature-base/yara/gen_pirpi.yar"
include "/opt/signature-base/yara/crime_phish_gina_dec15.yar"
include "/opt/signature-base/yara/crime_snarasite.yar"
include "/opt/signature-base/yara/apt_inocnation.yar"
include "/opt/signature-base/yara/apt_rancor.yar"
include "/opt/signature-base/yara/exploit_cve_2017_11882.yar"
include "/opt/signature-base/yara/apt_webmonitor_rat.yar"
include "/opt/signature-base/yara/apt_promethium_neodymium.yar"
include "/opt/signature-base/yara/apt_poseidon_group.yar"
include "/opt/signature-base/yara/apt_dubnium.yar"
include "/opt/signature-base/yara/gen_powershell_suite.yar"
include "/opt/signature-base/yara/gen_floxif.yar"
include "/opt/signature-base/yara/gen_file_anomalies.yar"
include "/opt/signature-base/yara/gen_mimipenguin.yar"
include "/opt/signature-base/yara/apt_ar18_165a.yar"
include "/opt/signature-base/yara/gen_maldoc.yar"
include "/opt/signature-base/yara/apt_ms_platinum.yara"
include "/opt/signature-base/yara/apt_eqgrp_apr17.yar"
include "/opt/signature-base/yara/apt_uscert_ta17-1117a.yar"
include "/opt/signature-base/yara/apt_backdoor_sunburst_fnv1a_experimental.yar"
include "/opt/signature-base/yara/gen_cmd_script_obfuscated.yar"
include "/opt/signature-base/yara/gen_python_encoded_adware.yar"
include "/opt/signature-base/yara/gen_mal_backnet.yar"
include "/opt/signature-base/yara/apt_skeletonkey.yar"
include "/opt/signature-base/yara/apt_molerats_jul17.yar"
include "/opt/signature-base/yara/apt_suckfly.yar"
include "/opt/signature-base/yara/gen_google_anomaly.yar"
include "/opt/signature-base/yara/crime_bernhard_pos.yar"
include "/opt/signature-base/yara/gen_suspicious_strings.yar"
include "/opt/signature-base/yara/gen_sharpcat.yar"
include "/opt/signature-base/yara/gen_wmi_implant.yar"
include "/opt/signature-base/yara/gen_powershell_toolkit.yar"
include "/opt/signature-base/yara/apt_fujinama_rat.yar"
include "/opt/signature-base/yara/apt_coreimpact_agent.yar"
include "/opt/signature-base/yara/apt_olympic_destroyer.yar"
include "/opt/signature-base/yara/exploit_cve_2017_9800.yar"
include "/opt/signature-base/yara/apt_freemilk.yar"
include "/opt/signature-base/yara/apt_f5_bigip_expl_payloads.yar"
include "/opt/signature-base/yara/vul_cve_2020_0688.yar"
include "/opt/signature-base/yara/gen_exploit_cve_2017_10271_weblogic.yar"
include "/opt/signature-base/yara/apt_eternalblue_non_wannacry.yar"
include "/opt/signature-base/yara/apt_solarwinds_susp_sunburst.yar"
include "/opt/signature-base/yara/apt_ham_tofu_chches.yar"
include "/opt/signature-base/yara/gen_transformed_strings.yar"
include "/opt/signature-base/yara/crime_socgholish.yar"
include "/opt/signature-base/yara/gen_metasploit_loader_rsmudge.yar"
include "/opt/signature-base/yara/apt_sofacy_dec15.yar"
include "/opt/signature-base/yara/gen_pupy_rat.yar"
include "/opt/signature-base/yara/apt_apt28_drovorub.yar"
include "/opt/signature-base/yara/crime_enfal.yar"
include "/opt/signature-base/yara/apt_miniasp.yar"
include "/opt/signature-base/yara/gen_macro_ShellExecute_action.yar"
include "/opt/signature-base/yara/exploit_cve_2014_4076.yar"
include "/opt/signature-base/yara/gen_malware_MacOS_plist_suspicious.yar"
include "/opt/signature-base/yara/apt_oilrig_rgdoor.yar"
include "/opt/signature-base/yara/apt_cn_netfilter.yar"
include "/opt/signature-base/yara/crime_fareit.yar"
include "/opt/signature-base/yara/apt_venom_linux_rootkit.yar"
include "/opt/signature-base/yara/apt_op_cleaver.yar"
include "/opt/signature-base/yara/apt_apt29_nobelium_may21.yar"
include "/opt/signature-base/yara/gen_cn_hacktool_scripts.yar"
include "/opt/signature-base/yara/apt_hiddencobra_bankshot.yar"
include "/opt/signature-base/yara/apt_project_sauron_extras.yar"
include "/opt/signature-base/yara/gen_javascript_powershell.yar"
include "/opt/signature-base/yara/apt_microcin.yar"
include "/opt/signature-base/yara/apt_golddragon.yar"
include "/opt/signature-base/yara/apt_fin7.yar"
include "/opt/signature-base/yara/apt_turla_kazuar.yar"
include "/opt/signature-base/yara/crime_cobalt_gang_pdf.yar"
include "/opt/signature-base/yara/apt_dragonfly.yar"
include "/opt/signature-base/yara/apt_netwire_rat.yar"
include "/opt/signature-base/yara/crime_nopetya_jun17.yar"
include "/opt/signature-base/yara/vul_jquery_fileupload_cve_2018_9206.yar"
include "/opt/signature-base/yara/apt_emissary.yar"
include "/opt/signature-base/yara/crime_zloader_maldocs.yar"
include "/opt/signature-base/yara/gen_susp_xor.yar"
include "/opt/signature-base/yara/apt_apt17_malware.yar"
include "/opt/signature-base/yara/apt_zxshell.yar"
include "/opt/signature-base/yara/apt_ta17_318B.yar"
include "/opt/signature-base/yara/gen_event_mute_hook.yar"
include "/opt/signature-base/yara/apt_ta17_293A.yar"
include "/opt/signature-base/yara/gen_vhd_anomaly.yar"
include "/opt/signature-base/yara/apt_fvey_shadowbroker_jan17.yar"
include "/opt/signature-base/yara/gen_dde_in_office_docs.yar"
include "/opt/signature-base/yara/apt_bigbang.yar"
include "/opt/signature-base/yara/apt_iamtheking.yar"
include "/opt/signature-base/yara/gen_solarwinds_credential_stealer.yar"
include "/opt/signature-base/yara/apt_khrat.yar"
include "/opt/signature-base/yara/gen_autocad_lsp_malware.yar"
include "/opt/signature-base/yara/apt_win_plugx.yar"
include "/opt/signature-base/yara/crime_atm_xfsadm.yar"
include "/opt/signature-base/yara/vul_cve_2021_386471_omi.yar"
include "/opt/signature-base/yara/vul_cve_2021_3438_printdriver.yar"
include "/opt/signature-base/yara/exploit_cve_2021_33766_proxytoken.yar"
include "/opt/signature-base/yara/apt_ta459.yar"
include "/opt/signature-base/yara/apt_agent_btz.yar"
include "/opt/signature-base/yara/gen_github_net_redteam_tools_guids.yar"
include "/opt/signature-base/yara/gen_xored_pe.yar"
include "/opt/signature-base/yara/gen_enigma_protector.yar"
include "/opt/signature-base/yara/apt_vpnfilter.yar"
include "/opt/signature-base/yara/crime_ransom_lockergoga.yar"
include "/opt/signature-base/yara/apt_hiddencobra_wiper.yar"
include "/opt/signature-base/yara/apt_quarkspwdump.yar"
include "/opt/signature-base/yara/crime_goldeneye.yar"
include "/opt/signature-base/yara/apt_apt29_grizzly_steppe.yar"
include "/opt/signature-base/yara/apt_apt3_bemstour.yar"
include "/opt/signature-base/yara/apt_apt30_backspace.yar"
include "/opt/signature-base/yara/gen_ps_osiris.yar"
include "/opt/signature-base/yara/pua_xmrig_monero_miner.yar"
include "/opt/signature-base/yara/apt_oilrig_oct17.yar"
include "/opt/signature-base/yara/crime_envrial.yar"
include "/opt/signature-base/yara/crime_cobaltgang.yar"
include "/opt/signature-base/yara/apt_sunspot.yar"
include "/opt/signature-base/yara/apt_dnspionage.yar"
include "/opt/signature-base/yara/apt_derusbi.yar"
include "/opt/signature-base/yara/crime_atm_dispenserxfs.yar"
include "/opt/signature-base/yara/exploit_cve_2017_8759.yar"
include "/opt/signature-base/yara/gen_powershell_invocation.yar"
include "/opt/signature-base/yara/vul_drivecrypt.yar"
include "/opt/signature-base/yara/exploit_tlb_scripts.yar"
include "/opt/signature-base/yara/crime_hermes_ransom.yar"
include "/opt/signature-base/yara/mal_codecov_hack.yar"
include "/opt/signature-base/yara/apt_hafnium_log_sigs.yar"
include "/opt/signature-base/yara/apt_hkdoor.yar"
include "/opt/signature-base/yara/apt_patchwork.yar"
include "/opt/signature-base/yara/apt_irontiger.yar"
include "/opt/signature-base/yara/apt_cloudduke.yar"
include "/opt/signature-base/yara/gen_susp_cmd_var_expansion.yar"
include "/opt/signature-base/yara/apt_danti_svcmondr.yar"
include "/opt/signature-base/yara/apt_turla_png_dropper_nov18.yar"
include "/opt/signature-base/yara/crime_mal_ransom_wadharma.yar"
include "/opt/signature-base/yara/apt_project_sauron.yara"
include "/opt/signature-base/yara/apt_carbon_paper_turla.yar"
include "/opt/signature-base/yara/apt_uboat_rat.yar"
include "/opt/signature-base/yara/gen_ps_empire_eval.yar"
include "/opt/signature-base/yara/crime_maze_ransomware.yar"
include "/opt/signature-base/yara/apt_prikormka.yar"
include "/opt/signature-base/yara/apt_hatman.yar"
include "/opt/signature-base/yara/gen_osx_pyagent_persistence.yar"
include "/opt/signature-base/yara/crime_gamaredon.yar"
include "/opt/signature-base/yara/apt_ghostdragon_gh0st_rat.yar"
include "/opt/signature-base/yara/crime_ole_loadswf_cve_2018_4878.yar"
include "/opt/signature-base/yara/gen_sysinternals_anomaly.yar"
include "/opt/signature-base/yara/apt_turla_neuron.yar"
include "/opt/signature-base/yara/apt_hidden_cobra.yar"
include "/opt/signature-base/yara/crime_ransom_darkside.yar"
include "/opt/signature-base/yara/gen_crimson_rat.yar"
include "/opt/signature-base/yara/gen_winpayloads.yar"
include "/opt/signature-base/yara/gen_xor_hunting.yar"
include "/opt/signature-base/yara/apt_bluetermite_emdivi.yar"
include "/opt/signature-base/yara/gen_github_net_redteam_tools_names.yar"
include "/opt/signature-base/yara/apt_plugx.yar"
include "/opt/signature-base/yara/apt_fvey_shadowbroker_dec16.yar"
include "/opt/signature-base/yara/apt_aa19_024a.yar"
include "/opt/signature-base/yara/apt_sandworm_centreon.yar"
include "/opt/signature-base/yara/apt_ua_isaacwiper.yar"
include "/opt/signature-base/yara/apt_ua_caddywiper.yar"
include "/opt/signature-base/yara/apt_four_element_sword.yar"
include "/opt/signature-base/yara/apt_wilted_tulip.yar"
include "/opt/signature-base/yara/crime_cn_campaign_njrat.yar"
include "/opt/signature-base/yara/apt_flame2_orchestrator.yar"
include "/opt/signature-base/yara/apt_monsoon.yar"
include "/opt/signature-base/yara/apt_moonlightmaze.yar"
include "/opt/signature-base/yara/apt_apt10_redleaves.yar"
include "/opt/signature-base/yara/gen_hta_anomalies.yar"
include "/opt/signature-base/yara/apt_keylogger_cn.yar"
include "/opt/signature-base/yara/apt_tick_datper.yar"
include "/opt/signature-base/yara/apt_scanbox_deeppanda.yar"
include "/opt/signature-base/yara/thor-webshells.yar"
include "/opt/signature-base/yara/apt_strider.yara"
include "/opt/signature-base/yara/gen_susp_hacktool.yar"
include "/opt/signature-base/yara/crime_mywscript_dropper.yar"
include "/opt/signature-base/yara/apt_apt34.yar"
include "/opt/signature-base/yara/gen_shikataganai.yar"
include "/opt/signature-base/yara/gen_remote_potato0.yar"
include "/opt/signature-base/yara/gen_gpp_cpassword.yar"
include "/opt/signature-base/yara/gen_empire.yar"
include "/opt/signature-base/yara/apt_oilrig_chafer_mar18.yar"
include "/opt/signature-base/yara/exploit_cve_2015_1674.yar"
include "/opt/signature-base/yara/apt_triton.yar"
include "/opt/signature-base/yara/apt_fancybear_osxagent.yar"
include "/opt/signature-base/yara/gen_python_pty_shell.yar"
include "/opt/signature-base/yara/apt_cn_pp_zerot.yar"
include "/opt/signature-base/yara/apt_stuxshop.yar"
include "/opt/signature-base/yara/gen_redmimicry.yar"
include "/opt/signature-base/yara/apt_hizor_rat.yar"
include "/opt/signature-base/yara/gen_unspecified_malware.yar"
include "/opt/signature-base/yara/vul_dell_bios_upd_driver.yar"
include "/opt/signature-base/yara/crime_evilcorp_dridex_banker.yar"
include "/opt/signature-base/yara/apt_lazarus_jun18.yar"
include "/opt/signature-base/yara/apt_lazarus_vhd_ransomware.yar"
include "/opt/signature-base/yara/gen_tempracer.yar"
include "/opt/signature-base/yara/crime_atm_javadipcash.yar"
include "/opt/signature-base/yara/apt_keyboys.yar"
include "/opt/signature-base/yara/apt_lazarus_dec17.yar"
include "/opt/signature-base/yara/apt_telebots.yar"
include "/opt/signature-base/yara/apt_fakem_backdoor.yar"
include "/opt/signature-base/yara/crime_bazarbackdoor.yar"
include "/opt/signature-base/yara/gen_malware_set_qa.yar"
include "/opt/signature-base/yara/crime_dearcry_ransom.yar"
include "/opt/signature-base/yara/apt_blackenergy_installer.yar"
include "/opt/signature-base/yara/crime_atm_xfscashncr.yar"
include "/opt/signature-base/yara/apt_irongate.yar"
include "/opt/signature-base/yara/gen_metasploit_payloads.yar"
include "/opt/signature-base/yara/apt_woolengoldfish.yar"
include "/opt/signature-base/yara/gen_macro_staroffice_suspicious.yar"
include "/opt/signature-base/yara/gen_invoke_thehash.yar"
include "/opt/signature-base/yara/gen_anomalies_keyword_combos.yar"
include "/opt/signature-base/yara/crime_kins_dropper.yar"
include "/opt/signature-base/yara/gen_cn_hacktools.yar"
include "/opt/signature-base/yara/threat_lenovo_superfish.yar"
include "/opt/signature-base/yara/apt_darkhydrus.yar"
include "/opt/signature-base/yara/apt_apt10.yar"
include "/opt/signature-base/yara/gen_crunchrat.yar"
include "/opt/signature-base/yara/apt_greyenergy.yar"
include "/opt/signature-base/yara/apt_goldenspy.yar"
include "/opt/signature-base/yara/apt_poisonivy_gen3.yar"
include "/opt/signature-base/yara/gen_chaos_payload.yar"
include "/opt/signature-base/yara/apt_laudanum_webshells.yar"
include "/opt/signature-base/yara/gen_sign_anomalies.yar"
include "/opt/signature-base/yara/apt_sphinx_moth.yar"
include "/opt/signature-base/yara/crime_upatre_oct15.yar"
include "/opt/signature-base/yara/apt_mofang.yar"
include "/opt/signature-base/yara/crime_corkow_dll.yar"
include "/opt/signature-base/yara/apt_tidepool.yar"
include "/opt/signature-base/yara/apt_shellcrew_streamex.yar"
include "/opt/signature-base/yara/crime_antifw_installrex.yar"
include "/opt/signature-base/yara/apt_cloudatlas.yar"
include "/opt/signature-base/yara/apt_nk_gen.yar"
include "/opt/signature-base/yara/apt_babyshark.yar"
include "/opt/signature-base/yara/gen_p0wnshell.yar"
include "/opt/signature-base/yara/gen_hunting_susp_rar.yar"
include "/opt/signature-base/yara/crime_ransom_generic.yar"
include "/opt/signature-base/yara/apt_stuxnet.yar"
include "/opt/signature-base/yara/crime_xbash.yar"
include "/opt/signature-base/yara/apt_unit78020_malware.yar"
include "/opt/signature-base/yara/gen_mimikittenz.yar"
include "/opt/signature-base/yara/exploit_cve_2015_2426.yar"
include "/opt/signature-base/yara/apt_cmstar.yar"
include "/opt/signature-base/yara/pua_cryptocoin_miner.yar"
include "/opt/signature-base/yara/gen_kerberoast.yar"
include "/opt/signature-base/yara/apt_op_wocao.yar"
include "/opt/signature-base/yara/gen_python_reverse_shell.yara"
include "/opt/signature-base/yara/apt_blackenergy.yar"
include "/opt/signature-base/yara/gen_susp_strings_in_ole.yar"
include "/opt/signature-base/yara/apt_unc2546_dewmode.yar"
include "/opt/signature-base/yara/webshell_xsl_transform.yar"
include "/opt/signature-base/yara/gen_gobfuscate.yar"
include "/opt/signature-base/yara/apt_deeppanda.yar"
include "/opt/signature-base/yara/crime_ransom_prolock.yar"
include "/opt/signature-base/yara/mal_crime_unknown.yar"
include "/opt/signature-base/yara/crime_cryptowall_svg.yar"
include "/opt/signature-base/yara/apt_furtim.yar"
include "/opt/signature-base/yara/crime_trickbot.yar"
include "/opt/signature-base/yara/gen_hktl_roothelper.yar"
include "/opt/signature-base/yara/apt_glassRAT.yar"
include "/opt/signature-base/yara/gen_tscookie_rat.yar"
include "/opt/signature-base/yara/apt_volatile_cedar.yar"
include "/opt/signature-base/yara/apt_pulsesecure.yar"
include "/opt/signature-base/yara/apt_op_cloudhopper.yar"
include "/opt/signature-base/yara/crime_bluenoroff_pos.yar"
include "/opt/signature-base/yara/expl_proxyshell.yar"
include "/opt/signature-base/yara/apt_lazarus_applejeus.yar"
include "/opt/signature-base/yara/spy_regin_fiveeyes.yar"
include "/opt/signature-base/yara/apt_apt27_hyperbro.yar"
include "/opt/signature-base/yara/generic_cryptors.yar"
include "/opt/signature-base/yara/apt_beepservice.yar"
include "/opt/signature-base/yara/apt_industroyer.yar"
include "/opt/signature-base/yara/gen_ps1_shellcode.yar"
include "/opt/signature-base/yara/apt_lazarus_jan21.yar"
include "/opt/signature-base/yara/gen_rats_malwareconfig.yar"
include "/opt/signature-base/yara/gen_mal_scripts.yar"
include "/opt/signature-base/yara/apt_sandworm_cyclops_blink.yar"
include "/opt/signature-base/yara/apt_fin7_backdoor.yar"
include "/opt/signature-base/yara/apt_op_honeybee.yar"
include "/opt/signature-base/yara/crime_dexter_trojan.yar"
include "/opt/signature-base/yara/crime_badrabbit.yar"
include "/opt/signature-base/yara/apt_shamoon.yar"
include "/opt/signature-base/yara/apt_waterbug.yar"
include "/opt/signature-base/yara/apt_scarcruft.yar"
include "/opt/signature-base/yara/gen_sfx_with_microsoft_copyright.yar"
include "/opt/signature-base/yara/gen_python_pyminifier_encoded_payload.yar"
include "/opt/signature-base/yara/gen_susp_js_obfuscatorio.yar"
include "/opt/signature-base/yara/gen_crime_bitpaymer.yar"
include "/opt/signature-base/yara/apt_cheshirecat.yar"
include "/opt/signature-base/yara/apt_unc1151_ua.yar"
include "/opt/signature-base/yara/apt_sofacy_zebrocy.yar"
include "/opt/signature-base/yara/gen_fireeye_redteam_tools.yar"
include "/opt/signature-base/yara/apt_sidewinder.yar"
include "/opt/signature-base/yara/apt_unc2447_sombrat.yar"
include "/opt/signature-base/yara/thor-hacktools.yar"
include "/opt/signature-base/yara/gen_bad_pdf.yar"
include "/opt/signature-base/yara/crime_guloader.yar"
include "/opt/signature-base/yara/apt_lazarus_aug20.yar"
include "/opt/signature-base/yara/apt_putterpanda.yar"
include "/opt/signature-base/yara/apt_snowglobe_babar.yar"
include "/opt/signature-base/yara/gen_merlin_agent.yar"
include "/opt/signature-base/yara/apt_stonedrill.yar"
include "/opt/signature-base/yara/apt_cobaltstrike_evasive.yar"
include "/opt/signature-base/yara/apt_apt17_mal_sep17.yar"
include "/opt/signature-base/yara/apt_turla_mosquito.yar"
include "/opt/signature-base/yara/apt_apt41.yar"
include "/opt/signature-base/yara/gen_cn_webshells.yar"
include "/opt/signature-base/yara/cn_pentestset_scripts.yar"
include "/opt/signature-base/yara/gen_susp_obfuscation.yar"
include "/opt/signature-base/yara/apt_snaketurla_osx.yar"
include "/opt/signature-base/yara/apt_threatgroup_3390.yar"
include "/opt/signature-base/yara/exploit_cve_2018_16858.yar"
include "/opt/signature-base/yara/apt_bronze_butler.yar"
include "/opt/signature-base/yara/gen_osx_evilosx.yar"
include "/opt/signature-base/yara/apt_thrip.yar"
include "/opt/signature-base/yara/apt_fancybear_dnc.yar"
include "/opt/signature-base/yara/gen_thumbs_cloaking.yar"
include "/opt/signature-base/yara/gen_powershell_obfuscation.yar"
include "/opt/signature-base/yara/apt_passcv.yar"
include "/opt/signature-base/yara/apt_sednit_delphidownloader.yar"
include "/opt/signature-base/yara/gen_deviceguard_evasion.yar"
include "/opt/signature-base/yara/apt_apt6_malware.yar"
include "/opt/signature-base/yara/crime_dridex_xml.yar"
include "/opt/signature-base/yara/gen_cobaltstrike_by_avast.yar"
include "/opt/signature-base/yara/exploit_cve_2021_31166.yar"
include "/opt/signature-base/yara/gen_excel_auto_open_evasion.yar"
include "/opt/signature-base/yara/gen_dropper_pdb.yar"
include "/opt/signature-base/yara/apt_korplug_fast.yar"
include "/opt/signature-base/yara/apt_ua_hermetic_wiper.yar"
include "/opt/signature-base/yara/apt_hackingteam_rules.yar"
include "/opt/signature-base/yara/gen_impacket_tools.yar"
include "/opt/signature-base/yara/gen_url_to_local_exe.yar"
include "/opt/signature-base/yara/gen_zoho_rcef_logs.yar"
include "/opt/signature-base/yara/crime_covid_ransom.yar"
include "/opt/signature-base/yara/apt_minidionis.yar"
include "/opt/signature-base/yara/apt_duqu2.yar"
include "/opt/signature-base/yara/gen_kirbi_mimkatz.yar"
include "/opt/signature-base/yara/gen_powershell_empire.yar"
include "/opt/signature-base/yara/apt_fidelis_phishing_plain_sight.yar"
include "/opt/signature-base/yara/gen_Excel4Macro_Sharpshooter.yar"
include "/opt/signature-base/yara/apt_poisonivy.yar"
include "/opt/signature-base/yara/gen_invoke_mimikatz.yar"
include "/opt/signature-base/yara/gen_b374k_extra.yar"
include "/opt/signature-base/yara/apt_aus_parl_compromise.yar"
include "/opt/signature-base/yara/apt_servantshell.yar"
include "/opt/signature-base/yara/apt_quasar_rat.yar"
include "/opt/signature-base/yara/gen_regsrv32_issue.yar"
include "/opt/signature-base/yara/gen_nvidia_leaked_cert.yar"
include "/opt/signature-base/yara/crime_zeus_panda.yar"
include "/opt/signature-base/yara/apt_darkcaracal.yar"
include "/opt/signature-base/yara/gen_hawkeye.yar"
include "/opt/signature-base/yara/apt_turbo_campaign.yar"
include "/opt/signature-base/yara/apt_eqgrp.yar"
include "/opt/signature-base/yara/crime_ransom_revil.yar"
include "/opt/signature-base/yara/apt_apt12_malware.yar"
include "/opt/signature-base/yara/gen_macro_builders.yar"
include "/opt/signature-base/yara/crime_malware_set_oct16.yar"
include "/opt/signature-base/yara/vul_php_zlib_backdoor.yar"
include "/opt/signature-base/yara/apt_nk_inkysquid.yar"
include "/opt/signature-base/yara/apt_lazarus_dec20.yar"
include "/opt/signature-base/yara/crime_ransom_robinhood.yar"
include "/opt/signature-base/yara/gen_invoke_psimage.yar"
include "/opt/signature-base/yara/crime_kr_malware.yar"
include "/opt/signature-base/yara/exploit_uac_elevators.yar"
include "/opt/signature-base/yara/apt_buckeye.yar"
include "/opt/signature-base/yara/crime_malware_generic.yar"
include "/opt/signature-base/yara/gen_unicorn_obfuscated_powershell.yar"
include "/opt/signature-base/yara/mal_ransom_lorenz.yar"
include "/opt/signature-base/yara/crime_eternalrocks.yar"
include "/opt/signature-base/yara/crime_atm_loup.yar"
include "/opt/signature-base/yara/crime_academic_data_centers_camp_may20.yar"
include "/opt/signature-base/yara/gen_mal_link.yar"
include "/opt/signature-base/yara/generic_exe2hex_payload.yar"
include "/opt/signature-base/yara/crime_cn_group_btc.yar"
include "/opt/signature-base/yara/apt_oilrig.yar"
include "/opt/signature-base/yara/gen_lnx_malware_indicators.yar"
include "/opt/signature-base/yara/crime_h2miner_kinsing.yar"
include "/opt/signature-base/yara/apt_naikon.yar"
include "/opt/signature-base/yara/expl_cve_2021_40444.yar"
include "/opt/signature-base/yara/crime_revil_general.yar"
include "/opt/signature-base/yara/apt_bitter.yar"
include "/opt/signature-base/yara/mal_netsha.yar"
include "/opt/signature-base/yara/gen_loaders.yar"
include "/opt/signature-base/yara/pup_lightftp.yar"
include "/opt/signature-base/yara/crime_wsh_rat.yar"
include "/opt/signature-base/yara/apt_passthehashtoolkit.yar"
include "/opt/signature-base/yara/crime_credstealer_generic.yar"
include "/opt/signature-base/yara/apt_alienspy_rat.yar"
include "/opt/signature-base/yara/crime_kriskynote.yar"
include "/opt/signature-base/yara/gen_mimikatz.yar"
include "/opt/signature-base/yara/crime_nkminer.yar"
include "/opt/signature-base/yara/apt_ncsc_report_04_2018.yar"
include "/opt/signature-base/yara/gen_powersploit_dropper.yar"
include "/opt/signature-base/yara/apt_lotusblossom_elise.yar"
include "/opt/signature-base/yara/apt_rwmc_powershell_creddump.yar"
include "/opt/signature-base/yara/apt_winnti_br.yar"
include "/opt/signature-base/yara/apt_apt15.yar"
include "/opt/signature-base/yara/apt_shadowpad.yar"
include "/opt/signature-base/yara/spy_querty_fiveeyes.yar"
include "/opt/signature-base/yara/apt_turla.yar"
include "/opt/signature-base/yara/apt_turla_gazer.yar"
include "/opt/signature-base/yara/apt_casper.yar"
include "/opt/signature-base/yara/apt_irontiger_trendmicro.yar"
include "/opt/signature-base/yara/apt_rocketkitten_keylogger.yar"
include "/opt/signature-base/yara/apt_tetris.yar"
include "/opt/signature-base/yara/apt_plead_downloader.yar"
include "/opt/signature-base/yara/gen_case_anomalies.yar"
include "/opt/signature-base/yara/apt_middle_east_talosreport.yar"
include "/opt/signature-base/yara/apt_mal_ilo_board_elf.yar"
include "/opt/signature-base/yara/apt_shamoon2.yar"
include "/opt/signature-base/yara/apt_terracotta.yar"
include "/opt/signature-base/yara/apt_ta17_318A.yar"
include "/opt/signature-base/yara/apt_apt37_bluelight.yar"
include "/opt/signature-base/yara/apt_sakula.yar"
include "/opt/signature-base/yara/gen_osx_backdoor_bella.yar"
include "/opt/signature-base/yara/gen_susp_lnk_files.yar"
include "/opt/signature-base/yara/apt_op_shadowhammer.yar"
include "/opt/signature-base/yara/crime_floxif_flystudio.yar"
include "/opt/signature-base/yara/gen_pua.yar"
include "/opt/signature-base/yara/apt_reaver_sunorcal.yar"
include "/opt/signature-base/yara/gen_armitage.yar"
include "/opt/signature-base/yara/apt_rehashed_rat.yar"
include "/opt/signature-base/yara/apt_indetectables_rat.yar"
include "/opt/signature-base/yara/gen_webshells.yar"
include "/opt/signature-base/yara/crime_crypto_miner.yar"
include "/opt/signature-base/yara/crime_kraken_bot1.yar"
include "/opt/signature-base/yara/apt_tophat.yar"
include "/opt/signature-base/yara/crime_loki_bot.yar"
include "/opt/signature-base/yara/apt_winnti_hdroot.yar"
include "/opt/signature-base/yara/apt_ua_wiper_whispergate.yar"
include "/opt/signature-base/yara/gen_nopowershell.yar"
include "/opt/signature-base/yara/apt_fancybear_computrace_agent.yar"
include "/opt/signature-base/yara/crime_ransom_germanwiper.yar"
include "/opt/signature-base/yara/apt_apt28.yar"
include "/opt/signature-base/yara/apt_grizzlybear_uscert.yar"
include "/opt/signature-base/yara/exploit_shitrix.yar"
include "/opt/signature-base/yara/crime_mal_grandcrab.yar"
include "/opt/signature-base/yara/spy_equation_fiveeyes.yar"
include "/opt/signature-base/yara/apt_sofacy_cannon.yar"
include "/opt/signature-base/yara/apt_webshell_chinachopper.yar"
include "/opt/signature-base/yara/apt_winnti.yar"
include "/opt/signature-base/yara/apt_backdoor_ssh_python.yar"
include "/opt/signature-base/yara/gen_powerkatz.yar"
include "/opt/signature-base/yara/crime_wannacry.yar"
include "/opt/signature-base/yara/expl_log4j_cve_2021_44228.yar"