MD5 Hash File type Added Source Yara Hits
84e3ad0d62d21739d632d2106864e79e ELF 2017-10-16 01:20:43 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
b3d26632c4077e731ef2da329974519d ELF 2017-10-16 01:33:40 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
24734ef952fe363415cd4c2f7322276f ELF 2017-10-16 01:37:29 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
61a4c4828f769c3301d9500450c6f8e8 PE32 2018-02-24 06:29:49 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/IsPE32 YRP/IsWindowsGUI YRP/IsBeyondImageSize [+]
5eb65e32b6ea1dec6403ba793de58505 ASCII 2018-03-07 04:24:44 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
7a649649dcbd67b1d0cf4a94cfeb776f UTF-8 2018-03-18 03:07:00 CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect YRP/domain YRP/url [+]
f901c645188f9c80afa8f49174f065ce PE32+ 2018-05-24 00:58:05 CuckooSandbox/vmdetect YRP/webshell_iMHaPFtp_2 YRP/webshell_caidao_shell_guo YRP/webshell_cihshell_fix [+]
2f911acfb69e4da13f5e23fc06b60535 DOS/MBR 2018-06-05 14:38:34 CuckooSandbox/shellcode CuckooSandbox/embedded_pe CuckooSandbox/embedded_win_api CuckooSandbox/vmdetect [+]
8d6bdc7732709132feab4410641f1219 ASCII 2018-06-08 15:10:06 CuckooSandbox/embedded_win_api YRP/domain YRP/IP YRP/url [+]
eea8db3922e23eacd76996f9b03d003d ELF 2018-06-15 12:50:28http://167.99.215.155/mezywget YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
5fe8e1124d5627a663e5cb7347bba515 ELF 2018-06-15 12:50:37http://167.99.215.155/mezycron YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
a0c5b22235ebb5d4d11da4f717e8269a ELF 2018-06-15 12:50:46http://167.99.215.155/mezyftp YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
1a0899282860258f9f2d021d053fea06 ELF 2018-06-15 12:50:55http://167.99.215.155/mezypftp YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
d96980945f2286d6f008964303f2bde3 ELF 2018-06-15 12:51:03http://167.99.215.155/mezysh YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
943efff1b4b94c1aa91d4459859f26e0 ELF 2018-06-15 12:51:11http://167.99.215.155/apache2 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
6ed98a5a9b2e28665c67f5d3de5dd248 ELF 2018-06-15 12:51:39http://167.99.215.155/mezytftp YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
35ebc841d282f813facdf991dea59204 ELF 2018-06-15 12:51:48http://167.99.215.155/mezybash YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
2da09d4e58294d3a72911c01676ba945 ELF 2018-06-15 12:51:57http://167.99.215.155/mezyopenssh YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
aa3dead3f481036d4a966bbe54638205 ELF 2018-06-15 12:52:05http://167.99.215.155/mezysshd YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
432b30d5a7a6465daf64b5a1c89b6ea3 ELF 2018-06-15 12:52:14http://167.99.215.155/mezyntpd YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
de486e852152615561330010762f89f5 UTF-8 2018-06-15 12:53:18http://www.jifowls-ffupdateloader.com/ffupdat... CuckooSandbox/vmdetect YRP/domain YRP/IP YRP/contentis_base64 [+]
c7c3f0ce663038b05b985109595514d3 UTF-8 2018-06-16 01:29:46http://www.jifowls-ffupdateloader.com/ffupdat... CuckooSandbox/vmdetect YRP/domain YRP/IP YRP/contentis_base64 [+]
be3780d79c9774ac539fc21491cfa14e Java 2018-06-23 10:44:12 YRP/domain YRP/contentis_base64 YRP/network_dyndns YRP/suspicious_packer_section
3d80ea33dd5cde2d22a538bc5db8b8ef data 2018-06-23 10:45:02 YRP/domain YRP/contentis_base64 YRP/network_dyndns YRP/suspicious_packer_section
41a81f2bac940d2047e43520823323a3 PE32 2018-09-05 08:40:17 YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_60_70 YRP/Borland YRP/D1S1Gv11betaD1N [+]
9d6ccae4ef4a206345005e58e51ca6cb Composite 2018-09-07 13:59:43 YRP/powershell YRP/office_document_vba YRP/Contains_VBA_macro_code YRP/domain [+]
805a4e048c8794d09d9ce25906568b45 ELF 2018-10-13 13:33:27http://159.89.44.222/bins/oxy.sh4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
716615d5477e019e9f3eda0b8aac17f3 ELF 2018-10-13 13:34:00http://159.89.44.222/bins/oxy.m68k YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
0e966dd6c46e27b12f4fda7337b821cb ELF 2018-10-14 12:50:23http://107.174.26.61/bins/S.mips YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
8d8c680fd83d864e42e971f09b72d045 ELF 2018-10-14 12:50:29http://107.174.26.61/bins/S.m68k YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
b049d82132ebe71c49f95d39382230a0 ELF 2018-10-14 12:51:51http://107.174.26.61/bins/Synix.ppc440 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
4327d47e27f88ffce0452be1db21351c ELF 2018-10-14 12:55:02http://107.174.26.61/bins/Synix.i586 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
830f91904b57398edf9b140666ecbfdd ELF 2018-10-14 12:58:11http://107.174.26.61/bins/Synix.mips YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
e283eade6586e9b18f845b848c70a753 ELF 2018-10-14 12:59:20http://107.174.26.61/bins/Synix.mpsl YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
2ced6205942be2349da93af07170bdfd PE32 2018-10-23 16:08:21http://99.248.235.4/Library//Turla/NeuronImpl... YRP/IsPE32 YRP/IsDLL YRP/IsWindowsGUI YRP/HasOverlay [+]
1fe4dac2e3e78ef288eb417326059289 ELF 2018-11-08 12:48:39http://159.203.96.141/syi686 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
cb07f0500189ee78031fd45c4a26fe3e ELF 2018-11-08 12:48:55http://159.203.96.141/syppc YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
d569fcf7e6d60d3a9c8fd84690511be4 ELF 2018-11-08 12:49:00http://159.203.96.141/sysh4 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
76d5cd63bf7e2dff4b58811838a46f4b ELF 2018-11-08 12:50:24http://159.203.96.141/syx86 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
6760a9e27ef0aaaf2adf14bdec04116c ELF 2018-11-08 12:50:35http://159.203.96.141/syi586 YRP/maldoc_getEIP_method_1 YRP/domain YRP/IP YRP/url [+]
42f180c19336706c14b93abba92c1bc9 ELF 2018-11-08 12:51:08http://159.203.96.141/sya6 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
568bd5e7c20081ffb7e3a2b8cad50b75 ELF 2018-11-08 12:51:55http://159.203.96.141/sym68k YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
3661f9d34d5c6ba6604c0c8d5ecbbc0b ELF 2018-11-08 12:52:07http://159.203.96.141/syml YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
3664f8e6529b6cac381f011aab6936dc ELF 2018-11-08 12:52:17http://159.203.96.141/sy2 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
c5bd1e3f88564779567d22e238b6e29f ELF 2018-11-16 10:36:33http://46.17.47.244/ntpd YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
3f8723b8978d73d249dff58b5bf97add ELF 2018-11-16 10:36:41http://46.17.47.244/sshd YRP/domain YRP/url YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
05b0aa19a0d923d4e276d8c565a8bca5 PE32 2019-01-04 22:42:32 YRP/Armadillo_v171 YRP/Microsoft_Visual_Cpp_v60 YRP/Microsoft_Visual_Cpp_v50v60_MFC_additional YRP/Microsoft_Visual_Cpp_50 [+]
46e65c01e995879ad7067d2eff6d8c00 ASCII 2019-03-25 20:44:26 CuckooSandbox/embedded_win_api YRP/domain YRP/url YRP/contentis_base64 [+]
8378dc13108b07c4a863b6798b5ae5dd PE32 2019-04-25 05:19:09http://moscow11.at/proxy/skapoland.chickenkil... YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
dfcc0bf6564852bca104135bed500c1d SQLite 2019-05-05 01:09:18 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
c4ded2bda86c82672411f1cf583c6650 PE32 2019-06-03 14:19:43http://217.147.169.179/BfSjPENnRadf.exe YRP/VC8_Microsoft_Corporation YRP/Microsoft_Visual_Cpp_8 YRP/IsPE32 YRP/IsWindowsGUI [+]
e34874c27161eb563cfbdc00ee1334a2 PE32 2019-06-08 15:41:42 YRP/Armadillo_v1xx_v2xx_additional YRP/Microsoft_Visual_Cpp_v70_DLL YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Microsoft_Visual_Cpp_60_DLL_Debug [+]
a51d4c20914297dd98d5ebcb753659c5 UTF-8 2019-07-05 22:31:25 YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
974438d6a3d0d95ab05d453e5aa43acc ASCII 2019-07-05 22:31:31 YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
408f11018ed7d2c103f8651bb81c7746 UTF-8 2019-07-07 04:17:59 CuckooSandbox/embedded_pe YRP/domain YRP/IP YRP/url [+]
d9cc797cc2c8802a1ff3c01703a08ed6 ASCII 2019-07-20 06:16:07 YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]
ddd45afbd01bb03d6192393ce4ff1516 UTF-8 2019-07-20 06:16:08 YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
b9148890a6c7cf351cbc17c4952e3562 PE32 2019-07-28 14:13:55 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Borland YRP/ProtectSharewareV11eCompservCMS [+]
fbae96951771a9e7407f6ab265af4947 PE32 2019-07-28 14:14:09 YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
ed17ab3ddcb1c9d40bc6301bf95f5486 PE32 2019-07-28 14:14:22 YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
ab6e7862b000d4aba17a3e0b3116c2d9 PE32 2019-07-28 14:15:19 YRP/Microsoft_Visual_Basic_v50 YRP/Microsoft_Visual_Basic_v50_v60 YRP/Borland YRP/UPXv20MarkusLaszloReiser [+]
232686477916b81f6a4b777a7bbfc243 PE32 2019-07-28 14:15:24 YRP/Borland_Delphi_40_additional YRP/Microsoft_Visual_Cpp_v50v60_MFC YRP/Borland_Delphi_30_additional YRP/Borland_Delphi_30_ [+]
2910e22d6852d141d91e32254e3a25f3 UTF-8 2019-08-10 00:02:06 YRP/domain YRP/IP YRP/url YRP/contentis_base64 [+]
9f88ae976a0eb5660a2ce55bbd5b49e9 UTF-8 2019-09-09 23:17:18 YRP/domain YRP/url YRP/contentis_base64 YRP/network_dyndns [+]
43ff443fe1683d46f492fdf1f64dca4c ASCII 2019-09-09 23:17:25 YRP/domain YRP/IP YRP/contentis_base64 YRP/Misc_Suspicious_Strings [+]