Amadey

Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

Arkei

Arkei is an infostealer written in C++.

Bazar Loader

Detected loader normally used to deploy BazarBackdoor malware.

RedLine

RedLine Stealer is a malware family written in C#, first appearing in early 2020.

RedLine Payload

SmokeLoader

Modular backdoor trojan in use since 2014.

Tofsee

Backdoor/botnet which carries out malicious activities based on commands from a C2 server.

Vidar

Vidar is an infostealer based on Arkei stealer.

WarzoneRat, AveMaria

WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.

Windows security bypass

suricata: ET MALWARE Amadey CnC Check-In

suricata: ET MALWARE Amadey CnC Check-In

suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

suricata: ET MALWARE Potential Dridex.Maldoc Minimal Executable Request

suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

suricata: ET MALWARE Vidar/Arkei Stealer Client Data Upload

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

suricata: ET MALWARE Win32/Vidar Variant Stealer CnC Exfil

xmrig

XMRig is a high performance, open source, cross platform CPU/GPU miner.

Arkei Stealer Payload

Bazar/Team9 Loader payload

Vidar Stealer

Warzone RAT Payload

XMRig Miner Payload

Creates new service(s)

Downloads MZ/PE file

Executes dropped EXE

Modifies Windows Firewall

Sets service image path in registry