<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v9/theme/favicon.ico" type='image/x-icon'> <title>Cobalt Strike, Software S0154 | MITRE ATT&CK&reg;</title> <!-- Bootstrap CSS --> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-tourist.css" /> <link rel="stylesheet" type="text/css" href="/versions/v9/theme/style.min.css?426cc53a"> </head> <body> <!--stopindex--> <header> <nav class='navbar navbar-expand-lg navbar-dark fixed-top'> <a class='navbar-brand' href="/versions/v9/"><img src="/versions/v9/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item"> <a href="/versions/v9/matrices/" class="nav-link" ><b>Matrices</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/tactics/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/techniques/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/mitigations/mobile/">Mobile</a> </div> </li> <li class="nav-item"> <a href="/versions/v9/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v9/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/resources/">General Information</a> <a class="dropdown-item" href="/versions/v9/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v9/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v9/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v9/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/related-projects/">Related Projects</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>&nbsp; <img src="/versions/v9/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v9/resources/contribute/" class="nav-link" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div class="search-icon"></div></button> </li> </ul> </div> </nav> </header> <!-- don't edit or remove the line below even though it's commented out, it gets parsed and replaced by the versioning feature --> <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v9/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v9.0" target="_blank">ATT&CK v9.0</a> which was live between April 29, 2021 and October 20, 2021. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> <div id='content' class="maincontent"> <!--start-indexing-for-search--> <div class='container-fluid h-100'> <div class='row h-100'> <div class="nav flex-column col-xl-2 col-lg-3 col-md-3 sidebar nav pt-5 pb-3 pl-3 border-right" id="v-tab" role="tablist" aria-orientation="vertical"> <!--stop-indexing-for-search--> <div class="group-nav-desktop-view"> <span class="heading" id="v-home-tab" aria-selected="false">SOFTWARE</span> <div class="sidenav"> <div class="sidenav-head" id="0-0"> <a href="/versions/v9/software/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="3PARA RAT-3PARA RAT"> <a href="/versions/v9/software/S0066/"> 3PARA RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4H RAT-4H RAT"> <a href="/versions/v9/software/S0065/"> 4H RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ABK-ABK"> <a href="/versions/v9/software/S0469/"> ABK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="adbupd-adbupd"> <a href="/versions/v9/software/S0202/"> adbupd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AdFind-AdFind"> <a href="/versions/v9/software/S0552/"> AdFind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Adups-Adups"> <a href="/versions/v9/software/S0309/"> Adups </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ADVSTORESHELL-ADVSTORESHELL"> <a href="/versions/v9/software/S0045/"> ADVSTORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Agent Smith-Agent Smith"> <a href="/versions/v9/software/S0440/"> Agent Smith </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Agent Tesla-Agent Tesla"> <a href="/versions/v9/software/S0331/"> Agent Tesla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Agent.btz-Agent.btz"> <a href="/versions/v9/software/S0092/"> Agent.btz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Allwinner-Allwinner"> <a href="/versions/v9/software/S0319/"> Allwinner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Anchor-Anchor"> <a href="/versions/v9/software/S0504/"> Anchor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Android/AdDisplay.Ashas-Android/AdDisplay.Ashas"> <a href="/versions/v9/software/S0525/"> Android/AdDisplay.Ashas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Android/Chuli.A-Android/Chuli.A"> <a href="/versions/v9/software/S0304/"> Android/Chuli.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AndroidOS/MalLocker.B-AndroidOS/MalLocker.B"> <a href="/versions/v9/software/S0524/"> AndroidOS/MalLocker.B </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ANDROIDOS_ANSERVER.A-ANDROIDOS_ANSERVER.A"> <a href="/versions/v9/software/S0310/"> ANDROIDOS_ANSERVER.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AndroRAT-AndroRAT"> <a href="/versions/v9/software/S0292/"> AndroRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Anubis-Anubis"> <a href="/versions/v9/software/S0422/"> Anubis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AppleJeus-AppleJeus"> <a href="/versions/v9/software/S0584/"> AppleJeus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Aria-body-Aria-body"> <a href="/versions/v9/software/S0456/"> Aria-body </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Arp-Arp"> <a href="/versions/v9/software/S0099/"> Arp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Asacub-Asacub"> <a href="/versions/v9/software/S0540/"> Asacub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ASPXSpy-ASPXSpy"> <a href="/versions/v9/software/S0073/"> ASPXSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Astaroth-Astaroth"> <a href="/versions/v9/software/S0373/"> Astaroth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="at-at"> <a href="/versions/v9/software/S0110/"> at </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Attor-Attor"> <a href="/versions/v9/software/S0438/"> Attor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AuditCred-AuditCred"> <a href="/versions/v9/software/S0347/"> AuditCred </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AutoIt backdoor-AutoIt backdoor"> <a href="/versions/v9/software/S0129/"> AutoIt backdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Avenger-Avenger"> <a href="/versions/v9/software/S0473/"> Avenger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Azorult-Azorult"> <a href="/versions/v9/software/S0344/"> Azorult </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BabyShark-BabyShark"> <a href="/versions/v9/software/S0414/"> BabyShark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BackConfig-BackConfig"> <a href="/versions/v9/software/S0475/"> BackConfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Backdoor.Oldrea-Backdoor.Oldrea"> <a href="/versions/v9/software/S0093/"> Backdoor.Oldrea </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BACKSPACE-BACKSPACE"> <a href="/versions/v9/software/S0031/"> BACKSPACE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BADCALL-BADCALL"> <a href="/versions/v9/software/S0245/"> BADCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BADNEWS-BADNEWS"> <a href="/versions/v9/software/S0128/"> BADNEWS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BadPatch-BadPatch"> <a href="/versions/v9/software/S0337/"> BadPatch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bandook-Bandook"> <a href="/versions/v9/software/S0234/"> Bandook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bankshot-Bankshot"> <a href="/versions/v9/software/S0239/"> Bankshot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bazar-Bazar"> <a href="/versions/v9/software/S0534/"> Bazar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BBK-BBK"> <a href="/versions/v9/software/S0470/"> BBK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BBSRAT-BBSRAT"> <a href="/versions/v9/software/S0127/"> BBSRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BendyBear-BendyBear"> <a href="/versions/v9/software/S0574/"> BendyBear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BISCUIT-BISCUIT"> <a href="/versions/v9/software/S0017/"> BISCUIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bisonal-Bisonal"> <a href="/versions/v9/software/S0268/"> Bisonal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BitPaymer-BitPaymer"> <a href="/versions/v9/software/S0570/"> BitPaymer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BITSAdmin-BITSAdmin"> <a href="/versions/v9/software/S0190/"> BITSAdmin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BLACKCOFFEE-BLACKCOFFEE"> <a href="/versions/v9/software/S0069/"> BLACKCOFFEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BlackEnergy-BlackEnergy"> <a href="/versions/v9/software/S0089/"> BlackEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BlackMould-BlackMould"> <a href="/versions/v9/software/S0564/"> BlackMould </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BLINDINGCAN-BLINDINGCAN"> <a href="/versions/v9/software/S0520/"> BLINDINGCAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BloodHound-BloodHound"> <a href="/versions/v9/software/S0521/"> BloodHound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bonadan-Bonadan"> <a href="/versions/v9/software/S0486/"> Bonadan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BONDUPDATER-BONDUPDATER"> <a href="/versions/v9/software/S0360/"> BONDUPDATER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BOOSTWRITE-BOOSTWRITE"> <a href="/versions/v9/software/S0415/"> BOOSTWRITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BOOTRASH-BOOTRASH"> <a href="/versions/v9/software/S0114/"> BOOTRASH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BrainTest-BrainTest"> <a href="/versions/v9/software/S0293/"> BrainTest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Brave Prince-Brave Prince"> <a href="/versions/v9/software/S0252/"> Brave Prince </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bread-Bread"> <a href="/versions/v9/software/S0432/"> Bread </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Briba-Briba"> <a href="/versions/v9/software/S0204/"> Briba </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BS2005-BS2005"> <a href="/versions/v9/software/S0014/"> BS2005 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BUBBLEWRAP-BUBBLEWRAP"> <a href="/versions/v9/software/S0043/"> BUBBLEWRAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="build_downer-build_downer"> <a href="/versions/v9/software/S0471/"> build_downer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bundlore-Bundlore"> <a href="/versions/v9/software/S0482/"> Bundlore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cachedump-Cachedump"> <a href="/versions/v9/software/S0119/"> Cachedump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cadelspy-Cadelspy"> <a href="/versions/v9/software/S0454/"> Cadelspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CALENDAR-CALENDAR"> <a href="/versions/v9/software/S0025/"> CALENDAR </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Calisto-Calisto"> <a href="/versions/v9/software/S0274/"> Calisto </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CallMe-CallMe"> <a href="/versions/v9/software/S0077/"> CallMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cannon-Cannon"> <a href="/versions/v9/software/S0351/"> Cannon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carbanak-Carbanak"> <a href="/versions/v9/software/S0030/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carberp-Carberp"> <a href="/versions/v9/software/S0484/"> Carberp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carbon-Carbon"> <a href="/versions/v9/software/S0335/"> Carbon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CarbonSteal-CarbonSteal"> <a href="/versions/v9/software/S0529/"> CarbonSteal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cardinal RAT-Cardinal RAT"> <a href="/versions/v9/software/S0348/"> Cardinal RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CARROTBALL-CARROTBALL"> <a href="/versions/v9/software/S0465/"> CARROTBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CARROTBAT-CARROTBAT"> <a href="/versions/v9/software/S0462/"> CARROTBAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Catchamas-Catchamas"> <a href="/versions/v9/software/S0261/"> Catchamas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Caterpillar WebShell-Caterpillar WebShell"> <a href="/versions/v9/software/S0572/"> Caterpillar WebShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CCBkdr-CCBkdr"> <a href="/versions/v9/software/S0222/"> CCBkdr </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cerberus-Cerberus"> <a href="/versions/v9/software/S0480/"> Cerberus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="certutil-certutil"> <a href="/versions/v9/software/S0160/"> certutil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Chaos-Chaos"> <a href="/versions/v9/software/S0220/"> Chaos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Charger-Charger"> <a href="/versions/v9/software/S0323/"> Charger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ChChes-ChChes"> <a href="/versions/v9/software/S0144/"> ChChes </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CHEMISTGAMES-CHEMISTGAMES"> <a href="/versions/v9/software/S0555/"> CHEMISTGAMES </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cherry Picker-Cherry Picker"> <a href="/versions/v9/software/S0107/"> Cherry Picker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="China Chopper-China Chopper"> <a href="/versions/v9/software/S0020/"> China Chopper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CHOPSTICK-CHOPSTICK"> <a href="/versions/v9/software/S0023/"> CHOPSTICK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Circles-Circles"> <a href="/versions/v9/software/S0602/"> Circles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CloudDuke-CloudDuke"> <a href="/versions/v9/software/S0054/"> CloudDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cmd-cmd"> <a href="/versions/v9/software/S0106/"> cmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="Cobalt Strike-Cobalt Strike"> <a href="/versions/v9/software/S0154/"> Cobalt Strike </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cobian RAT-Cobian RAT"> <a href="/versions/v9/software/S0338/"> Cobian RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CoinTicker-CoinTicker"> <a href="/versions/v9/software/S0369/"> CoinTicker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Comnie-Comnie"> <a href="/versions/v9/software/S0244/"> Comnie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ComRAT-ComRAT"> <a href="/versions/v9/software/S0126/"> ComRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Concipit1248-Concipit1248"> <a href="/versions/v9/software/S0426/"> Concipit1248 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ConnectWise-ConnectWise"> <a href="/versions/v9/software/S0591/"> ConnectWise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Conti-Conti"> <a href="/versions/v9/software/S0575/"> Conti </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CookieMiner-CookieMiner"> <a href="/versions/v9/software/S0492/"> CookieMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CORALDECK-CORALDECK"> <a href="/versions/v9/software/S0212/"> CORALDECK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CORESHELL-CORESHELL"> <a href="/versions/v9/software/S0137/"> CORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Corona Updates-Corona Updates"> <a href="/versions/v9/software/S0425/"> Corona Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CosmicDuke-CosmicDuke"> <a href="/versions/v9/software/S0050/"> CosmicDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CozyCar-CozyCar"> <a href="/versions/v9/software/S0046/"> CozyCar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CrackMapExec-CrackMapExec"> <a href="/versions/v9/software/S0488/"> CrackMapExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Crimson-Crimson"> <a href="/versions/v9/software/S0115/"> Crimson </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CrossRAT-CrossRAT"> <a href="/versions/v9/software/S0235/"> CrossRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Crutch-Crutch"> <a href="/versions/v9/software/S0538/"> Crutch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cryptoistic-Cryptoistic"> <a href="/versions/v9/software/S0498/"> Cryptoistic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CSPY Downloader-CSPY Downloader"> <a href="/versions/v9/software/S0527/"> CSPY Downloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dacls-Dacls"> <a href="/versions/v9/software/S0497/"> Dacls </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DarkComet-DarkComet"> <a href="/versions/v9/software/S0334/"> DarkComet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Daserf-Daserf"> <a href="/versions/v9/software/S0187/"> Daserf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DDKONG-DDKONG"> <a href="/versions/v9/software/S0255/"> DDKONG </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DealersChoice-DealersChoice"> <a href="/versions/v9/software/S0243/"> DealersChoice </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DEFENSOR ID-DEFENSOR ID"> <a href="/versions/v9/software/S0479/"> DEFENSOR ID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dendroid-Dendroid"> <a href="/versions/v9/software/S0301/"> Dendroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Denis-Denis"> <a href="/versions/v9/software/S0354/"> Denis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Derusbi-Derusbi"> <a href="/versions/v9/software/S0021/"> Derusbi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Desert Scorpion-Desert Scorpion"> <a href="/versions/v9/software/S0505/"> Desert Scorpion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dipsind-Dipsind"> <a href="/versions/v9/software/S0200/"> Dipsind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DOGCALL-DOGCALL"> <a href="/versions/v9/software/S0213/"> DOGCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dok-Dok"> <a href="/versions/v9/software/S0281/"> Dok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Doki-Doki"> <a href="/versions/v9/software/S0600/"> Doki </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DoubleAgent-DoubleAgent"> <a href="/versions/v9/software/S0550/"> DoubleAgent </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="down_new-down_new"> <a href="/versions/v9/software/S0472/"> down_new </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Downdelph-Downdelph"> <a href="/versions/v9/software/S0134/"> Downdelph </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DownPaper-DownPaper"> <a href="/versions/v9/software/S0186/"> DownPaper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DressCode-DressCode"> <a href="/versions/v9/software/S0300/"> DressCode </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dridex-Dridex"> <a href="/versions/v9/software/S0384/"> Dridex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DroidJack-DroidJack"> <a href="/versions/v9/software/S0320/"> DroidJack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DropBook-DropBook"> <a href="/versions/v9/software/S0547/"> DropBook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Drovorub-Drovorub"> <a href="/versions/v9/software/S0502/"> Drovorub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="dsquery-dsquery"> <a href="/versions/v9/software/S0105/"> dsquery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dtrack-Dtrack"> <a href="/versions/v9/software/S0567/"> Dtrack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DualToy-DualToy"> <a href="/versions/v9/software/S0315/"> DualToy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Duqu-Duqu"> <a href="/versions/v9/software/S0038/"> Duqu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DustySky-DustySky"> <a href="/versions/v9/software/S0062/"> DustySky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dvmap-Dvmap"> <a href="/versions/v9/software/S0420/"> Dvmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dyre-Dyre"> <a href="/versions/v9/software/S0024/"> Dyre </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ebury-Ebury"> <a href="/versions/v9/software/S0377/"> Ebury </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ECCENTRICBANDWAGON-ECCENTRICBANDWAGON"> <a href="/versions/v9/software/S0593/"> ECCENTRICBANDWAGON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Egregor-Egregor"> <a href="/versions/v9/software/S0554/"> Egregor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Elise-Elise"> <a href="/versions/v9/software/S0081/"> Elise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ELMER-ELMER"> <a href="/versions/v9/software/S0064/"> ELMER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Emissary-Emissary"> <a href="/versions/v9/software/S0082/"> Emissary </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Emotet-Emotet"> <a href="/versions/v9/software/S0367/"> Emotet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Empire-Empire"> <a href="/versions/v9/software/S0363/"> Empire </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Epic-Epic"> <a href="/versions/v9/software/S0091/"> Epic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="esentutl-esentutl"> <a href="/versions/v9/software/S0404/"> esentutl </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="eSurv-eSurv"> <a href="/versions/v9/software/S0507/"> eSurv </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EventBot-EventBot"> <a href="/versions/v9/software/S0478/"> EventBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EvilBunny-EvilBunny"> <a href="/versions/v9/software/S0396/"> EvilBunny </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EvilGrab-EvilGrab"> <a href="/versions/v9/software/S0152/"> EvilGrab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EVILNUM-EVILNUM"> <a href="/versions/v9/software/S0568/"> EVILNUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exaramel for Linux-Exaramel for Linux"> <a href="/versions/v9/software/S0401/"> Exaramel for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exaramel for Windows-Exaramel for Windows"> <a href="/versions/v9/software/S0343/"> Exaramel for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exobot-Exobot"> <a href="/versions/v9/software/S0522/"> Exobot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exodus-Exodus"> <a href="/versions/v9/software/S0405/"> Exodus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Expand-Expand"> <a href="/versions/v9/software/S0361/"> Expand </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Explosive-Explosive"> <a href="/versions/v9/software/S0569/"> Explosive </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FakeM-FakeM"> <a href="/versions/v9/software/S0076/"> FakeM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FakeSpy-FakeSpy"> <a href="/versions/v9/software/S0509/"> FakeSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FALLCHILL-FALLCHILL"> <a href="/versions/v9/software/S0181/"> FALLCHILL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FatDuke-FatDuke"> <a href="/versions/v9/software/S0512/"> FatDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Felismus-Felismus"> <a href="/versions/v9/software/S0171/"> Felismus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FELIXROOT-FELIXROOT"> <a href="/versions/v9/software/S0267/"> FELIXROOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Fgdump-Fgdump"> <a href="/versions/v9/software/S0120/"> Fgdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Final1stspy-Final1stspy"> <a href="/versions/v9/software/S0355/"> Final1stspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FinFisher-FinFisher"> <a href="/versions/v9/software/S0182/"> FinFisher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Flame-Flame"> <a href="/versions/v9/software/S0143/"> Flame </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FLASHFLOOD-FLASHFLOOD"> <a href="/versions/v9/software/S0036/"> FLASHFLOOD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FlawedAmmyy-FlawedAmmyy"> <a href="/versions/v9/software/S0381/"> FlawedAmmyy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FlawedGrace-FlawedGrace"> <a href="/versions/v9/software/S0383/"> FlawedGrace </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FlexiSpy-FlexiSpy"> <a href="/versions/v9/software/S0408/"> FlexiSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FLIPSIDE-FLIPSIDE"> <a href="/versions/v9/software/S0173/"> FLIPSIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Forfiles-Forfiles"> <a href="/versions/v9/software/S0193/"> Forfiles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FrameworkPOS-FrameworkPOS"> <a href="/versions/v9/software/S0503/"> FrameworkPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FrozenCell-FrozenCell"> <a href="/versions/v9/software/S0577/"> FrozenCell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FruitFly-FruitFly"> <a href="/versions/v9/software/S0277/"> FruitFly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FTP-FTP"> <a href="/versions/v9/software/S0095/"> FTP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Fysbis-Fysbis"> <a href="/versions/v9/software/S0410/"> Fysbis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gazer-Gazer"> <a href="/versions/v9/software/S0168/"> Gazer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GeminiDuke-GeminiDuke"> <a href="/versions/v9/software/S0049/"> GeminiDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Get2-Get2"> <a href="/versions/v9/software/S0460/"> Get2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="gh0st RAT-gh0st RAT"> <a href="/versions/v9/software/S0032/"> gh0st RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ginp-Ginp"> <a href="/versions/v9/software/S0423/"> Ginp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GLOOXMAIL-GLOOXMAIL"> <a href="/versions/v9/software/S0026/"> GLOOXMAIL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gold Dragon-Gold Dragon"> <a href="/versions/v9/software/S0249/"> Gold Dragon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Golden Cup-Golden Cup"> <a href="/versions/v9/software/S0535/"> Golden Cup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldenEagle-GoldenEagle"> <a href="/versions/v9/software/S0551/"> GoldenEagle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldenSpy-GoldenSpy"> <a href="/versions/v9/software/S0493/"> GoldenSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldFinder-GoldFinder"> <a href="/versions/v9/software/S0597/"> GoldFinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldMax-GoldMax"> <a href="/versions/v9/software/S0588/"> GoldMax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GolfSpy-GolfSpy"> <a href="/versions/v9/software/S0421/"> GolfSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gooligan-Gooligan"> <a href="/versions/v9/software/S0290/"> Gooligan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Goopy-Goopy"> <a href="/versions/v9/software/S0477/"> Goopy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GPlayed-GPlayed"> <a href="/versions/v9/software/S0536/"> GPlayed </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Grandoreiro-Grandoreiro"> <a href="/versions/v9/software/S0531/"> Grandoreiro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GravityRAT-GravityRAT"> <a href="/versions/v9/software/S0237/"> GravityRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GreyEnergy-GreyEnergy"> <a href="/versions/v9/software/S0342/"> GreyEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GRIFFON-GRIFFON"> <a href="/versions/v9/software/S0417/"> GRIFFON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="gsecdump-gsecdump"> <a href="/versions/v9/software/S0008/"> gsecdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GuLoader-GuLoader"> <a href="/versions/v9/software/S0561/"> GuLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gustuff-Gustuff"> <a href="/versions/v9/software/S0406/"> Gustuff </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="H1N1-H1N1"> <a href="/versions/v9/software/S0132/"> H1N1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hacking Team UEFI Rootkit-Hacking Team UEFI Rootkit"> <a href="/versions/v9/software/S0047/"> Hacking Team UEFI Rootkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HALFBAKED-HALFBAKED"> <a href="/versions/v9/software/S0151/"> HALFBAKED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAMMERTOSS-HAMMERTOSS"> <a href="/versions/v9/software/S0037/"> HAMMERTOSS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hancitor-Hancitor"> <a href="/versions/v9/software/S0499/"> Hancitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAPPYWORK-HAPPYWORK"> <a href="/versions/v9/software/S0214/"> HAPPYWORK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HARDRAIN-HARDRAIN"> <a href="/versions/v9/software/S0246/"> HARDRAIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Havij-Havij"> <a href="/versions/v9/software/S0224/"> Havij </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAWKBALL-HAWKBALL"> <a href="/versions/v9/software/S0391/"> HAWKBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="hcdLoader-hcdLoader"> <a href="/versions/v9/software/S0071/"> hcdLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HDoor-HDoor"> <a href="/versions/v9/software/S0061/"> HDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Helminth-Helminth"> <a href="/versions/v9/software/S0170/"> Helminth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HenBox-HenBox"> <a href="/versions/v9/software/S0544/"> HenBox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hi-Zor-Hi-Zor"> <a href="/versions/v9/software/S0087/"> Hi-Zor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HiddenWasp-HiddenWasp"> <a href="/versions/v9/software/S0394/"> HiddenWasp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HIDEDRV-HIDEDRV"> <a href="/versions/v9/software/S0135/"> HIDEDRV </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hikit-Hikit"> <a href="/versions/v9/software/S0009/"> Hikit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hildegard-Hildegard"> <a href="/versions/v9/software/S0601/"> Hildegard </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HOMEFRY-HOMEFRY"> <a href="/versions/v9/software/S0232/"> HOMEFRY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HOPLIGHT-HOPLIGHT"> <a href="/versions/v9/software/S0376/"> HOPLIGHT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HotCroissant-HotCroissant"> <a href="/versions/v9/software/S0431/"> HotCroissant </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HTRAN-HTRAN"> <a href="/versions/v9/software/S0040/"> HTRAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HTTPBrowser-HTTPBrowser"> <a href="/versions/v9/software/S0070/"> HTTPBrowser </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="httpclient-httpclient"> <a href="/versions/v9/software/S0068/"> httpclient </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HummingBad-HummingBad"> <a href="/versions/v9/software/S0322/"> HummingBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HummingWhale-HummingWhale"> <a href="/versions/v9/software/S0321/"> HummingWhale </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hydraq-Hydraq"> <a href="/versions/v9/software/S0203/"> Hydraq </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HyperBro-HyperBro"> <a href="/versions/v9/software/S0398/"> HyperBro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HyperStack-HyperStack"> <a href="/versions/v9/software/S0537/"> HyperStack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="IcedID-IcedID"> <a href="/versions/v9/software/S0483/"> IcedID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ifconfig-ifconfig"> <a href="/versions/v9/software/S0101/"> ifconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="iKitten-iKitten"> <a href="/versions/v9/software/S0278/"> iKitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Imminent Monitor-Imminent Monitor"> <a href="/versions/v9/software/S0434/"> Imminent Monitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Impacket-Impacket"> <a href="/versions/v9/software/S0357/"> Impacket </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="InnaputRAT-InnaputRAT"> <a href="/versions/v9/software/S0259/"> InnaputRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="INSOMNIA-INSOMNIA"> <a href="/versions/v9/software/S0463/"> INSOMNIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="InvisiMole-InvisiMole"> <a href="/versions/v9/software/S0260/"> InvisiMole </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Invoke-PSImage-Invoke-PSImage"> <a href="/versions/v9/software/S0231/"> Invoke-PSImage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ipconfig-ipconfig"> <a href="/versions/v9/software/S0100/"> ipconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="IronNetInjector-IronNetInjector"> <a href="/versions/v9/software/S0581/"> IronNetInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ISMInjector-ISMInjector"> <a href="/versions/v9/software/S0189/"> ISMInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ixeshe-Ixeshe"> <a href="/versions/v9/software/S0015/"> Ixeshe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Janicab-Janicab"> <a href="/versions/v9/software/S0163/"> Janicab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Javali-Javali"> <a href="/versions/v9/software/S0528/"> Javali </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="JCry-JCry"> <a href="/versions/v9/software/S0389/"> JCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="JHUHUGIT-JHUHUGIT"> <a href="/versions/v9/software/S0044/"> JHUHUGIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="JPIN-JPIN"> <a href="/versions/v9/software/S0201/"> JPIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="jRAT-jRAT"> <a href="/versions/v9/software/S0283/"> jRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Judy-Judy"> <a href="/versions/v9/software/S0325/"> Judy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KARAE-KARAE"> <a href="/versions/v9/software/S0215/"> KARAE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kasidet-Kasidet"> <a href="/versions/v9/software/S0088/"> Kasidet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kazuar-Kazuar"> <a href="/versions/v9/software/S0265/"> Kazuar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kerrdown-Kerrdown"> <a href="/versions/v9/software/S0585/"> Kerrdown </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kessel-Kessel"> <a href="/versions/v9/software/S0487/"> Kessel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KeyBoy-KeyBoy"> <a href="/versions/v9/software/S0387/"> KeyBoy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Keydnap-Keydnap"> <a href="/versions/v9/software/S0276/"> Keydnap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KEYMARBLE-KEYMARBLE"> <a href="/versions/v9/software/S0271/"> KEYMARBLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KeyRaider-KeyRaider"> <a href="/versions/v9/software/S0288/"> KeyRaider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KGH_SPY-KGH_SPY"> <a href="/versions/v9/software/S0526/"> KGH_SPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kinsing-Kinsing"> <a href="/versions/v9/software/S0599/"> Kinsing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kivars-Kivars"> <a href="/versions/v9/software/S0437/"> Kivars </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Koadic-Koadic"> <a href="/versions/v9/software/S0250/"> Koadic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Komplex-Komplex"> <a href="/versions/v9/software/S0162/"> Komplex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KOMPROGO-KOMPROGO"> <a href="/versions/v9/software/S0156/"> KOMPROGO </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KONNI-KONNI"> <a href="/versions/v9/software/S0356/"> KONNI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kwampirs-Kwampirs"> <a href="/versions/v9/software/S0236/"> Kwampirs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LaZagne-LaZagne"> <a href="/versions/v9/software/S0349/"> LaZagne </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LightNeuron-LightNeuron"> <a href="/versions/v9/software/S0395/"> LightNeuron </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Linfo-Linfo"> <a href="/versions/v9/software/S0211/"> Linfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Linux Rabbit-Linux Rabbit"> <a href="/versions/v9/software/S0362/"> Linux Rabbit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LockerGoga-LockerGoga"> <a href="/versions/v9/software/S0372/"> LockerGoga </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LoJax-LoJax"> <a href="/versions/v9/software/S0397/"> LoJax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lokibot-Lokibot"> <a href="/versions/v9/software/S0447/"> Lokibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LookBack-LookBack"> <a href="/versions/v9/software/S0582/"> LookBack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LoudMiner-LoudMiner"> <a href="/versions/v9/software/S0451/"> LoudMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LOWBALL-LOWBALL"> <a href="/versions/v9/software/S0042/"> LOWBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lslsass-Lslsass"> <a href="/versions/v9/software/S0121/"> Lslsass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lucifer-Lucifer"> <a href="/versions/v9/software/S0532/"> Lucifer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lurid-Lurid"> <a href="/versions/v9/software/S0010/"> Lurid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Machete-Machete"> <a href="/versions/v9/software/S0409/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MacSpy-MacSpy"> <a href="/versions/v9/software/S0282/"> MacSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MailSniper-MailSniper"> <a href="/versions/v9/software/S0413/"> MailSniper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mandrake-Mandrake"> <a href="/versions/v9/software/S0485/"> Mandrake </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Marcher-Marcher"> <a href="/versions/v9/software/S0317/"> Marcher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Matryoshka-Matryoshka"> <a href="/versions/v9/software/S0167/"> Matryoshka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MazarBOT-MazarBOT"> <a href="/versions/v9/software/S0303/"> MazarBOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Maze-Maze"> <a href="/versions/v9/software/S0449/"> Maze </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MCMD-MCMD"> <a href="/versions/v9/software/S0500/"> MCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MechaFlounder-MechaFlounder"> <a href="/versions/v9/software/S0459/"> MechaFlounder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="meek-meek"> <a href="/versions/v9/software/S0175/"> meek </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MegaCortex-MegaCortex"> <a href="/versions/v9/software/S0576/"> MegaCortex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Melcoz-Melcoz"> <a href="/versions/v9/software/S0530/"> Melcoz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MESSAGETAP-MESSAGETAP"> <a href="/versions/v9/software/S0443/"> MESSAGETAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Metamorfo-Metamorfo"> <a href="/versions/v9/software/S0455/"> Metamorfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Micropsia-Micropsia"> <a href="/versions/v9/software/S0339/"> Micropsia </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mimikatz-Mimikatz"> <a href="/versions/v9/software/S0002/"> Mimikatz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MimiPenguin-MimiPenguin"> <a href="/versions/v9/software/S0179/"> MimiPenguin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Miner-C-Miner-C"> <a href="/versions/v9/software/S0133/"> Miner-C </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MiniDuke-MiniDuke"> <a href="/versions/v9/software/S0051/"> MiniDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MirageFox-MirageFox"> <a href="/versions/v9/software/S0280/"> MirageFox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mis-Type-Mis-Type"> <a href="/versions/v9/software/S0084/"> Mis-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Misdat-Misdat"> <a href="/versions/v9/software/S0083/"> Misdat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mivast-Mivast"> <a href="/versions/v9/software/S0080/"> Mivast </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MobileOrder-MobileOrder"> <a href="/versions/v9/software/S0079/"> MobileOrder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MoleNet-MoleNet"> <a href="/versions/v9/software/S0553/"> MoleNet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Monokle-Monokle"> <a href="/versions/v9/software/S0407/"> Monokle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MoonWind-MoonWind"> <a href="/versions/v9/software/S0149/"> MoonWind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="More_eggs-More_eggs"> <a href="/versions/v9/software/S0284/"> More_eggs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mosquito-Mosquito"> <a href="/versions/v9/software/S0256/"> Mosquito </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MURKYTOP-MURKYTOP"> <a href="/versions/v9/software/S0233/"> MURKYTOP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Naid-Naid"> <a href="/versions/v9/software/S0205/"> Naid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NanHaiShu-NanHaiShu"> <a href="/versions/v9/software/S0228/"> NanHaiShu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NanoCore-NanoCore"> <a href="/versions/v9/software/S0336/"> NanoCore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NavRAT-NavRAT"> <a href="/versions/v9/software/S0247/"> NavRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NBTscan-NBTscan"> <a href="/versions/v9/software/S0590/"> NBTscan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="nbtstat-nbtstat"> <a href="/versions/v9/software/S0102/"> nbtstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NDiskMonitor-NDiskMonitor"> <a href="/versions/v9/software/S0272/"> NDiskMonitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Nerex-Nerex"> <a href="/versions/v9/software/S0210/"> Nerex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Net-Net"> <a href="/versions/v9/software/S0039/"> Net </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Net Crawler-Net Crawler"> <a href="/versions/v9/software/S0056/"> Net Crawler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NETEAGLE-NETEAGLE"> <a href="/versions/v9/software/S0034/"> NETEAGLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="netsh-netsh"> <a href="/versions/v9/software/S0108/"> netsh </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="netstat-netstat"> <a href="/versions/v9/software/S0104/"> netstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NetTraveler-NetTraveler"> <a href="/versions/v9/software/S0033/"> NetTraveler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Netwalker-Netwalker"> <a href="/versions/v9/software/S0457/"> Netwalker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NETWIRE-NETWIRE"> <a href="/versions/v9/software/S0198/"> NETWIRE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ngrok-Ngrok"> <a href="/versions/v9/software/S0508/"> Ngrok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Nidiran-Nidiran"> <a href="/versions/v9/software/S0118/"> Nidiran </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="njRAT-njRAT"> <a href="/versions/v9/software/S0385/"> njRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Nltest-Nltest"> <a href="/versions/v9/software/S0359/"> Nltest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NOKKI-NOKKI"> <a href="/versions/v9/software/S0353/"> NOKKI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NotCompatible-NotCompatible"> <a href="/versions/v9/software/S0299/"> NotCompatible </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NotPetya-NotPetya"> <a href="/versions/v9/software/S0368/"> NotPetya </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OBAD-OBAD"> <a href="/versions/v9/software/S0286/"> OBAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OceanSalt-OceanSalt"> <a href="/versions/v9/software/S0346/"> OceanSalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Octopus-Octopus"> <a href="/versions/v9/software/S0340/"> Octopus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Okrum-Okrum"> <a href="/versions/v9/software/S0439/"> Okrum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OLDBAIT-OLDBAIT"> <a href="/versions/v9/software/S0138/"> OLDBAIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OldBoot-OldBoot"> <a href="/versions/v9/software/S0285/"> OldBoot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Olympic Destroyer-Olympic Destroyer"> <a href="/versions/v9/software/S0365/"> Olympic Destroyer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OnionDuke-OnionDuke"> <a href="/versions/v9/software/S0052/"> OnionDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OopsIE-OopsIE"> <a href="/versions/v9/software/S0264/"> OopsIE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Orz-Orz"> <a href="/versions/v9/software/S0229/"> Orz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OSInfo-OSInfo"> <a href="/versions/v9/software/S0165/"> OSInfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OSX/Shlayer-OSX/Shlayer"> <a href="/versions/v9/software/S0402/"> OSX/Shlayer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OSX_OCEANLOTUS.D-OSX_OCEANLOTUS.D"> <a href="/versions/v9/software/S0352/"> OSX_OCEANLOTUS.D </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Out1-Out1"> <a href="/versions/v9/software/S0594/"> Out1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OwaAuth-OwaAuth"> <a href="/versions/v9/software/S0072/"> OwaAuth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="P.A.S. Webshell-P.A.S. Webshell"> <a href="/versions/v9/software/S0598/"> P.A.S. Webshell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="P2P ZeuS-P2P ZeuS"> <a href="/versions/v9/software/S0016/"> P2P ZeuS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pallas-Pallas"> <a href="/versions/v9/software/S0399/"> Pallas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pasam-Pasam"> <a href="/versions/v9/software/S0208/"> Pasam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pass-The-Hash Toolkit-Pass-The-Hash Toolkit"> <a href="/versions/v9/software/S0122/"> Pass-The-Hash Toolkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pay2Key-Pay2Key"> <a href="/versions/v9/software/S0556/"> Pay2Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pegasus for Android-Pegasus for Android"> <a href="/versions/v9/software/S0316/"> Pegasus for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pegasus for iOS-Pegasus for iOS"> <a href="/versions/v9/software/S0289/"> Pegasus for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Penquin-Penquin"> <a href="/versions/v9/software/S0587/"> Penquin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PHOREAL-PHOREAL"> <a href="/versions/v9/software/S0158/"> PHOREAL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pillowmint-Pillowmint"> <a href="/versions/v9/software/S0517/"> Pillowmint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PinchDuke-PinchDuke"> <a href="/versions/v9/software/S0048/"> PinchDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ping-Ping"> <a href="/versions/v9/software/S0097/"> Ping </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PipeMon-PipeMon"> <a href="/versions/v9/software/S0501/"> PipeMon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pisloader-Pisloader"> <a href="/versions/v9/software/S0124/"> Pisloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PJApps-PJApps"> <a href="/versions/v9/software/S0291/"> PJApps </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PLAINTEE-PLAINTEE"> <a href="/versions/v9/software/S0254/"> PLAINTEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PLEAD-PLEAD"> <a href="/versions/v9/software/S0435/"> PLEAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PlugX-PlugX"> <a href="/versions/v9/software/S0013/"> PlugX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="pngdowner-pngdowner"> <a href="/versions/v9/software/S0067/"> pngdowner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PoetRAT-PoetRAT"> <a href="/versions/v9/software/S0428/"> PoetRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PoisonIvy-PoisonIvy"> <a href="/versions/v9/software/S0012/"> PoisonIvy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PolyglotDuke-PolyglotDuke"> <a href="/versions/v9/software/S0518/"> PolyglotDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pony-Pony"> <a href="/versions/v9/software/S0453/"> Pony </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POORAIM-POORAIM"> <a href="/versions/v9/software/S0216/"> POORAIM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PoshC2-PoshC2"> <a href="/versions/v9/software/S0378/"> PoshC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POSHSPY-POSHSPY"> <a href="/versions/v9/software/S0150/"> POSHSPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Power Loader-Power Loader"> <a href="/versions/v9/software/S0177/"> Power Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerDuke-PowerDuke"> <a href="/versions/v9/software/S0139/"> PowerDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerShower-PowerShower"> <a href="/versions/v9/software/S0441/"> PowerShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWERSOURCE-POWERSOURCE"> <a href="/versions/v9/software/S0145/"> POWERSOURCE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerSploit-PowerSploit"> <a href="/versions/v9/software/S0194/"> PowerSploit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerStallion-PowerStallion"> <a href="/versions/v9/software/S0393/"> PowerStallion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWERSTATS-POWERSTATS"> <a href="/versions/v9/software/S0223/"> POWERSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWERTON-POWERTON"> <a href="/versions/v9/software/S0371/"> POWERTON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWRUNER-POWRUNER"> <a href="/versions/v9/software/S0184/"> POWRUNER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Prikormka-Prikormka"> <a href="/versions/v9/software/S0113/"> Prikormka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Proton-Proton"> <a href="/versions/v9/software/S0279/"> Proton </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Proxysvc-Proxysvc"> <a href="/versions/v9/software/S0238/"> Proxysvc </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PsExec-PsExec"> <a href="/versions/v9/software/S0029/"> PsExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Psylo-Psylo"> <a href="/versions/v9/software/S0078/"> Psylo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pteranodon-Pteranodon"> <a href="/versions/v9/software/S0147/"> Pteranodon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PUNCHBUGGY-PUNCHBUGGY"> <a href="/versions/v9/software/S0196/"> PUNCHBUGGY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PUNCHTRACK-PUNCHTRACK"> <a href="/versions/v9/software/S0197/"> PUNCHTRACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pupy-Pupy"> <a href="/versions/v9/software/S0192/"> Pupy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="pwdump-pwdump"> <a href="/versions/v9/software/S0006/"> pwdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pysa-Pysa"> <a href="/versions/v9/software/S0583/"> Pysa </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="QUADAGENT-QUADAGENT"> <a href="/versions/v9/software/S0269/"> QUADAGENT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="QuasarRAT-QuasarRAT"> <a href="/versions/v9/software/S0262/"> QuasarRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ragnar Locker-Ragnar Locker"> <a href="/versions/v9/software/S0481/"> Ragnar Locker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Raindrop-Raindrop"> <a href="/versions/v9/software/S0565/"> Raindrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ramsay-Ramsay"> <a href="/versions/v9/software/S0458/"> Ramsay </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RARSTONE-RARSTONE"> <a href="/versions/v9/software/S0055/"> RARSTONE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RATANKBA-RATANKBA"> <a href="/versions/v9/software/S0241/"> RATANKBA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RawDisk-RawDisk"> <a href="/versions/v9/software/S0364/"> RawDisk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RawPOS-RawPOS"> <a href="/versions/v9/software/S0169/"> RawPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RCSAndroid-RCSAndroid"> <a href="/versions/v9/software/S0295/"> RCSAndroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RDAT-RDAT"> <a href="/versions/v9/software/S0495/"> RDAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RDFSNIFFER-RDFSNIFFER"> <a href="/versions/v9/software/S0416/"> RDFSNIFFER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Reaver-Reaver"> <a href="/versions/v9/software/S0172/"> Reaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Red Alert 2.0-Red Alert 2.0"> <a href="/versions/v9/software/S0539/"> Red Alert 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RedDrop-RedDrop"> <a href="/versions/v9/software/S0326/"> RedDrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RedLeaves-RedLeaves"> <a href="/versions/v9/software/S0153/"> RedLeaves </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Reg-Reg"> <a href="/versions/v9/software/S0075/"> Reg </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RegDuke-RegDuke"> <a href="/versions/v9/software/S0511/"> RegDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Regin-Regin"> <a href="/versions/v9/software/S0019/"> Regin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Remcos-Remcos"> <a href="/versions/v9/software/S0332/"> Remcos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Remexi-Remexi"> <a href="/versions/v9/software/S0375/"> Remexi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RemoteCMD-RemoteCMD"> <a href="/versions/v9/software/S0166/"> RemoteCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RemoteUtilities-RemoteUtilities"> <a href="/versions/v9/software/S0592/"> RemoteUtilities </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Remsec-Remsec"> <a href="/versions/v9/software/S0125/"> Remsec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Responder-Responder"> <a href="/versions/v9/software/S0174/"> Responder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Revenge RAT-Revenge RAT"> <a href="/versions/v9/software/S0379/"> Revenge RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="REvil-REvil"> <a href="/versions/v9/software/S0496/"> REvil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RGDoor-RGDoor"> <a href="/versions/v9/software/S0258/"> RGDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rifdoor-Rifdoor"> <a href="/versions/v9/software/S0433/"> Rifdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Riltok-Riltok"> <a href="/versions/v9/software/S0403/"> Riltok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RIPTIDE-RIPTIDE"> <a href="/versions/v9/software/S0003/"> RIPTIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rising Sun-Rising Sun"> <a href="/versions/v9/software/S0448/"> Rising Sun </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RobbinHood-RobbinHood"> <a href="/versions/v9/software/S0400/"> RobbinHood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ROCKBOOT-ROCKBOOT"> <a href="/versions/v9/software/S0112/"> ROCKBOOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RogueRobin-RogueRobin"> <a href="/versions/v9/software/S0270/"> RogueRobin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ROKRAT-ROKRAT"> <a href="/versions/v9/software/S0240/"> ROKRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rotexy-Rotexy"> <a href="/versions/v9/software/S0411/"> Rotexy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="route-route"> <a href="/versions/v9/software/S0103/"> route </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rover-Rover"> <a href="/versions/v9/software/S0090/"> Rover </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RTM-RTM"> <a href="/versions/v9/software/S0148/"> RTM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ruler-Ruler"> <a href="/versions/v9/software/S0358/"> Ruler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RuMMS-RuMMS"> <a href="/versions/v9/software/S0313/"> RuMMS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RunningRAT-RunningRAT"> <a href="/versions/v9/software/S0253/"> RunningRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ryuk-Ryuk"> <a href="/versions/v9/software/S0446/"> Ryuk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="S-Type-S-Type"> <a href="/versions/v9/software/S0085/"> S-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sakula-Sakula"> <a href="/versions/v9/software/S0074/"> Sakula </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SamSam-SamSam"> <a href="/versions/v9/software/S0370/"> SamSam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="schtasks-schtasks"> <a href="/versions/v9/software/S0111/"> schtasks </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SDBbot-SDBbot"> <a href="/versions/v9/software/S0461/"> SDBbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SDelete-SDelete"> <a href="/versions/v9/software/S0195/"> SDelete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SeaDuke-SeaDuke"> <a href="/versions/v9/software/S0053/"> SeaDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Seasalt-Seasalt"> <a href="/versions/v9/software/S0345/"> Seasalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SEASHARPEE-SEASHARPEE"> <a href="/versions/v9/software/S0185/"> SEASHARPEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ServHelper-ServHelper"> <a href="/versions/v9/software/S0382/"> ServHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShadowPad-ShadowPad"> <a href="/versions/v9/software/S0596/"> ShadowPad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Shamoon-Shamoon"> <a href="/versions/v9/software/S0140/"> Shamoon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SharpStage-SharpStage"> <a href="/versions/v9/software/S0546/"> SharpStage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHARPSTATS-SHARPSTATS"> <a href="/versions/v9/software/S0450/"> SHARPSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShiftyBug-ShiftyBug"> <a href="/versions/v9/software/S0294/"> ShiftyBug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShimRat-ShimRat"> <a href="/versions/v9/software/S0444/"> ShimRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShimRatReporter-ShimRatReporter"> <a href="/versions/v9/software/S0445/"> ShimRatReporter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHIPSHAPE-SHIPSHAPE"> <a href="/versions/v9/software/S0028/"> SHIPSHAPE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHOTPUT-SHOTPUT"> <a href="/versions/v9/software/S0063/"> SHOTPUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHUTTERSPEED-SHUTTERSPEED"> <a href="/versions/v9/software/S0217/"> SHUTTERSPEED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sibot-Sibot"> <a href="/versions/v9/software/S0589/"> Sibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SilkBean-SilkBean"> <a href="/versions/v9/software/S0549/"> SilkBean </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SimBad-SimBad"> <a href="/versions/v9/software/S0419/"> SimBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Skeleton Key-Skeleton Key"> <a href="/versions/v9/software/S0007/"> Skeleton Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Skidmap-Skidmap"> <a href="/versions/v9/software/S0468/"> Skidmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Skygofree-Skygofree"> <a href="/versions/v9/software/S0327/"> Skygofree </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SLOTHFULMEDIA-SLOTHFULMEDIA"> <a href="/versions/v9/software/S0533/"> SLOTHFULMEDIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SLOWDRIFT-SLOWDRIFT"> <a href="/versions/v9/software/S0218/"> SLOWDRIFT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Smoke Loader-Smoke Loader"> <a href="/versions/v9/software/S0226/"> Smoke Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SNUGRIDE-SNUGRIDE"> <a href="/versions/v9/software/S0159/"> SNUGRIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Socksbot-Socksbot"> <a href="/versions/v9/software/S0273/"> Socksbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SoreFang-SoreFang"> <a href="/versions/v9/software/S0516/"> SoreFang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SOUNDBITE-SOUNDBITE"> <a href="/versions/v9/software/S0157/"> SOUNDBITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SPACESHIP-SPACESHIP"> <a href="/versions/v9/software/S0035/"> SPACESHIP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Spark-Spark"> <a href="/versions/v9/software/S0543/"> Spark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SpeakUp-SpeakUp"> <a href="/versions/v9/software/S0374/"> SpeakUp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="spwebmember-spwebmember"> <a href="/versions/v9/software/S0227/"> spwebmember </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SpyDealer-SpyDealer"> <a href="/versions/v9/software/S0324/"> SpyDealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SpyNote RAT-SpyNote RAT"> <a href="/versions/v9/software/S0305/"> SpyNote RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="sqlmap-sqlmap"> <a href="/versions/v9/software/S0225/"> sqlmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SQLRat-SQLRat"> <a href="/versions/v9/software/S0390/"> SQLRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SslMM-SslMM"> <a href="/versions/v9/software/S0058/"> SslMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Starloader-Starloader"> <a href="/versions/v9/software/S0188/"> Starloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Stealth Mango-Stealth Mango"> <a href="/versions/v9/software/S0328/"> Stealth Mango </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="StoneDrill-StoneDrill"> <a href="/versions/v9/software/S0380/"> StoneDrill </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="StreamEx-StreamEx"> <a href="/versions/v9/software/S0142/"> StreamEx </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="StrongPity-StrongPity"> <a href="/versions/v9/software/S0491/"> StrongPity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SUNBURST-SUNBURST"> <a href="/versions/v9/software/S0559/"> SUNBURST </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SUNSPOT-SUNSPOT"> <a href="/versions/v9/software/S0562/"> SUNSPOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SUPERNOVA-SUPERNOVA"> <a href="/versions/v9/software/S0578/"> SUPERNOVA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sykipot-Sykipot"> <a href="/versions/v9/software/S0018/"> Sykipot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SynAck-SynAck"> <a href="/versions/v9/software/S0242/"> SynAck </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SYNful Knock-SYNful Knock"> <a href="/versions/v9/software/S0519/"> SYNful Knock </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sys10-Sys10"> <a href="/versions/v9/software/S0060/"> Sys10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SYSCON-SYSCON"> <a href="/versions/v9/software/S0464/"> SYSCON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Systeminfo-Systeminfo"> <a href="/versions/v9/software/S0096/"> Systeminfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="T9000-T9000"> <a href="/versions/v9/software/S0098/"> T9000 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Taidoor-Taidoor"> <a href="/versions/v9/software/S0011/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TAINTEDSCRIBE-TAINTEDSCRIBE"> <a href="/versions/v9/software/S0586/"> TAINTEDSCRIBE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TajMahal-TajMahal"> <a href="/versions/v9/software/S0467/"> TajMahal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tangelo-Tangelo"> <a href="/versions/v9/software/S0329/"> Tangelo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tasklist-Tasklist"> <a href="/versions/v9/software/S0057/"> Tasklist </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TDTESS-TDTESS"> <a href="/versions/v9/software/S0164/"> TDTESS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TEARDROP-TEARDROP"> <a href="/versions/v9/software/S0560/"> TEARDROP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TERRACOTTA-TERRACOTTA"> <a href="/versions/v9/software/S0545/"> TERRACOTTA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TEXTMATE-TEXTMATE"> <a href="/versions/v9/software/S0146/"> TEXTMATE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ThiefQuest-ThiefQuest"> <a href="/versions/v9/software/S0595/"> ThiefQuest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tiktok Pro-Tiktok Pro"> <a href="/versions/v9/software/S0558/"> Tiktok Pro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TINYTYPHON-TINYTYPHON"> <a href="/versions/v9/software/S0131/"> TINYTYPHON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TinyZBot-TinyZBot"> <a href="/versions/v9/software/S0004/"> TinyZBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tor-Tor"> <a href="/versions/v9/software/S0183/"> Tor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Triada-Triada"> <a href="/versions/v9/software/S0424/"> Triada </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TrickBot-TrickBot"> <a href="/versions/v9/software/S0266/"> TrickBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TrickMo-TrickMo"> <a href="/versions/v9/software/S0427/"> TrickMo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan-SMS.AndroidOS.Agent.ao-Trojan-SMS.AndroidOS.Agent.ao"> <a href="/versions/v9/software/S0307/"> Trojan-SMS.AndroidOS.Agent.ao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan-SMS.AndroidOS.FakeInst.a-Trojan-SMS.AndroidOS.FakeInst.a"> <a href="/versions/v9/software/S0306/"> Trojan-SMS.AndroidOS.FakeInst.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan-SMS.AndroidOS.OpFake.a-Trojan-SMS.AndroidOS.OpFake.a"> <a href="/versions/v9/software/S0308/"> Trojan-SMS.AndroidOS.OpFake.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan.Karagany-Trojan.Karagany"> <a href="/versions/v9/software/S0094/"> Trojan.Karagany </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan.Mebromi-Trojan.Mebromi"> <a href="/versions/v9/software/S0001/"> Trojan.Mebromi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Truvasys-Truvasys"> <a href="/versions/v9/software/S0178/"> Truvasys </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TSCookie-TSCookie"> <a href="/versions/v9/software/S0436/"> TSCookie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TURNEDUP-TURNEDUP"> <a href="/versions/v9/software/S0199/"> TURNEDUP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Twitoor-Twitoor"> <a href="/versions/v9/software/S0302/"> Twitoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TYPEFRAME-TYPEFRAME"> <a href="/versions/v9/software/S0263/"> TYPEFRAME </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="UACMe-UACMe"> <a href="/versions/v9/software/S0116/"> UACMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="UBoatRAT-UBoatRAT"> <a href="/versions/v9/software/S0333/"> UBoatRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Umbreon-Umbreon"> <a href="/versions/v9/software/S0221/"> Umbreon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Unknown Logger-Unknown Logger"> <a href="/versions/v9/software/S0130/"> Unknown Logger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="UPPERCUT-UPPERCUT"> <a href="/versions/v9/software/S0275/"> UPPERCUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Uroburos-Uroburos"> <a href="/versions/v9/software/S0022/"> Uroburos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ursnif-Ursnif"> <a href="/versions/v9/software/S0386/"> Ursnif </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="USBferry-USBferry"> <a href="/versions/v9/software/S0452/"> USBferry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="USBStealer-USBStealer"> <a href="/versions/v9/software/S0136/"> USBStealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Valak-Valak"> <a href="/versions/v9/software/S0476/"> Valak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Vasport-Vasport"> <a href="/versions/v9/software/S0207/"> Vasport </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="VBShower-VBShower"> <a href="/versions/v9/software/S0442/"> VBShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="VERMIN-VERMIN"> <a href="/versions/v9/software/S0257/"> VERMIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ViceLeaker-ViceLeaker"> <a href="/versions/v9/software/S0418/"> ViceLeaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ViperRAT-ViperRAT"> <a href="/versions/v9/software/S0506/"> ViperRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Volgmer-Volgmer"> <a href="/versions/v9/software/S0180/"> Volgmer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WannaCry-WannaCry"> <a href="/versions/v9/software/S0366/"> WannaCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Waterbear-Waterbear"> <a href="/versions/v9/software/S0579/"> Waterbear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WEBC2-WEBC2"> <a href="/versions/v9/software/S0109/"> WEBC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WellMail-WellMail"> <a href="/versions/v9/software/S0515/"> WellMail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WellMess-WellMess"> <a href="/versions/v9/software/S0514/"> WellMess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wiarp-Wiarp"> <a href="/versions/v9/software/S0206/"> Wiarp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Windows Credential Editor-Windows Credential Editor"> <a href="/versions/v9/software/S0005/"> Windows Credential Editor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WINDSHIELD-WINDSHIELD"> <a href="/versions/v9/software/S0155/"> WINDSHIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WindTail-WindTail"> <a href="/versions/v9/software/S0466/"> WindTail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WINERACK-WINERACK"> <a href="/versions/v9/software/S0219/"> WINERACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winexe-Winexe"> <a href="/versions/v9/software/S0191/"> Winexe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wingbird-Wingbird"> <a href="/versions/v9/software/S0176/"> Wingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WinMM-WinMM"> <a href="/versions/v9/software/S0059/"> WinMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winnti for Linux-Winnti for Linux"> <a href="/versions/v9/software/S0430/"> Winnti for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winnti for Windows-Winnti for Windows"> <a href="/versions/v9/software/S0141/"> Winnti for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wiper-Wiper"> <a href="/versions/v9/software/S0041/"> Wiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WireLurker-WireLurker"> <a href="/versions/v9/software/S0312/"> WireLurker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WolfRAT-WolfRAT"> <a href="/versions/v9/software/S0489/"> WolfRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="X-Agent for Android-X-Agent for Android"> <a href="/versions/v9/software/S0314/"> X-Agent for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XAgentOSX-XAgentOSX"> <a href="/versions/v9/software/S0161/"> XAgentOSX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Xbash-Xbash"> <a href="/versions/v9/software/S0341/"> Xbash </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Xbot-Xbot"> <a href="/versions/v9/software/S0298/"> Xbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="xCmd-xCmd"> <a href="/versions/v9/software/S0123/"> xCmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XcodeGhost-XcodeGhost"> <a href="/versions/v9/software/S0297/"> XcodeGhost </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XLoader for Android-XLoader for Android"> <a href="/versions/v9/software/S0318/"> XLoader for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XLoader for iOS-XLoader for iOS"> <a href="/versions/v9/software/S0490/"> XLoader for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XTunnel-XTunnel"> <a href="/versions/v9/software/S0117/"> XTunnel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="YAHOYAH-YAHOYAH"> <a href="/versions/v9/software/S0388/"> YAHOYAH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="YiSpecter-YiSpecter"> <a href="/versions/v9/software/S0311/"> YiSpecter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="yty-yty"> <a href="/versions/v9/software/S0248/"> yty </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zebrocy-Zebrocy"> <a href="/versions/v9/software/S0251/"> Zebrocy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zen-Zen"> <a href="/versions/v9/software/S0494/"> Zen </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZergHelper-ZergHelper"> <a href="/versions/v9/software/S0287/"> ZergHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zeroaccess-Zeroaccess"> <a href="/versions/v9/software/S0027/"> Zeroaccess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZeroT-ZeroT"> <a href="/versions/v9/software/S0230/"> ZeroT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zeus Panda-Zeus Panda"> <a href="/versions/v9/software/S0330/"> Zeus Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZLib-ZLib"> <a href="/versions/v9/software/S0086/"> ZLib </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="zwShell-zwShell"> <a href="/versions/v9/software/S0350/"> zwShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZxShell-ZxShell"> <a href="/versions/v9/software/S0412/"> ZxShell </a> </div> </div> </div> <div class="group-nav-mobile-view"> <span class="heading" id="v-home-tab" aria-selected="false">SOFTWARE</span> <div class="sidenav"> <div class="sidenav-head" id="0-0"> <a href="/versions/v9/software/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="48418f3c6358406ca44dc7b2e84bda24"> <span>1-9</span> <div class="expand-button collapsed" id="48418f3c6358406ca44dc7b2e84bda24-header" data-toggle="collapse" data-target="#48418f3c6358406ca44dc7b2e84bda24-body" aria-expanded="false" aria-controls="#48418f3c6358406ca44dc7b2e84bda24-body"></div> </div> <div class="sidenav-body collapse" id="48418f3c6358406ca44dc7b2e84bda24-body" aria-labelledby="48418f3c6358406ca44dc7b2e84bda24-header"> <div class="sidenav"> <div class="sidenav-head" id="48418f3c6358406ca44dc7b2e84bda24-6292761697c84af2b3ab47e564c686ab"> <a href="/versions/v9/software/S0066/"> 3PARA RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="48418f3c6358406ca44dc7b2e84bda24-17fcf8f0d70e44b58bde97ee87b3565b"> <a href="/versions/v9/software/S0065/"> 4H RAT </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="7188c073623b4deea3ad87f4c7b3a4a6"> <span>A-B</span> <div class="expand-button collapsed" id="7188c073623b4deea3ad87f4c7b3a4a6-header" data-toggle="collapse" data-target="#7188c073623b4deea3ad87f4c7b3a4a6-body" aria-expanded="false" aria-controls="#7188c073623b4deea3ad87f4c7b3a4a6-body"></div> </div> <div class="sidenav-body collapse" id="7188c073623b4deea3ad87f4c7b3a4a6-body" aria-labelledby="7188c073623b4deea3ad87f4c7b3a4a6-header"> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-c361fed4a2074ad7a1b58a298c868ebe"> <a href="/versions/v9/software/S0469/"> ABK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3c28e91d0f7d4f699305d80a31914546"> <a href="/versions/v9/software/S0202/"> adbupd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-dcfaa7c55aa54178bb1cc38ebb04cd6b"> <a href="/versions/v9/software/S0552/"> AdFind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3e8ea259f66b434c9588b0e2c0349926"> <a href="/versions/v9/software/S0309/"> Adups </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-e088cc1834d34121af72dc7b045482fd"> <a href="/versions/v9/software/S0045/"> ADVSTORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9f815df98da84d3796ae7d95cffc9f24"> <a href="/versions/v9/software/S0440/"> Agent Smith </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-5b248b193495413c9facde687b2e847f"> <a href="/versions/v9/software/S0331/"> Agent Tesla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-5ebfbe1d23fc48cab30374a1245c473c"> <a href="/versions/v9/software/S0092/"> Agent.btz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-30fecf8c31324fd18243df17eaa001bc"> <a href="/versions/v9/software/S0319/"> Allwinner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-650af89e5439418384922ea1c5d7203d"> <a href="/versions/v9/software/S0504/"> Anchor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-e241110c3cfd497987f99cdc22bed84c"> <a href="/versions/v9/software/S0525/"> Android/AdDisplay.Ashas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-c455c275f1104f2b9568877e39ec371a"> <a href="/versions/v9/software/S0304/"> Android/Chuli.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-049ae09456f440f8b186438d24818080"> <a href="/versions/v9/software/S0524/"> AndroidOS/MalLocker.B </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1a447cea39ce4c7d96479b78bb151b38"> <a href="/versions/v9/software/S0310/"> ANDROIDOS_ANSERVER.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-518a1b4049754cb68fabe42c4f7be83e"> <a href="/versions/v9/software/S0292/"> AndroRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9f91b583c2284257bfd7b5d2e8ed159e"> <a href="/versions/v9/software/S0422/"> Anubis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2c29f7b3241f4412a6af27efb5267c98"> <a href="/versions/v9/software/S0584/"> AppleJeus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3fceb81ae6334adba4e53928c78aae45"> <a href="/versions/v9/software/S0456/"> Aria-body </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-38c89689838e4cc58ae68c68aa6d2ba8"> <a href="/versions/v9/software/S0099/"> Arp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3ec5cd516aba43e1b565c349e0e0af61"> <a href="/versions/v9/software/S0540/"> Asacub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-d6c4219cc90c4477b8afde579671bd4d"> <a href="/versions/v9/software/S0073/"> ASPXSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-ca5e8e9311c740d8999891bbe66a7473"> <a href="/versions/v9/software/S0373/"> Astaroth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-8f07137280d748029a428f9c869490f1"> <a href="/versions/v9/software/S0110/"> at </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-21ba4399938d430a93a3870b52d4074f"> <a href="/versions/v9/software/S0438/"> Attor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-72cc824120794007bbb90faaaaabea70"> <a href="/versions/v9/software/S0347/"> AuditCred </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-ed6da5f058a44bf2ae11275996b538d4"> <a href="/versions/v9/software/S0129/"> AutoIt backdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-8a6b6cb297d143b7b42383cccacfa307"> <a href="/versions/v9/software/S0473/"> Avenger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-978a5d6b115140139cea6617c618a64f"> <a href="/versions/v9/software/S0344/"> Azorult </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-822554ddc024457796d462a62758ce5c"> <a href="/versions/v9/software/S0414/"> BabyShark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-bff93946cb2d48cf826fd3bff6ab9335"> <a href="/versions/v9/software/S0475/"> BackConfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-50c9eb5bed2745ae87547a9c1796d515"> <a href="/versions/v9/software/S0093/"> Backdoor.Oldrea </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1d4dcd04271e4d3f80126e736572db43"> <a href="/versions/v9/software/S0031/"> BACKSPACE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-aebb4b3c06ce4e56945bcc799a52a88e"> <a href="/versions/v9/software/S0245/"> BADCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9994806518954b64bd5412d9d343ba29"> <a href="/versions/v9/software/S0128/"> BADNEWS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-a26f35ae3d6944469dd839fc3b72f541"> <a href="/versions/v9/software/S0337/"> BadPatch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1a2fbb2fda144f648411131ee14da0c6"> <a href="/versions/v9/software/S0234/"> Bandook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2c8d1b721be04f898f11e64d83e23cc7"> <a href="/versions/v9/software/S0239/"> Bankshot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-10bd8795e03147fc818236863fdd80b5"> <a href="/versions/v9/software/S0534/"> Bazar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-38276d27a0374313a4e7714fdc4059c5"> <a href="/versions/v9/software/S0470/"> BBK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-87f24b07cfd8464692c0cc5c89fccbde"> <a href="/versions/v9/software/S0127/"> BBSRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2e08a24c21a64b2c86e94708c5358265"> <a href="/versions/v9/software/S0574/"> BendyBear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9ccb2a12b027460abb117c09b0d07ed2"> <a href="/versions/v9/software/S0017/"> BISCUIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-8b3c0ea89a17410293a45ff73448425c"> <a href="/versions/v9/software/S0268/"> Bisonal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2718d54e72074504b90503b4bc99b07c"> <a href="/versions/v9/software/S0570/"> BitPaymer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3b45607bc5994a338fe62b8db410de1f"> <a href="/versions/v9/software/S0190/"> BITSAdmin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-fc913627c5194c75b21a6940c6944926"> <a href="/versions/v9/software/S0069/"> BLACKCOFFEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-a6a73e3cb1654412bba4a0543decaec8"> <a href="/versions/v9/software/S0089/"> BlackEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-df1ced35d9d94bbc9210e374b3ab67e1"> <a href="/versions/v9/software/S0564/"> BlackMould </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-a6cb5b8bf420475db961cf2c1d907002"> <a href="/versions/v9/software/S0520/"> BLINDINGCAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1f6dc762aa94492885c1c497e0c9ddd1"> <a href="/versions/v9/software/S0521/"> BloodHound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-02043ab47c384237a7aa4ae2f58bbde3"> <a href="/versions/v9/software/S0486/"> Bonadan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-750a5513c41a4721be478e5d0eca8193"> <a href="/versions/v9/software/S0360/"> BONDUPDATER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-29a722ee137f4dffa821f75ebd28084b"> <a href="/versions/v9/software/S0415/"> BOOSTWRITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-838ad4c53d3f44a481952a144c2bade1"> <a href="/versions/v9/software/S0114/"> BOOTRASH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-6e542a152aff45698a40c0e3355730c4"> <a href="/versions/v9/software/S0293/"> BrainTest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-0f116510c376423bb447f11f31569445"> <a href="/versions/v9/software/S0252/"> Brave Prince </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-f8410717cea048a18d4a1cbfd0d6ec0e"> <a href="/versions/v9/software/S0432/"> Bread </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-14305b258f924dc69805ccca619fc289"> <a href="/versions/v9/software/S0204/"> Briba </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3c936682994942799c616c5dbfdd1616"> <a href="/versions/v9/software/S0014/"> BS2005 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-54a4b9ab2d6b4cb385713de7b962e14c"> <a href="/versions/v9/software/S0043/"> BUBBLEWRAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1ec2787799bf4b33a2503115682766e3"> <a href="/versions/v9/software/S0471/"> build_downer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-85f3be01078e4d07ae9dcc12d28a350f"> <a href="/versions/v9/software/S0482/"> Bundlore </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="45d7b74aa0944de18130a412091c2509"> <span>C-D</span> <div class="expand-button collapsed" id="45d7b74aa0944de18130a412091c2509-header" data-toggle="collapse" data-target="#45d7b74aa0944de18130a412091c2509-body" aria-expanded="false" aria-controls="#45d7b74aa0944de18130a412091c2509-body"></div> </div> <div class="sidenav-body collapse" id="45d7b74aa0944de18130a412091c2509-body" aria-labelledby="45d7b74aa0944de18130a412091c2509-header"> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-dad0af829bbb4a9395c730410f88e2e7"> <a href="/versions/v9/software/S0119/"> Cachedump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-de6f81ee60034dcbba5a68d8db2e3265"> <a href="/versions/v9/software/S0454/"> Cadelspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-01265574e664494ebcafbfa532b50fc6"> <a href="/versions/v9/software/S0025/"> CALENDAR </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e6ae9e482ffa4d44958f0a0743a60190"> <a href="/versions/v9/software/S0274/"> Calisto </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b7c27f7c3b42438084f65c75a11f6565"> <a href="/versions/v9/software/S0077/"> CallMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-9e34224cc35b4f5f80bede1031672758"> <a href="/versions/v9/software/S0351/"> Cannon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-1be1987dbcdb418ba963efc08035dcb7"> <a href="/versions/v9/software/S0030/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-cdb5bf3a936c4bd5891db6557758b8e0"> <a href="/versions/v9/software/S0484/"> Carberp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-105da4ac017a475e996da2a02a510117"> <a href="/versions/v9/software/S0335/"> Carbon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e2132eeea32f43f9a10eca6a6b45fc45"> <a href="/versions/v9/software/S0529/"> CarbonSteal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-48735f1d19c5466ca1f0e08e2f140fd2"> <a href="/versions/v9/software/S0348/"> Cardinal RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5e1645f3b9c345ddbd6ae47b727c1147"> <a href="/versions/v9/software/S0465/"> CARROTBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e955430c035e4528a1d5a801c7dc362f"> <a href="/versions/v9/software/S0462/"> CARROTBAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b4dc0bd1f545420b99a1a9e4cc96a103"> <a href="/versions/v9/software/S0261/"> Catchamas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b1a3a7d15ad84f86ab845ed9418b5f30"> <a href="/versions/v9/software/S0572/"> Caterpillar WebShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-48c60ad8c9414793b82ae2e4b18c1d89"> <a href="/versions/v9/software/S0222/"> CCBkdr </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-4ac63d8c3f004beca2c39e03aa9214f0"> <a href="/versions/v9/software/S0480/"> Cerberus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-589addb37a2540cba233dc99523bb4e8"> <a href="/versions/v9/software/S0160/"> certutil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-7cbb910100a6400a9f0908afee4f0e13"> <a href="/versions/v9/software/S0220/"> Chaos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f84cae45f1734efe9a38ff69c4999c68"> <a href="/versions/v9/software/S0323/"> Charger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b7ea032273d14477aef845efab4ac4e1"> <a href="/versions/v9/software/S0144/"> ChChes </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-52fd1fc57d714395a84887087abf19c1"> <a href="/versions/v9/software/S0555/"> CHEMISTGAMES </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-73854f02864544e7bdcfe218c431f145"> <a href="/versions/v9/software/S0107/"> Cherry Picker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-eeaf494c03694aabaedd33c962cef449"> <a href="/versions/v9/software/S0020/"> China Chopper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5348a1bd98264c819cbdbafc413854b4"> <a href="/versions/v9/software/S0023/"> CHOPSTICK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-cd75d2edc6f74f28bec4aad343a3afb3"> <a href="/versions/v9/software/S0602/"> Circles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-c1106e7c997448f9b31530026c59d44b"> <a href="/versions/v9/software/S0054/"> CloudDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-72565e36ba454a99aae137a6ca24c733"> <a href="/versions/v9/software/S0106/"> cmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="45d7b74aa0944de18130a412091c2509-f131493e37a5488a93a5139a465e1c25"> <a href="/versions/v9/software/S0154/"> Cobalt Strike </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-04d6b8d929e24e56bd31461a3d6948ae"> <a href="/versions/v9/software/S0338/"> Cobian RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-8664bd79ce864898ab5bd66a38e95cf2"> <a href="/versions/v9/software/S0369/"> CoinTicker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-a1b6d60ce8974ebc8e60ebf22f197cc0"> <a href="/versions/v9/software/S0244/"> Comnie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-eab1b3bbaa944f0489a05755a82a2d58"> <a href="/versions/v9/software/S0126/"> ComRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b3a86a366f3147cf9243008da1d3779b"> <a href="/versions/v9/software/S0426/"> Concipit1248 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-cbb4d5b88d2648fab212979e84a8eda4"> <a href="/versions/v9/software/S0591/"> ConnectWise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-10b66095858747c283c1b835297089dc"> <a href="/versions/v9/software/S0575/"> Conti </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-636f8f0797d34c4c98a8db4a12ce97a3"> <a href="/versions/v9/software/S0492/"> CookieMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5e2920a47cd04278a5ed7f647796e216"> <a href="/versions/v9/software/S0212/"> CORALDECK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-691179444b504df79e5cde4d7ef407eb"> <a href="/versions/v9/software/S0137/"> CORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5bcc7a6ed46d41d0a655b69190233504"> <a href="/versions/v9/software/S0425/"> Corona Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-7ddeee50080b41bfaa7aa2ff81d7636c"> <a href="/versions/v9/software/S0050/"> CosmicDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-46b4abcccb0f4fc7b64dec9039e06d1c"> <a href="/versions/v9/software/S0046/"> CozyCar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-ff1c32c259394e37830d8f88222a3035"> <a href="/versions/v9/software/S0488/"> CrackMapExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-85e1e120a7844821bc6e61fe91780793"> <a href="/versions/v9/software/S0115/"> Crimson </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-76f3ee6d70e84263810dae1d8f61f0df"> <a href="/versions/v9/software/S0235/"> CrossRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-1491ddb715884b50af82d4be6b3813cc"> <a href="/versions/v9/software/S0538/"> Crutch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-4917f92d6b2a4fc992cfb2c5509e9c04"> <a href="/versions/v9/software/S0498/"> Cryptoistic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d8b7b5f1e00a4c2da5abc58d62e64d2f"> <a href="/versions/v9/software/S0527/"> CSPY Downloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b609e4bb10af49fe94202373f70a947a"> <a href="/versions/v9/software/S0497/"> Dacls </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e85c09afbce04478afc62f2c5dae9a8f"> <a href="/versions/v9/software/S0334/"> DarkComet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-2972aba1d08242c397b6e568e422ce90"> <a href="/versions/v9/software/S0187/"> Daserf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-825bc4f61d1b4bafab04caba19a26e88"> <a href="/versions/v9/software/S0255/"> DDKONG </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-47d1e9e048a941b3ae254814d2028265"> <a href="/versions/v9/software/S0243/"> DealersChoice </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e3a46bb9605b456bb082db70738d7714"> <a href="/versions/v9/software/S0479/"> DEFENSOR ID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-c850e96cf9ca4b1daf8743091f92c3be"> <a href="/versions/v9/software/S0301/"> Dendroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-999990709ba842358ab749cedb6318e0"> <a href="/versions/v9/software/S0354/"> Denis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b0e6ee62f57d449187222d1b29795390"> <a href="/versions/v9/software/S0021/"> Derusbi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5f3f9ca9a3184c78a97a5f9134802f97"> <a href="/versions/v9/software/S0505/"> Desert Scorpion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d2b4fb9f315541ec9daff39f1f1f1578"> <a href="/versions/v9/software/S0200/"> Dipsind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-3cc8a2c475954ea1a01aefa8ad1f02e1"> <a href="/versions/v9/software/S0213/"> DOGCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-0af4d57a58b748389510a5707b46bef7"> <a href="/versions/v9/software/S0281/"> Dok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e79202c9fc8e47958dd3c0594270b149"> <a href="/versions/v9/software/S0600/"> Doki </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5b685bd7b0e54ab2ab1dfb1dcbe5f87e"> <a href="/versions/v9/software/S0550/"> DoubleAgent </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d40e4c25800e492f9fa0d7237d6a6574"> <a href="/versions/v9/software/S0472/"> down_new </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-318f3e3aba4247249bcd3315cdef6e9e"> <a href="/versions/v9/software/S0134/"> Downdelph </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-73f7193d85bc456abf76b76e23a5408b"> <a href="/versions/v9/software/S0186/"> DownPaper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d78df7f9ce6445839574b0de511cee94"> <a href="/versions/v9/software/S0300/"> DressCode </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-fa4cbfb5fb2b4924ba720a7471e0c7d7"> <a href="/versions/v9/software/S0384/"> Dridex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f29dec5d90124dc383fd704790a56adf"> <a href="/versions/v9/software/S0320/"> DroidJack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-72e27647836b41d2891f3aa86e9eb5d7"> <a href="/versions/v9/software/S0547/"> DropBook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-082862e8aaa4476a85feb3fa0b4ee427"> <a href="/versions/v9/software/S0502/"> Drovorub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b45370169aca4afbbf90a25713df83f4"> <a href="/versions/v9/software/S0105/"> dsquery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-83ab160e2f944e0f930ec564eee30b1f"> <a href="/versions/v9/software/S0567/"> Dtrack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-ea784617c55649e5afd0ff7592ee5748"> <a href="/versions/v9/software/S0315/"> DualToy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-8401eaf6aa7140c8ad9c02f4b93991a5"> <a href="/versions/v9/software/S0038/"> Duqu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-37dcdb82678c40f5844d6a6da1ac99b9"> <a href="/versions/v9/software/S0062/"> DustySky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-0a68233f002244dc816940be9a0c5a91"> <a href="/versions/v9/software/S0420/"> Dvmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f698142a09fe40f0acd96f3e06ff4a62"> <a href="/versions/v9/software/S0024/"> Dyre </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="995763ff60774cf6905e1c1225aa6cd3"> <span>E-F</span> <div class="expand-button collapsed" id="995763ff60774cf6905e1c1225aa6cd3-header" data-toggle="collapse" data-target="#995763ff60774cf6905e1c1225aa6cd3-body" aria-expanded="false" aria-controls="#995763ff60774cf6905e1c1225aa6cd3-body"></div> </div> <div class="sidenav-body collapse" id="995763ff60774cf6905e1c1225aa6cd3-body" aria-labelledby="995763ff60774cf6905e1c1225aa6cd3-header"> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-440f7c89572f45459fde0f2b3f78af44"> <a href="/versions/v9/software/S0377/"> Ebury </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-af702b2b4d1c4369b91a94f544ed9dc5"> <a href="/versions/v9/software/S0593/"> ECCENTRICBANDWAGON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-92800ced9f9c49e1801f9b0515ccd9bc"> <a href="/versions/v9/software/S0554/"> Egregor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-1c4639d52c5b42619d9241b0af6162b2"> <a href="/versions/v9/software/S0081/"> Elise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-3837c26de33f42e2859703e13989f07e"> <a href="/versions/v9/software/S0064/"> ELMER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-579ebdbfad37467b8b654b1762fafcb3"> <a href="/versions/v9/software/S0082/"> Emissary </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-4d64ad85a3ae425b9b27317efba9b8ee"> <a href="/versions/v9/software/S0367/"> Emotet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-36953764dc7148d68be75e1c0d44df6b"> <a href="/versions/v9/software/S0363/"> Empire </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-315be8b1c5414f41b96c87ed4d5bda14"> <a href="/versions/v9/software/S0091/"> Epic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-b6cb7a3c66734b75b3b2947b812f6015"> <a href="/versions/v9/software/S0404/"> esentutl </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-501630d620c64844aad50e4efda919b0"> <a href="/versions/v9/software/S0507/"> eSurv </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-f6a6f27546ae4243931a90dab5c9c05a"> <a href="/versions/v9/software/S0478/"> EventBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-39969cce13a0435ab804d1966e0c0d06"> <a href="/versions/v9/software/S0396/"> EvilBunny </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-ae9c39bd012b4b42b7b93ec2aa085252"> <a href="/versions/v9/software/S0152/"> EvilGrab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-becba6a835494476ba9ba67466806cc1"> <a href="/versions/v9/software/S0568/"> EVILNUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-38e3cf036c114a428b8ebd0949b04ca0"> <a href="/versions/v9/software/S0401/"> Exaramel for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-8fe762f488324340bf591085e32ed4f0"> <a href="/versions/v9/software/S0343/"> Exaramel for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-1efdb46c675244fe9905f40dab34784d"> <a href="/versions/v9/software/S0522/"> Exobot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-65873afe72f347ec9c23193d4ea207cb"> <a href="/versions/v9/software/S0405/"> Exodus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-9c9808f5b39742e7a7c8851232fc98b3"> <a href="/versions/v9/software/S0361/"> Expand </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-f036159060774437a649ecff71d96392"> <a href="/versions/v9/software/S0569/"> Explosive </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-1bb75bf13b454132b4f2d6f49ad79196"> <a href="/versions/v9/software/S0076/"> FakeM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-e27cb3bd2d1e4db5bdf971b4a6810657"> <a href="/versions/v9/software/S0509/"> FakeSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-44bd9661e61345439195a28bbfef165b"> <a href="/versions/v9/software/S0181/"> FALLCHILL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-c7a52e1061e54cb7a7e54d126e19f36c"> <a href="/versions/v9/software/S0512/"> FatDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-8b957d75690d428bb943f4ff6c4f0409"> <a href="/versions/v9/software/S0171/"> Felismus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-7b8d3d8c16574e1c86904ecdefc66495"> <a href="/versions/v9/software/S0267/"> FELIXROOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-2660039fd2ba487ba124a9c4ee077db4"> <a href="/versions/v9/software/S0120/"> Fgdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-3a17a2e1458f4f3ca0b6cb0ec557cbe9"> <a href="/versions/v9/software/S0355/"> Final1stspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-dae234fb63374b9ea14e943efd098143"> <a href="/versions/v9/software/S0182/"> FinFisher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-4f617b954de64c9fba3e2384f654a9bd"> <a href="/versions/v9/software/S0143/"> Flame </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-89c77272716844e3a5ff144d0f7d96a8"> <a href="/versions/v9/software/S0036/"> FLASHFLOOD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-23cd0ec2130b4cb08fade93190bfc2c9"> <a href="/versions/v9/software/S0381/"> FlawedAmmyy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-41c0eac5fe6b48cb9b590f3008ec18d0"> <a href="/versions/v9/software/S0383/"> FlawedGrace </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-b24d12ea13284553a4ce495c23ec2da9"> <a href="/versions/v9/software/S0408/"> FlexiSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-0004f61cbecc488e950b5d5823945b87"> <a href="/versions/v9/software/S0173/"> FLIPSIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-a4dd54ccde59437a951a3a43ea883a43"> <a href="/versions/v9/software/S0193/"> Forfiles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-08df06ecbf794e4b9f186eb39d9f2454"> <a href="/versions/v9/software/S0503/"> FrameworkPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-f984817dbfcd4011b2cd08e2e36f520e"> <a href="/versions/v9/software/S0577/"> FrozenCell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-e90edf8b275e46f188cb74dcec6105b0"> <a href="/versions/v9/software/S0277/"> FruitFly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-eaf3bceec6a24054ad25195399c9b56b"> <a href="/versions/v9/software/S0095/"> FTP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-6dc5615da30647799b4fd29942a7601d"> <a href="/versions/v9/software/S0410/"> Fysbis </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="7dda4863994e41969314028147217d4b"> <span>G-H</span> <div class="expand-button collapsed" id="7dda4863994e41969314028147217d4b-header" data-toggle="collapse" data-target="#7dda4863994e41969314028147217d4b-body" aria-expanded="false" aria-controls="#7dda4863994e41969314028147217d4b-body"></div> </div> <div class="sidenav-body collapse" id="7dda4863994e41969314028147217d4b-body" aria-labelledby="7dda4863994e41969314028147217d4b-header"> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-96c3a7e149f8443883fb29e3fb8c17d0"> <a href="/versions/v9/software/S0168/"> Gazer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-068b14a3f8904e0393a7c41db7899025"> <a href="/versions/v9/software/S0049/"> GeminiDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-39539bdfc5554eeb9861f2b88936cc13"> <a href="/versions/v9/software/S0460/"> Get2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-1379197e041e4f49b753bbad9ab55d5d"> <a href="/versions/v9/software/S0032/"> gh0st RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0a1b690dca9c424c9dd3d3d84aee2a12"> <a href="/versions/v9/software/S0423/"> Ginp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0fb3045a074c41fb8186f4bba6880ca4"> <a href="/versions/v9/software/S0026/"> GLOOXMAIL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0b4bdbfb8cac4d7b91b45c06510b664f"> <a href="/versions/v9/software/S0249/"> Gold Dragon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-32b08aa056464f55879d72bcfc3f1c7e"> <a href="/versions/v9/software/S0535/"> Golden Cup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-61f827c3521242968b6917fc1c89d1ef"> <a href="/versions/v9/software/S0551/"> GoldenEagle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-b6542052a3c045c0975867c84f7f8ac9"> <a href="/versions/v9/software/S0493/"> GoldenSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-57504368f36f4b009a5db0bd1c4e5ca5"> <a href="/versions/v9/software/S0597/"> GoldFinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-ec7a7bb8ff1b42fca43931d4508c6893"> <a href="/versions/v9/software/S0588/"> GoldMax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-199454843d354ee585d312061c05c59b"> <a href="/versions/v9/software/S0421/"> GolfSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-bb53aabf90a84a4f983d725c0bf4d753"> <a href="/versions/v9/software/S0290/"> Gooligan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-5ea97ac576bc4a299da0082d0d97e5fb"> <a href="/versions/v9/software/S0477/"> Goopy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0d14e13bfec04b78acf37473f35c2de7"> <a href="/versions/v9/software/S0536/"> GPlayed </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-60fe034b7b5c4d219234baa028eb05c2"> <a href="/versions/v9/software/S0531/"> Grandoreiro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-bb8c6a5e36974e7a9a1482a005f50e52"> <a href="/versions/v9/software/S0237/"> GravityRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0a6266a7b2b04e968513cc93e5c21308"> <a href="/versions/v9/software/S0342/"> GreyEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-11d60f2256f643ccb5d3365f842ed916"> <a href="/versions/v9/software/S0417/"> GRIFFON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-578c22d4f5054d6f96295dc9bccadfd7"> <a href="/versions/v9/software/S0008/"> gsecdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-7c07dfc2afba4c31a9ae969b7a565793"> <a href="/versions/v9/software/S0561/"> GuLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-1163df4d3fd2447dbaa2b50e21bfb631"> <a href="/versions/v9/software/S0406/"> Gustuff </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-f3d85c50ecac4af790400f86293fbfc6"> <a href="/versions/v9/software/S0132/"> H1N1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-8b9a871d7bc949e2b245482480f41887"> <a href="/versions/v9/software/S0047/"> Hacking Team UEFI Rootkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-2686b8a32f264a4ea8725539a6c0138a"> <a href="/versions/v9/software/S0151/"> HALFBAKED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-6ddd8a7c2fcc44a6be4fecf905f28dc6"> <a href="/versions/v9/software/S0037/"> HAMMERTOSS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-098de606790d4a6b9f96822c8c9cf8bb"> <a href="/versions/v9/software/S0499/"> Hancitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-887e37ed1c9a4af1a7f6a0ee03658e97"> <a href="/versions/v9/software/S0214/"> HAPPYWORK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-bb6014d8e91d4bb09a5435ea0469c61c"> <a href="/versions/v9/software/S0246/"> HARDRAIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-2e825e70c3154d4b9b5daaa719bfd71f"> <a href="/versions/v9/software/S0224/"> Havij </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-df118731429a492dab61890aa302cccb"> <a href="/versions/v9/software/S0391/"> HAWKBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-763c001420674678b586a1a6371e2090"> <a href="/versions/v9/software/S0071/"> hcdLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-9cb257c7297241389f7ef7b505836f66"> <a href="/versions/v9/software/S0061/"> HDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-b4264d11660f43aebbf18b58acc38578"> <a href="/versions/v9/software/S0170/"> Helminth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-66fb445f47b44daea9a51c95c2e89e69"> <a href="/versions/v9/software/S0544/"> HenBox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-624ac6fa8f7548c88de3a1f492371a85"> <a href="/versions/v9/software/S0087/"> Hi-Zor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-4174588c8a784aa7b86bf44cca029f0e"> <a href="/versions/v9/software/S0394/"> HiddenWasp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-56d093a3a65940c5ab13c4c46b6c6a41"> <a href="/versions/v9/software/S0135/"> HIDEDRV </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-f7582b8b16d646b18d1cccc40502e080"> <a href="/versions/v9/software/S0009/"> Hikit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-cfbb1a3b2af84107b3b553ca52b0dc9a"> <a href="/versions/v9/software/S0601/"> Hildegard </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-259bb3505eae4ad9a7e20f92398a645b"> <a href="/versions/v9/software/S0232/"> HOMEFRY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-8da03ca68df54ae2bb0a6bb4159869ce"> <a href="/versions/v9/software/S0376/"> HOPLIGHT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-af129521a0f9411d9ce612a0fcbcc38e"> <a href="/versions/v9/software/S0431/"> HotCroissant </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-f64a8f347ef74cd4a081e01eca2e7eab"> <a href="/versions/v9/software/S0040/"> HTRAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-a45716a36032488c8e9948a50838c255"> <a href="/versions/v9/software/S0070/"> HTTPBrowser </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-50729d64d668464dbbc7c8330fdad07c"> <a href="/versions/v9/software/S0068/"> httpclient </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-b446f4c7d5ed4f38847b873ff1fe1964"> <a href="/versions/v9/software/S0322/"> HummingBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-6a05d0e232b2476bb6dfc8eef44dedb8"> <a href="/versions/v9/software/S0321/"> HummingWhale </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-d7ba3aafe5f74bc691385c71cfbbeb70"> <a href="/versions/v9/software/S0203/"> Hydraq </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-9a14ee55c92944d3bd6e444a4a03dc34"> <a href="/versions/v9/software/S0398/"> HyperBro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-7f65bf8eade14e8aa999c61158f72523"> <a href="/versions/v9/software/S0537/"> HyperStack </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="1fb850c336df45e2badf3c675ecf29e3"> <span>I-J</span> <div class="expand-button collapsed" id="1fb850c336df45e2badf3c675ecf29e3-header" data-toggle="collapse" data-target="#1fb850c336df45e2badf3c675ecf29e3-body" aria-expanded="false" aria-controls="#1fb850c336df45e2badf3c675ecf29e3-body"></div> </div> <div class="sidenav-body collapse" id="1fb850c336df45e2badf3c675ecf29e3-body" aria-labelledby="1fb850c336df45e2badf3c675ecf29e3-header"> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-3d40ba62c14a493480edc1728666aeba"> <a href="/versions/v9/software/S0483/"> IcedID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-b4182532aaa24485af90d97a9aa1952e"> <a href="/versions/v9/software/S0101/"> ifconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-6beee0141dac4625afc4478f6a4b78bf"> <a href="/versions/v9/software/S0278/"> iKitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-8d781293905445ee8e05d26859313757"> <a href="/versions/v9/software/S0434/"> Imminent Monitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-7684f92140c243608b02a6d042cc465f"> <a href="/versions/v9/software/S0357/"> Impacket </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-da794609c7994d7c95075ceb3b1ebc0f"> <a href="/versions/v9/software/S0259/"> InnaputRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-01130ca148184b70a711973a77fa0806"> <a href="/versions/v9/software/S0463/"> INSOMNIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-4a36b62bf4e34ed387f8a2346700f719"> <a href="/versions/v9/software/S0260/"> InvisiMole </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-a7c39411776c4e8690ea794ca7f38620"> <a href="/versions/v9/software/S0231/"> Invoke-PSImage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-233c3873a10e44428baa1e141eab02d8"> <a href="/versions/v9/software/S0100/"> ipconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-9c613e68b89d408bbc1fb7f58e6c10da"> <a href="/versions/v9/software/S0581/"> IronNetInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-26fa4f3bda444405993504417e0e14b8"> <a href="/versions/v9/software/S0189/"> ISMInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-bbcc26bad22740c1bc33863e7613b32c"> <a href="/versions/v9/software/S0015/"> Ixeshe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-279190baddd04d27942986d05a0202d6"> <a href="/versions/v9/software/S0163/"> Janicab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-dbf21dc30e9c4484893c9fe96a1a7709"> <a href="/versions/v9/software/S0528/"> Javali </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-9dcb81f14ce74a14bf7d792831629db5"> <a href="/versions/v9/software/S0389/"> JCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-aab2f351221148e9aa59b738ebef31a9"> <a href="/versions/v9/software/S0044/"> JHUHUGIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-a199308d03e542e4a9cb13b225f64f3b"> <a href="/versions/v9/software/S0201/"> JPIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-00c9db0c3eed46108db3d22e71e08a8d"> <a href="/versions/v9/software/S0283/"> jRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-23903cfe984d444cb9a0c1eb6e97d98f"> <a href="/versions/v9/software/S0325/"> Judy </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="56cffb3dd4fc4e38868dba75d49ec567"> <span>K-L</span> <div class="expand-button collapsed" id="56cffb3dd4fc4e38868dba75d49ec567-header" data-toggle="collapse" data-target="#56cffb3dd4fc4e38868dba75d49ec567-body" aria-expanded="false" aria-controls="#56cffb3dd4fc4e38868dba75d49ec567-body"></div> </div> <div class="sidenav-body collapse" id="56cffb3dd4fc4e38868dba75d49ec567-body" aria-labelledby="56cffb3dd4fc4e38868dba75d49ec567-header"> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f77ada02ba3e4f8b9eb4c0859a06f549"> <a href="/versions/v9/software/S0215/"> KARAE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-d67dff796de24c7bbbf867bc80233183"> <a href="/versions/v9/software/S0088/"> Kasidet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-ececab99072d48f1adc66cd5378e94f5"> <a href="/versions/v9/software/S0265/"> Kazuar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f8847c79826b46438ddee9c498526222"> <a href="/versions/v9/software/S0585/"> Kerrdown </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-7fd9cc8646384389a9999c3f7177eb07"> <a href="/versions/v9/software/S0487/"> Kessel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-4f1a8954e70c4a6b8545fbe79858a59a"> <a href="/versions/v9/software/S0387/"> KeyBoy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f98ce974c937466abda3fd8dbe8891d6"> <a href="/versions/v9/software/S0276/"> Keydnap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-5f3b7542656242bdb46e39d3b4c4f72f"> <a href="/versions/v9/software/S0271/"> KEYMARBLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-64e1d76b46764879b2b5a2ead9c78a87"> <a href="/versions/v9/software/S0288/"> KeyRaider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-4657bc4617c149afb9f585b96923b600"> <a href="/versions/v9/software/S0526/"> KGH_SPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-bbaed415b2d242b887372c5311efc1d7"> <a href="/versions/v9/software/S0599/"> Kinsing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-7bc048a70ad244b3bb873a699e730598"> <a href="/versions/v9/software/S0437/"> Kivars </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-2daeb36dc3d2442d9c0903f066ba60a7"> <a href="/versions/v9/software/S0250/"> Koadic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-472418f1763441aa8fedc6330cfbbbcb"> <a href="/versions/v9/software/S0162/"> Komplex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-9373784fcfe04a0393f3ebcee431beaf"> <a href="/versions/v9/software/S0156/"> KOMPROGO </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-b7ac592a1cee47dd81b8ceb1191f8d83"> <a href="/versions/v9/software/S0356/"> KONNI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-3034cdc6a1f141f8b87065bca529b203"> <a href="/versions/v9/software/S0236/"> Kwampirs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-e966a5795b8c45229f5d87ba392be3f6"> <a href="/versions/v9/software/S0349/"> LaZagne </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-18df2766ab6f470c93d06ba657a07ce0"> <a href="/versions/v9/software/S0395/"> LightNeuron </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-fed64c4332ed4ac6b437ecd0575fc475"> <a href="/versions/v9/software/S0211/"> Linfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-36377314560944ef9afdbded7f3b3b55"> <a href="/versions/v9/software/S0362/"> Linux Rabbit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-d2335b6d5bbd4f399f2ff6874a52eb39"> <a href="/versions/v9/software/S0372/"> LockerGoga </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-2da91ae36682427b89a2aec900a16f70"> <a href="/versions/v9/software/S0397/"> LoJax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-595c207eec2c42eb9eba8164b7c41ffa"> <a href="/versions/v9/software/S0447/"> Lokibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-e13b6d6e12b545ab9708c99547d9250b"> <a href="/versions/v9/software/S0582/"> LookBack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f172a7d526304444b76d8be5a7b233ea"> <a href="/versions/v9/software/S0451/"> LoudMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-0c323671203948c4a80babf1dc1ed468"> <a href="/versions/v9/software/S0042/"> LOWBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-4a4f0b3db0bf4f03a24f7bcedfd3695b"> <a href="/versions/v9/software/S0121/"> Lslsass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-e51744fa8f084fbca7800c3005f93f73"> <a href="/versions/v9/software/S0532/"> Lucifer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-b16a3ead86764bc08a02d401e0c7ddef"> <a href="/versions/v9/software/S0010/"> Lurid </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="39e3ccf5e40641dd904b0d11d0c696e4"> <span>M-N</span> <div class="expand-button collapsed" id="39e3ccf5e40641dd904b0d11d0c696e4-header" data-toggle="collapse" data-target="#39e3ccf5e40641dd904b0d11d0c696e4-body" aria-expanded="false" aria-controls="#39e3ccf5e40641dd904b0d11d0c696e4-body"></div> </div> <div class="sidenav-body collapse" id="39e3ccf5e40641dd904b0d11d0c696e4-body" aria-labelledby="39e3ccf5e40641dd904b0d11d0c696e4-header"> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-ad929117e09c414a99510c6884b8fbbd"> <a href="/versions/v9/software/S0409/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-1be03db82b904c3d9c3def4cd5307df3"> <a href="/versions/v9/software/S0282/"> MacSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-854f7ba19f764fafa71f39422a209dc3"> <a href="/versions/v9/software/S0413/"> MailSniper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-6c7f7d70f91140f3a5cb1346216d79e9"> <a href="/versions/v9/software/S0485/"> Mandrake </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-6df4c2455a694f588b7e7f48db1d1320"> <a href="/versions/v9/software/S0317/"> Marcher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3908733201d1485397d84dbbba44a8c6"> <a href="/versions/v9/software/S0167/"> Matryoshka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-da462f365ca0493786b531201ad50e96"> <a href="/versions/v9/software/S0303/"> MazarBOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-a7abc2ef8f8f4c6a8ad7e3fe1f7e172a"> <a href="/versions/v9/software/S0449/"> Maze </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-ae9a0cccb9d740ce8c9eaea8013a9ea3"> <a href="/versions/v9/software/S0500/"> MCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-cf63d9e793ff4bb79c8d6f1621a598bd"> <a href="/versions/v9/software/S0459/"> MechaFlounder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c790a4e42ac341c3955c5bf4447c2ab0"> <a href="/versions/v9/software/S0175/"> meek </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-8721b77ee5184cea8335bd7254836979"> <a href="/versions/v9/software/S0576/"> MegaCortex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-721a9f2030c0422cbd7392e72c28584a"> <a href="/versions/v9/software/S0530/"> Melcoz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-f8f4d0bce12b4736bd4f3bfdf90584de"> <a href="/versions/v9/software/S0443/"> MESSAGETAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-1da54db31e6d4b64a31852798f0d4990"> <a href="/versions/v9/software/S0455/"> Metamorfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-004261e81643479e991be592c70f5062"> <a href="/versions/v9/software/S0339/"> Micropsia </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-5ecf9de241b64124a1fb9e357f3a8813"> <a href="/versions/v9/software/S0002/"> Mimikatz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c478b0248ea24614944a6a2e4952c95b"> <a href="/versions/v9/software/S0179/"> MimiPenguin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c3e1dd27da46472caf37200b211d2ac5"> <a href="/versions/v9/software/S0133/"> Miner-C </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-bad0c4c4be6e42fab0dd5f6cb168478e"> <a href="/versions/v9/software/S0051/"> MiniDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-36c0a28ca3cc4a84b795cb71ef88906c"> <a href="/versions/v9/software/S0280/"> MirageFox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-9be1eb1f139e4855a1e496520c428b67"> <a href="/versions/v9/software/S0084/"> Mis-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3e7c4a59633444c9a2b513a17f677b8a"> <a href="/versions/v9/software/S0083/"> Misdat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-39f1845f13494108bb8d9ceac30747b2"> <a href="/versions/v9/software/S0080/"> Mivast </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3823ed1fcb6a4963a5892b961f2d5c58"> <a href="/versions/v9/software/S0079/"> MobileOrder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-f3283bf6f961410daa182f9c616fe683"> <a href="/versions/v9/software/S0553/"> MoleNet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3cc87a218f854f01a39b074ce385493d"> <a href="/versions/v9/software/S0407/"> Monokle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-24b9f40b56bb414e8646435a75c0789d"> <a href="/versions/v9/software/S0149/"> MoonWind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-78e27f7765e442f0ad63cad93b6c7623"> <a href="/versions/v9/software/S0284/"> More_eggs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-8187b4ae14764ffa8f6955b6631e7b9c"> <a href="/versions/v9/software/S0256/"> Mosquito </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-1bbd06698a184d7a928ab3b978fa6b0e"> <a href="/versions/v9/software/S0233/"> MURKYTOP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-329d993dff564edeab6a3e8a3c047a83"> <a href="/versions/v9/software/S0205/"> Naid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-57bb1e806b094adaa76a5d5ac422df66"> <a href="/versions/v9/software/S0228/"> NanHaiShu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-383d88f910024a9b96534b50707590c5"> <a href="/versions/v9/software/S0336/"> NanoCore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c145f2bf6cd343f0bbe141b4b872bc36"> <a href="/versions/v9/software/S0247/"> NavRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-4ac9ba123fd24f51a2673406d350b453"> <a href="/versions/v9/software/S0590/"> NBTscan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-237cd62fb48c46e79a89c0d95816211a"> <a href="/versions/v9/software/S0102/"> nbtstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-8239c6acce7345d7b214877a597b547b"> <a href="/versions/v9/software/S0272/"> NDiskMonitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-2cbaccb651054ac980f1cb98119c41d2"> <a href="/versions/v9/software/S0210/"> Nerex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3451e90b94af4b0692914f9ed0d77855"> <a href="/versions/v9/software/S0039/"> Net </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-ba349ab92da348918f09459989f1b0d0"> <a href="/versions/v9/software/S0056/"> Net Crawler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-82712a11e595430088def8ae706e1dcb"> <a href="/versions/v9/software/S0034/"> NETEAGLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-99911262ee034dfba7696a9ebbe9f7a7"> <a href="/versions/v9/software/S0108/"> netsh </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-e0b2b87eb57e4b968dd5ac1b5c686caa"> <a href="/versions/v9/software/S0104/"> netstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-d0c11584f2b74392b2d1f533f81371ae"> <a href="/versions/v9/software/S0033/"> NetTraveler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-421955b56ae1467bb0e5d76189f39f25"> <a href="/versions/v9/software/S0457/"> Netwalker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-cc3558cc87ec4534b60db1eb81343fd6"> <a href="/versions/v9/software/S0198/"> NETWIRE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-4869ab27832a4c089c48b3526b840df4"> <a href="/versions/v9/software/S0508/"> Ngrok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-bf54a356521245f3a0cfdeb480f90796"> <a href="/versions/v9/software/S0118/"> Nidiran </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-70a2e95f5fc5468293820c24cc00e5ba"> <a href="/versions/v9/software/S0385/"> njRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-7853dd3460244e25835b6e07a6564e72"> <a href="/versions/v9/software/S0359/"> Nltest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-06008a854bea4165bf51aa294c9a5439"> <a href="/versions/v9/software/S0353/"> NOKKI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c851e818d6504bcab55a8eeb452ef612"> <a href="/versions/v9/software/S0299/"> NotCompatible </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-5db08187e1f04e6785664ec216fb438b"> <a href="/versions/v9/software/S0368/"> NotPetya </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="765d7bcc2f35481abaf311c71e691b83"> <span>O-P</span> <div class="expand-button collapsed" id="765d7bcc2f35481abaf311c71e691b83-header" data-toggle="collapse" data-target="#765d7bcc2f35481abaf311c71e691b83-body" aria-expanded="false" aria-controls="#765d7bcc2f35481abaf311c71e691b83-body"></div> </div> <div class="sidenav-body collapse" id="765d7bcc2f35481abaf311c71e691b83-body" aria-labelledby="765d7bcc2f35481abaf311c71e691b83-header"> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-d02af7fe8e3041e9a094fb891ea9a6d8"> <a href="/versions/v9/software/S0286/"> OBAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-eed06a361c6249e49fd10519e054f6a1"> <a href="/versions/v9/software/S0346/"> OceanSalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-733a765d980747a1a5702334bcf168bb"> <a href="/versions/v9/software/S0340/"> Octopus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-aa36d57739a944a5aafadc4cd9f6955d"> <a href="/versions/v9/software/S0439/"> Okrum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-e79b3832a34c4be59e591111a511f0a3"> <a href="/versions/v9/software/S0138/"> OLDBAIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-33a51d03895544248d4d463fabd5237d"> <a href="/versions/v9/software/S0285/"> OldBoot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-512d584663794170a397f688f117bb7b"> <a href="/versions/v9/software/S0365/"> Olympic Destroyer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-622e5f32421d4c4696d0976414810b0a"> <a href="/versions/v9/software/S0052/"> OnionDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-37b25c0eb5ba4e7dbf4e08fc20a9364a"> <a href="/versions/v9/software/S0264/"> OopsIE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-dc8e7d261028475f8987251e1040691f"> <a href="/versions/v9/software/S0229/"> Orz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-3ce2ce7ebdcd41c0836de01cdf9ed07e"> <a href="/versions/v9/software/S0165/"> OSInfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-15ee2f0eaf9f45588448b0c93fb0b65c"> <a href="/versions/v9/software/S0402/"> OSX/Shlayer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-6d9b8ade4f4248c894b2c74d12867cc1"> <a href="/versions/v9/software/S0352/"> OSX_OCEANLOTUS.D </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-73b29d4d4489437687f4239e5813dcd2"> <a href="/versions/v9/software/S0594/"> Out1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-248016dca2af41718474a50fb029859f"> <a href="/versions/v9/software/S0072/"> OwaAuth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-0a7b03a25954470b8146c88e68f15067"> <a href="/versions/v9/software/S0598/"> P.A.S. Webshell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-bac0568ce8fe451d9ecd40b8dbae3265"> <a href="/versions/v9/software/S0016/"> P2P ZeuS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a65692d250264a7e8363058ba9620bb8"> <a href="/versions/v9/software/S0399/"> Pallas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-9f8e69e8e9974f32a0e7a0aaf6bc7cf7"> <a href="/versions/v9/software/S0208/"> Pasam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-77943927dbf84eaf9d063afb4d9558ce"> <a href="/versions/v9/software/S0122/"> Pass-The-Hash Toolkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-29c42cf923454e23a0b49b593759b21e"> <a href="/versions/v9/software/S0556/"> Pay2Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1580852c70904a4d92fff291b51efcc7"> <a href="/versions/v9/software/S0316/"> Pegasus for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-564799ac5bbf4df18c94663955e465dc"> <a href="/versions/v9/software/S0289/"> Pegasus for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-d3a5b3f2de99484184392431d06ee6e9"> <a href="/versions/v9/software/S0587/"> Penquin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a062fb28bd634dd2b7dd5b0c6cc78556"> <a href="/versions/v9/software/S0158/"> PHOREAL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b1344bfc5b5e4a24aba03e74eda7556b"> <a href="/versions/v9/software/S0517/"> Pillowmint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-2a27e3fa9f4c4de8a09b279088b9e1c4"> <a href="/versions/v9/software/S0048/"> PinchDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-ff886d9db7c84ee1ac33f6644f497643"> <a href="/versions/v9/software/S0097/"> Ping </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-5e2b48ed7eb84c3e9ee931eca5e4b6ab"> <a href="/versions/v9/software/S0501/"> PipeMon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b86fea5e5f1047d5b69331b71696ec8c"> <a href="/versions/v9/software/S0124/"> Pisloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-d291369e05324e859f7c5c8468f1f7c6"> <a href="/versions/v9/software/S0291/"> PJApps </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-5b560a3bb78540cfb3b65fd33cba0ceb"> <a href="/versions/v9/software/S0254/"> PLAINTEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-e1f529ec6cd14dbd9e4944898fa33021"> <a href="/versions/v9/software/S0435/"> PLEAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-ad32b797007648db98eac0516e701208"> <a href="/versions/v9/software/S0013/"> PlugX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-4cb2b1be41f64c889593fb025d2b2dc9"> <a href="/versions/v9/software/S0067/"> pngdowner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1e37110d87664e1d9a70d1917b812b5b"> <a href="/versions/v9/software/S0428/"> PoetRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-c3910be3a28e447abea8b2e49d19cd14"> <a href="/versions/v9/software/S0012/"> PoisonIvy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-edd68a24caa547f7bd36ee48b0b82aeb"> <a href="/versions/v9/software/S0518/"> PolyglotDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-75ad2d21cb6849ca847ae90683a4bde4"> <a href="/versions/v9/software/S0453/"> Pony </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-84da3071627c48a0b11c6b066638c810"> <a href="/versions/v9/software/S0216/"> POORAIM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-78c179ad0ba04768bfa9e02a7c1b77c0"> <a href="/versions/v9/software/S0378/"> PoshC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-c978ee001e4545bb86eb5c19c5681c59"> <a href="/versions/v9/software/S0150/"> POSHSPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b239ee716eb046d8b85304ff03233b1f"> <a href="/versions/v9/software/S0177/"> Power Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-655f8e173a3642248cd8b8d63da37385"> <a href="/versions/v9/software/S0139/"> PowerDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-f86a51265afa497faba0e365a4cc8ee7"> <a href="/versions/v9/software/S0441/"> PowerShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-64b1f2a3d5454da8a9e19842d38e06da"> <a href="/versions/v9/software/S0145/"> POWERSOURCE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-0031cd6a045c4725ad4ce1bf68ad9428"> <a href="/versions/v9/software/S0194/"> PowerSploit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-17ef6b47e44744aea2f60bcfc29c3f7e"> <a href="/versions/v9/software/S0393/"> PowerStallion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-c24e2755414247fdaf7a9900fe1b6cee"> <a href="/versions/v9/software/S0223/"> POWERSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-abbfb1ae473548ecacf912ce30c9d9af"> <a href="/versions/v9/software/S0371/"> POWERTON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a8b1dffb0c204208b9d03e78e7aaf103"> <a href="/versions/v9/software/S0184/"> POWRUNER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-f3b1bd95bba54546872464de91080385"> <a href="/versions/v9/software/S0113/"> Prikormka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b0a0f24554d643a7aa78067a2e184d34"> <a href="/versions/v9/software/S0279/"> Proton </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1f702a63fd234899917773ce398bb143"> <a href="/versions/v9/software/S0238/"> Proxysvc </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-dadd7124e6ac44d5bb37674ede9e4691"> <a href="/versions/v9/software/S0029/"> PsExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-f3178421604a451ca5b384ad2c1473f1"> <a href="/versions/v9/software/S0078/"> Psylo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1ce1a24553e743d18e17196db129f46c"> <a href="/versions/v9/software/S0147/"> Pteranodon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-fd0b0fca5ab74159b779d9eab2953fc5"> <a href="/versions/v9/software/S0196/"> PUNCHBUGGY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-5caaefa62cf84497b802a52e1b3734c5"> <a href="/versions/v9/software/S0197/"> PUNCHTRACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b1c9926545fb4fe290504e708cbb3553"> <a href="/versions/v9/software/S0192/"> Pupy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b71eb17a19764209b61d1d8347243cda"> <a href="/versions/v9/software/S0006/"> pwdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a4f3c87e46424c06851258ff2eb97c04"> <a href="/versions/v9/software/S0583/"> Pysa </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="1d295894e7a94614ab8c6a56330ce2cf"> <span>Q-R</span> <div class="expand-button collapsed" id="1d295894e7a94614ab8c6a56330ce2cf-header" data-toggle="collapse" data-target="#1d295894e7a94614ab8c6a56330ce2cf-body" aria-expanded="false" aria-controls="#1d295894e7a94614ab8c6a56330ce2cf-body"></div> </div> <div class="sidenav-body collapse" id="1d295894e7a94614ab8c6a56330ce2cf-body" aria-labelledby="1d295894e7a94614ab8c6a56330ce2cf-header"> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-cd0e5123083445d59444154270f83a6b"> <a href="/versions/v9/software/S0269/"> QUADAGENT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-8cd12cd6394242bebb93a35acc650bc8"> <a href="/versions/v9/software/S0262/"> QuasarRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-ff5b834c1fa04f66b1f9f2f55d53bda6"> <a href="/versions/v9/software/S0481/"> Ragnar Locker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-da739d517c3a4bb48bdbc9911114b074"> <a href="/versions/v9/software/S0565/"> Raindrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-211d9bdbc7d94a85957d5498024379c4"> <a href="/versions/v9/software/S0458/"> Ramsay </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-7344e222306a4ddba5691e97946414b3"> <a href="/versions/v9/software/S0055/"> RARSTONE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-9426299bd74542d5927b2b61042e5199"> <a href="/versions/v9/software/S0241/"> RATANKBA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-d1691d8cc8834ef794756ab458f7ee00"> <a href="/versions/v9/software/S0364/"> RawDisk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-57e09eee33b247c49c9970ab7404a689"> <a href="/versions/v9/software/S0169/"> RawPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-9d9ff53d728641d8be3a450d59717164"> <a href="/versions/v9/software/S0295/"> RCSAndroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-67f158b9c68b407c80f75e18c95581bc"> <a href="/versions/v9/software/S0495/"> RDAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2c8651703a08466ba672bd625d5a933e"> <a href="/versions/v9/software/S0416/"> RDFSNIFFER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-8d55201f80f3470b8908c22974608d4e"> <a href="/versions/v9/software/S0172/"> Reaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-5702ad7da0d849c69fb44c4c863d3b43"> <a href="/versions/v9/software/S0539/"> Red Alert 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-d8a41dad618e4edf80a35c4445f5beb1"> <a href="/versions/v9/software/S0326/"> RedDrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-bcc5b9affe674cc9834c5b9b19eceae1"> <a href="/versions/v9/software/S0153/"> RedLeaves </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-8e17302b07e64557b7240b8cc13cdc5f"> <a href="/versions/v9/software/S0075/"> Reg </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-df3ea8cf02904d1089194a3878d45ad8"> <a href="/versions/v9/software/S0511/"> RegDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-40a2a2dbe0ec47d2a9efb7db4039b6fb"> <a href="/versions/v9/software/S0019/"> Regin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2500d8a0e8bb465c9d17fdec75751dc9"> <a href="/versions/v9/software/S0332/"> Remcos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2323308f8ae642b08afdac7fbb3a7585"> <a href="/versions/v9/software/S0375/"> Remexi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-469ff9d046ad4832858610168eb420c0"> <a href="/versions/v9/software/S0166/"> RemoteCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-25051c5399a24d228818d28d464a0061"> <a href="/versions/v9/software/S0592/"> RemoteUtilities </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-5464941c17844028b4df8a8ed74c6248"> <a href="/versions/v9/software/S0125/"> Remsec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-9f73fb7701754315b7fd4280919d0f0b"> <a href="/versions/v9/software/S0174/"> Responder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-55d3f71459004f2ca2f7dbbc5868bc1a"> <a href="/versions/v9/software/S0379/"> Revenge RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-b7f7effca712495aae8a4ba8bb701354"> <a href="/versions/v9/software/S0496/"> REvil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-eb811d090d2d4882ba8a160dad72cfc2"> <a href="/versions/v9/software/S0258/"> RGDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-abb7cdadf1d741ba86a6560b6fcfd712"> <a href="/versions/v9/software/S0433/"> Rifdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-a6ae63409a014629aed6b70c8988cc3e"> <a href="/versions/v9/software/S0403/"> Riltok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-0ef24be3505b4e2c945010b9800a3eeb"> <a href="/versions/v9/software/S0003/"> RIPTIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-45f68fc46b3d44bd948abf038b19007c"> <a href="/versions/v9/software/S0448/"> Rising Sun </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-f6fed98ddde348a7946c8597deb6aba2"> <a href="/versions/v9/software/S0400/"> RobbinHood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-6a15713c27ed400c9003a03e667978b2"> <a href="/versions/v9/software/S0112/"> ROCKBOOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-0d84f873b32749e394a3a739dee2cbc9"> <a href="/versions/v9/software/S0270/"> RogueRobin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-0447dc0196c14bddba552213a370fd51"> <a href="/versions/v9/software/S0240/"> ROKRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-ae828b9e8e9f4c7ca772262e8e7b94e1"> <a href="/versions/v9/software/S0411/"> Rotexy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-3e8228a832114024939f8a4d57f61e76"> <a href="/versions/v9/software/S0103/"> route </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-6728f74d4d9a482a806dd0a00fa3adc3"> <a href="/versions/v9/software/S0090/"> Rover </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-03fb989e8d784e72b89e318434b89f5a"> <a href="/versions/v9/software/S0148/"> RTM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-ba8a862396554b1a9b7556360555ec38"> <a href="/versions/v9/software/S0358/"> Ruler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2ac50fed105949b5a11c4113bff084cb"> <a href="/versions/v9/software/S0313/"> RuMMS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-5183fbba5a3b43e6af87b9e680c25877"> <a href="/versions/v9/software/S0253/"> RunningRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-b369784646f34c408eb50353ae0b81cf"> <a href="/versions/v9/software/S0446/"> Ryuk </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="15aa0ca24b1f4115a3ec8a114cf45759"> <span>S-T</span> <div class="expand-button collapsed" id="15aa0ca24b1f4115a3ec8a114cf45759-header" data-toggle="collapse" data-target="#15aa0ca24b1f4115a3ec8a114cf45759-body" aria-expanded="false" aria-controls="#15aa0ca24b1f4115a3ec8a114cf45759-body"></div> </div> <div class="sidenav-body collapse" id="15aa0ca24b1f4115a3ec8a114cf45759-body" aria-labelledby="15aa0ca24b1f4115a3ec8a114cf45759-header"> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-ea6e98679a2e482cba9c14b4e9da4180"> <a href="/versions/v9/software/S0085/"> S-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-6152c407d01448769ad39d0d3f01d076"> <a href="/versions/v9/software/S0074/"> Sakula </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d8b854356cb14539b6b613e7c3186d28"> <a href="/versions/v9/software/S0370/"> SamSam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-bcee0fc4bebc4a85acb57b05b8f201a0"> <a href="/versions/v9/software/S0111/"> schtasks </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0a9386f7dd60457e945c336059afa9b3"> <a href="/versions/v9/software/S0461/"> SDBbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-c9c3fa1db1e644a7b223d17f3f38760f"> <a href="/versions/v9/software/S0195/"> SDelete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-4fdc7944b99b4e42856fc8049d0baa65"> <a href="/versions/v9/software/S0053/"> SeaDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-f983f05c988742f8b95fcc1d07ac346f"> <a href="/versions/v9/software/S0345/"> Seasalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-c909a35768b145c5b78c928c4379697c"> <a href="/versions/v9/software/S0185/"> SEASHARPEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-52727e23d6c44c64a196e60a8e49984c"> <a href="/versions/v9/software/S0382/"> ServHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-a872f109703146a4b0d9e22b7fa9f100"> <a href="/versions/v9/software/S0596/"> ShadowPad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-01f3a26d7a4f4dacb01dd0b502bd15cd"> <a href="/versions/v9/software/S0140/"> Shamoon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-5d54439399874fc99c02541fd70664b9"> <a href="/versions/v9/software/S0546/"> SharpStage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1b90224aaa2540a3895cb354d056a386"> <a href="/versions/v9/software/S0450/"> SHARPSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-80d7e92bf75d4d45b6c024bd7ead1cc3"> <a href="/versions/v9/software/S0294/"> ShiftyBug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-55dbab27a2314d1f9985a1eeeb72065d"> <a href="/versions/v9/software/S0444/"> ShimRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-3ed080aa09f34b0da33f4fc83fcf507e"> <a href="/versions/v9/software/S0445/"> ShimRatReporter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-545577c2e50b471491533e4edc550a05"> <a href="/versions/v9/software/S0028/"> SHIPSHAPE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-5394b8427e8d45dabc231338cf8adbab"> <a href="/versions/v9/software/S0063/"> SHOTPUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-9ebe30d5a3f04a0692e9bdb596e25ae2"> <a href="/versions/v9/software/S0217/"> SHUTTERSPEED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-acb11ef1550e47598904f5076b4b5ea0"> <a href="/versions/v9/software/S0589/"> Sibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d667077ff4e24e319173e3d09713d478"> <a href="/versions/v9/software/S0549/"> SilkBean </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-dbc487142b8f4d88aa76b9909628e237"> <a href="/versions/v9/software/S0419/"> SimBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1518b6b3fc2f4fada42918c8d71c4c3c"> <a href="/versions/v9/software/S0007/"> Skeleton Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-4b55bdcd98624f83837778868f3096db"> <a href="/versions/v9/software/S0468/"> Skidmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-ec3d0ebce4254daa90d337b7ba3571a6"> <a href="/versions/v9/software/S0327/"> Skygofree </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-16a2a9044f004b139e034a223b8540f6"> <a href="/versions/v9/software/S0533/"> SLOTHFULMEDIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-01c63e07064349fcbc8c1c88f519a938"> <a href="/versions/v9/software/S0218/"> SLOWDRIFT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-dc198740f2d94484af9a1d5505e8ef59"> <a href="/versions/v9/software/S0226/"> Smoke Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-74481046eff346e1974a7e7f0e4fab5a"> <a href="/versions/v9/software/S0159/"> SNUGRIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b5cde379d3b54ccbaa3fb3a1e8570dff"> <a href="/versions/v9/software/S0273/"> Socksbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-9f1a3fc6ea9743fcb7d10a9193378976"> <a href="/versions/v9/software/S0516/"> SoreFang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-548bd8cbd2ed424ca926af80c212699d"> <a href="/versions/v9/software/S0157/"> SOUNDBITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-95e20b4079504fbfb38d71fe492f677b"> <a href="/versions/v9/software/S0035/"> SPACESHIP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-323c20e773614934acee3650115e0f35"> <a href="/versions/v9/software/S0543/"> Spark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b706daf112a24c94a704ad2493ee60e4"> <a href="/versions/v9/software/S0374/"> SpeakUp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-c48c4de5dde14d5ba98fd078096fba69"> <a href="/versions/v9/software/S0227/"> spwebmember </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b2a14338c5bf41709bc62a5b178eff49"> <a href="/versions/v9/software/S0324/"> SpyDealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-98f6995dbd6943ee914a923d7d4d936b"> <a href="/versions/v9/software/S0305/"> SpyNote RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-4cb101c759e24b4db2d09d57aeaa787f"> <a href="/versions/v9/software/S0225/"> sqlmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-6f36597c58a64ee398dd795f6f222bfa"> <a href="/versions/v9/software/S0390/"> SQLRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-e2489e7c9df742d9b9f2e74fcd37781d"> <a href="/versions/v9/software/S0058/"> SslMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-472a04b1ee2a4ef1839d944c8d494d1c"> <a href="/versions/v9/software/S0188/"> Starloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-2eecda35affa48b38f788ab837008042"> <a href="/versions/v9/software/S0328/"> Stealth Mango </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0e3dd73036e9463b9628c0b621b1c7ea"> <a href="/versions/v9/software/S0380/"> StoneDrill </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-98b5d6f482224fb29f4323aca6c816f8"> <a href="/versions/v9/software/S0142/"> StreamEx </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-f2a4f1d11a374352a3a87e9ad607bf4f"> <a href="/versions/v9/software/S0491/"> StrongPity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-08e85fc1741c459c9385ef6998c583af"> <a href="/versions/v9/software/S0559/"> SUNBURST </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d29d56e66e7447e28e40bdb9e74fa1a6"> <a href="/versions/v9/software/S0562/"> SUNSPOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-98c9f44bf41d45c79411c3651b99d679"> <a href="/versions/v9/software/S0578/"> SUPERNOVA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-44e26958502648ae890e46f20c62c34a"> <a href="/versions/v9/software/S0018/"> Sykipot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-e89ead481eab4935a7d255a749c56c02"> <a href="/versions/v9/software/S0242/"> SynAck </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-53ca34c7f5a04b19ada6955481bb3581"> <a href="/versions/v9/software/S0519/"> SYNful Knock </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-a1a848232dae4f7f89408cd9979a0745"> <a href="/versions/v9/software/S0060/"> Sys10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-ee44814b98514821b0bae9a1cf36d070"> <a href="/versions/v9/software/S0464/"> SYSCON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-7deb103aa3c54bebb99f89553538113d"> <a href="/versions/v9/software/S0096/"> Systeminfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1a357678b8024f85af86418de4b6e7a9"> <a href="/versions/v9/software/S0098/"> T9000 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d8fcb654e00b4aeaabe9201a3cdd182a"> <a href="/versions/v9/software/S0011/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-8f9a6ec8e8e24e55b8b360dd9419865a"> <a href="/versions/v9/software/S0586/"> TAINTEDSCRIBE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-61fc867a4867446392bfd85b18fa44e5"> <a href="/versions/v9/software/S0467/"> TajMahal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-3176860488734abe90a1fc7d08ec333f"> <a href="/versions/v9/software/S0329/"> Tangelo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-490904e37b8e4c9b878fe9914b39b650"> <a href="/versions/v9/software/S0057/"> Tasklist </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-67c19529f9df4ca38170275765e797be"> <a href="/versions/v9/software/S0164/"> TDTESS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b80db1c7728142c28270168205aa00b5"> <a href="/versions/v9/software/S0560/"> TEARDROP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-34ef4cae4c7c483983d402055ccb3c02"> <a href="/versions/v9/software/S0545/"> TERRACOTTA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0d7ccab9f5a34f87b2c6b8e0d2c1e93f"> <a href="/versions/v9/software/S0146/"> TEXTMATE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d9f9d047e4a74fc3abbd97f5ff90c380"> <a href="/versions/v9/software/S0595/"> ThiefQuest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-2383282c4c50465b883c8194d1f4b0f7"> <a href="/versions/v9/software/S0558/"> Tiktok Pro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d6e3c98e52444ecf8b2dc4dda2637543"> <a href="/versions/v9/software/S0131/"> TINYTYPHON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-302e64ce1d7841cb946cdc2553a1f110"> <a href="/versions/v9/software/S0004/"> TinyZBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-be0fe600775047f4a170946bf709b54f"> <a href="/versions/v9/software/S0183/"> Tor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0d1a2fc569b44d64982dd46689f42e8a"> <a href="/versions/v9/software/S0424/"> Triada </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-2e7ef33c492f4b33ae1dda162c91a720"> <a href="/versions/v9/software/S0266/"> TrickBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b8d5d5c5582644008526787eaa15f1ec"> <a href="/versions/v9/software/S0427/"> TrickMo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1e2f6ff87c1b430da45f35525599d318"> <a href="/versions/v9/software/S0307/"> Trojan-SMS.AndroidOS.Agent.ao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-691eebd166a44ff1946a8f105c238ebe"> <a href="/versions/v9/software/S0306/"> Trojan-SMS.AndroidOS.FakeInst.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-cc1d5d39020a41cc888fce098c17b97a"> <a href="/versions/v9/software/S0308/"> Trojan-SMS.AndroidOS.OpFake.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-7af8eca0765a44c88b2ad88f4aab80cc"> <a href="/versions/v9/software/S0094/"> Trojan.Karagany </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-9779b768ef5c4124ae91412fa50c2fd7"> <a href="/versions/v9/software/S0001/"> Trojan.Mebromi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-282f499a654c4c85840ac62568502153"> <a href="/versions/v9/software/S0178/"> Truvasys </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-fd3b52ec0c2c4a16b9e08d15dabfc35a"> <a href="/versions/v9/software/S0436/"> TSCookie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-943771414962416d911cf963c66b4749"> <a href="/versions/v9/software/S0199/"> TURNEDUP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-813def908b244b4a94e1834eb7a350f1"> <a href="/versions/v9/software/S0302/"> Twitoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b0a00ee9448642a580b7effa8c12e6c0"> <a href="/versions/v9/software/S0263/"> TYPEFRAME </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="77e4f19870be4252a0de8a84c11b4ee1"> <span>U-V</span> <div class="expand-button collapsed" id="77e4f19870be4252a0de8a84c11b4ee1-header" data-toggle="collapse" data-target="#77e4f19870be4252a0de8a84c11b4ee1-body" aria-expanded="false" aria-controls="#77e4f19870be4252a0de8a84c11b4ee1-body"></div> </div> <div class="sidenav-body collapse" id="77e4f19870be4252a0de8a84c11b4ee1-body" aria-labelledby="77e4f19870be4252a0de8a84c11b4ee1-header"> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-43e43427743a49b9828a5b8d322dc275"> <a href="/versions/v9/software/S0116/"> UACMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-d6ae64d8c61543579d5167f4719c3287"> <a href="/versions/v9/software/S0333/"> UBoatRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-a4dcfce6e57f478e8c4571d85789897b"> <a href="/versions/v9/software/S0221/"> Umbreon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-23436e3c6e4e43fdba5e718b42220d62"> <a href="/versions/v9/software/S0130/"> Unknown Logger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-8e32f4628e984236b076fb6794199a24"> <a href="/versions/v9/software/S0275/"> UPPERCUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-912abd85faee4bc88b2221d308893f91"> <a href="/versions/v9/software/S0022/"> Uroburos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-e6de7b31fc504ea8b22d1642a022a149"> <a href="/versions/v9/software/S0386/"> Ursnif </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-6cdae87bbddc4f7cac03296202d72112"> <a href="/versions/v9/software/S0452/"> USBferry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-84ffddf95e264244b31c48ef02de69f7"> <a href="/versions/v9/software/S0136/"> USBStealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-9dc2dc0c9a9a4f9a870757b67fd00fc5"> <a href="/versions/v9/software/S0476/"> Valak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-94dab4452e6d4d05938a4725574980f1"> <a href="/versions/v9/software/S0207/"> Vasport </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-8786aae2da804a1e913848ceb6842d7a"> <a href="/versions/v9/software/S0442/"> VBShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-eaaaba953cdf432caa8dcee6515ba34a"> <a href="/versions/v9/software/S0257/"> VERMIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-419191f6ce5b4d488727b1891de51122"> <a href="/versions/v9/software/S0418/"> ViceLeaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-5f659086bae54408b26fa129d97d37ec"> <a href="/versions/v9/software/S0506/"> ViperRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-f580c77dfe3f4daf85e6330bfe594edf"> <a href="/versions/v9/software/S0180/"> Volgmer </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="55d438137efb45b2a8ab34a3e319980b"> <span>W-X</span> <div class="expand-button collapsed" id="55d438137efb45b2a8ab34a3e319980b-header" data-toggle="collapse" data-target="#55d438137efb45b2a8ab34a3e319980b-body" aria-expanded="false" aria-controls="#55d438137efb45b2a8ab34a3e319980b-body"></div> </div> <div class="sidenav-body collapse" id="55d438137efb45b2a8ab34a3e319980b-body" aria-labelledby="55d438137efb45b2a8ab34a3e319980b-header"> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-700c9c47465c43cdab6c1ce6bd9c1dd8"> <a href="/versions/v9/software/S0366/"> WannaCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-a768f763025947258e6c29d2e8d4081f"> <a href="/versions/v9/software/S0579/"> Waterbear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-7c804ba0883a4eeebc8e997ad633efdf"> <a href="/versions/v9/software/S0109/"> WEBC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-b3c2103e0e694da0a58d3f80887a55f1"> <a href="/versions/v9/software/S0515/"> WellMail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-5c415dc7c7fe46e399218f643eefd0c1"> <a href="/versions/v9/software/S0514/"> WellMess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-1126f71fede44e248bf58f0808c61eac"> <a href="/versions/v9/software/S0206/"> Wiarp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-5c302499f1964d518a04679075b6017d"> <a href="/versions/v9/software/S0005/"> Windows Credential Editor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-322e2caf814c4e5ebf535247daacecda"> <a href="/versions/v9/software/S0155/"> WINDSHIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-40ac3a659af24593a82a7d2adf125dfd"> <a href="/versions/v9/software/S0466/"> WindTail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-9b37411796514207a5fce16dfbc50eeb"> <a href="/versions/v9/software/S0219/"> WINERACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-3087e3820f234d3182240772f94f006d"> <a href="/versions/v9/software/S0191/"> Winexe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-81a16b302f0b47f9a74e65ceac8093ce"> <a href="/versions/v9/software/S0176/"> Wingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-7603c9cd4b58423dac33dc67152a3a08"> <a href="/versions/v9/software/S0059/"> WinMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-0242b9ed2b7b4188bfde9875cacff24c"> <a href="/versions/v9/software/S0430/"> Winnti for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-80aed80f3f1f4495893e0fbd29798e6e"> <a href="/versions/v9/software/S0141/"> Winnti for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-eab80861027d45c59c02b1bb4d68a41a"> <a href="/versions/v9/software/S0041/"> Wiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-6ed7b149839f49c6bb1047d4f419f66f"> <a href="/versions/v9/software/S0312/"> WireLurker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-2c0ca6604e37439d843b5c9af0d887eb"> <a href="/versions/v9/software/S0489/"> WolfRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-b725ef00df2a46c0abda20bd4fec1d02"> <a href="/versions/v9/software/S0314/"> X-Agent for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-5aa24b597dd544d3a9396643988afc71"> <a href="/versions/v9/software/S0161/"> XAgentOSX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-b88905a73aee4963bcbf00678bb4d4ce"> <a href="/versions/v9/software/S0341/"> Xbash </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-eb4f8b9a090446bdab68741ac3a491a9"> <a href="/versions/v9/software/S0298/"> Xbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-889991f3d20a4164a81259a419ef1930"> <a href="/versions/v9/software/S0123/"> xCmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-1896d41242324c059e40bac0ee3a64d1"> <a href="/versions/v9/software/S0297/"> XcodeGhost </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-a5fad0a88f2148d79f29eadad968eff9"> <a href="/versions/v9/software/S0318/"> XLoader for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-3e2b327de8ef418a84640cb872e674ee"> <a href="/versions/v9/software/S0490/"> XLoader for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-800b43f387e94cc0a1da9b53eda1eba0"> <a href="/versions/v9/software/S0117/"> XTunnel </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="4fd897e7588447a2a2622250f2b7755b"> <span>Y-Z</span> <div class="expand-button collapsed" id="4fd897e7588447a2a2622250f2b7755b-header" data-toggle="collapse" data-target="#4fd897e7588447a2a2622250f2b7755b-body" aria-expanded="false" aria-controls="#4fd897e7588447a2a2622250f2b7755b-body"></div> </div> <div class="sidenav-body collapse" id="4fd897e7588447a2a2622250f2b7755b-body" aria-labelledby="4fd897e7588447a2a2622250f2b7755b-header"> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-7ba0d36f96844fab8bca01f9245277b4"> <a href="/versions/v9/software/S0388/"> YAHOYAH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-d0c50e5480f64fb2a80d99230b360648"> <a href="/versions/v9/software/S0311/"> YiSpecter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-cc980bf115dc4d1f82d6ec873933aca6"> <a href="/versions/v9/software/S0248/"> yty </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-d1df68c14ceb425d9ac54e0d57be9016"> <a href="/versions/v9/software/S0251/"> Zebrocy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-881d59775df74bf98fe38a32cf3a1b8c"> <a href="/versions/v9/software/S0494/"> Zen </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-36c9677d75074742a54558d001d57f23"> <a href="/versions/v9/software/S0287/"> ZergHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-fb940d1e2ba941da86bcc8b80a19080f"> <a href="/versions/v9/software/S0027/"> Zeroaccess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-5db84952c85b413d9d2bf7fa4831d11a"> <a href="/versions/v9/software/S0230/"> ZeroT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-1dacedbe178c47858f279515adf022b3"> <a href="/versions/v9/software/S0330/"> Zeus Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-140b30c9da1b46539712f639a365ef4a"> <a href="/versions/v9/software/S0086/"> ZLib </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-7f953f79d6fa4d6c8b3856712508f25c"> <a href="/versions/v9/software/S0350/"> zwShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-18672cae57a442d6a5895c5abd2d1761"> <a href="/versions/v9/software/S0412/"> ZxShell </a> </div> </div> </div> </div> </div> <!--start-indexing-for-search--> </div> <div class="tab-content col-xl-10 col-lg-9 col-md-9 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v9/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v9/software/">Software</a></li> <li class="breadcrumb-item">Cobalt Strike</li> </ol> <div class="tab-pane fade show active" id="v-" role="tabpanel" aria-labelledby="v--tab"></div> <div class="row"> <div class="col-xl-12"> <div class="jumbotron jumbotron-fluid"> <div class="container-fluid"> <h1> Cobalt Strike </h1> <div class="row"> <div class="col-md-8"> <div class="description-body"> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors". Cobalt Strike’s interactive post-exploit capabilities cover the full range of ATT&amp;CK tactics, all executed within a single, integrated system.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p><p>In addition to its own capabilities, <a href="/versions/v9/software/S0154">Cobalt Strike</a> leverages the capabilities of other well-known tools such as Metasploit and <a href="/versions/v9/software/S0002">Mimikatz</a>.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </div> </div> <div class="col-md-4"> <div class="card"> <div class="card-body"> <div id="card-id" class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">ID:&nbsp;</span>S0154 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="This software is commercial, custom closed source, or open source software intended to be used for malicious purposes by adversaries">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Type</span>: MALWARE </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="The system an adversary is operating within; could be an operating system or application">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Platforms</span>: Windows </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Contributors</span>: Martin Sohn Christensen, Improsec; Josh Abraham </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Version</span>: 1.6 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Created:&nbsp;</span>14 December 2017 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Last Modified:&nbsp;</span>24 April 2021 </div> </div> </div> </div> <div class="text-center pt-2 version-button permalink"> <div class="live"> <a data-toggle="tooltip" data-placement="bottom" title="Permalink to this version of S0154" href="/versions/v9/software/S0154/" data-test-ignore="true">Version Permalink</a> </div> <div class="permalink"> <a data-toggle="tooltip" data-placement="bottom" title="Go to the live version of S0154" href="/software/S0154/" data-test-ignore="true">Live Version</a><!--do not change this line without also changing versions.py--> </div> </div> </div> </div> <!--stop-indexing-for-search--> <div class="dropdown h3 mt-3 float-right"> <button class="btn btn-navy dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>ATT&amp;CK^&reg; Navigator Layers</b> </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> <h6 class="dropdown-header">Enterprise Layer</h6> <a class="dropdown-item" href="/versions/v9/software/S0154/S0154-enterprise-layer.json" download target="_blank">download</a> <!-- only show view on navigator link if layer link is defined --> <a class="dropdown-item" href="#" id="view-layer-on-navigator-enterprise" target="_blank">view <img width="10" src="/versions/v9/theme/images/external-site-dark.jpeg"></a> <script src="/versions/v9/theme/scripts/settings.js"></script> <script> if (window.location.protocol == "https:") { //view on navigator only works when this site is hosted on HTTPS layerURL = window.location.protocol + "//" + window.location.host + base_url + "software/S0154/S0154-enterprise-layer.json"; document.getElementById("view-layer-on-navigator-enterprise").href = "https://mitre-attack.github.io/attack-navigator//#layerURL=" + encodeURIComponent(layerURL); } else { //hide button document.getElementById("view-layer-on-navigator-enterprise").classList.add("d-none"); } </script> </div> </div> <!--start-indexing-for-search--> <h2 class="pt-3" id="techniques">Techniques Used</h2> <table class="table techniques-used table-bordered mt-2"> <thead> <tr> <th class="p-2" scope="col">Domain</th> <th class="p-2" colspan="2">ID</th> <th class="p-2" scope="col">Name</th> <th class="p-2" scope="col">Use</th> </tr> </thead> <tbody> <tr class="sub technique noparent" id="uses-T1548-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1548">T1548</a> </td> <td> <a href="/versions/v9/techniques/T1548/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1548">Abuse Elevation Control Mechanism</a>: <a href="/versions/v9/techniques/T1548/002">Bypass User Account Control</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use a number of known techniques to bypass Windows UAC.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1134-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1134">T1134</a> </td> <td> <a href="/versions/v9/techniques/T1134/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1134">Access Token Manipulation</a>: <a href="/versions/v9/techniques/T1134/001">Token Impersonation/Theft</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can steal access tokens from exiting processes.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1134-003"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1134/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1134">Access Token Manipulation</a>: <a href="/versions/v9/techniques/T1134/003">Make and Impersonate Token</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can make tokens from known credentials.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1134-004"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1134/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1134">Access Token Manipulation</a>: <a href="/versions/v9/techniques/T1134/004">Parent PID Spoofing</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can spawn processes with alternate PPIDs.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="CobaltStrike Daddy May 2017">^{<a href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1087-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1087">T1087</a> </td> <td> <a href="/versions/v9/techniques/T1087/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1087">Account Discovery</a>: <a href="/versions/v9/techniques/T1087/002">Domain Account</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can determine if the user on an infected machine is in the admin or domain admin group.<span onclick=scrollToRef('scite-3') id="scite-ref-3-a" class="scite-citeref-number" data-reference="Cyberreason Anchor December 2019">^{<a href="https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" target="_blank" data-hasqtip="2" aria-describedby="qtip-2">[3]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1071"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1071">T1071</a> </td> <td> <a href="/versions/v9/techniques/T1071">Application Layer Protocol</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can conduct peer-to-peer communication over Windows named pipes encapsulated in the SMB protocol. All protocols use their standard assigned ports.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1071-001"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1071/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1071/001">Web Protocols</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use a custom command and control protocol that can be encapsulated in HTTP or HTTPS. All protocols use their standard assigned ports.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1071-004"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1071/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1071/004">DNS</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use a custom command and control protocol that can encapsulated in DNS. All protocols use their standard assigned ports.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span> </p> </td> </tr> <tr class="technique" id="uses-T1197"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1197">T1197</a> </td> <td> <a href="/versions/v9/techniques/T1197">BITS Jobs</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can download a hosted "beacon" payload using <a href="/versions/v9/software/S0190">BITSAdmin</a>.<span onclick=scrollToRef('scite-5') id="scite-ref-5-a" class="scite-citeref-number" data-reference="CobaltStrike Scripted Web Delivery">^{<a href="https://www.cobaltstrike.com/help-scripted-web-delivery" target="_blank" data-hasqtip="4" aria-describedby="qtip-4">[5]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1059-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1059">T1059</a> </td> <td> <a href="/versions/v9/techniques/T1059/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/001">PowerShell</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can execute a payload on a remote host with PowerShell. This technique does not write any data to disk.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-3') id="scite-ref-3-a" class="scite-citeref-number" data-reference="Cyberreason Anchor December 2019">^{<a href="https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" target="_blank" data-hasqtip="2" aria-describedby="qtip-2">[3]</a>}</span> <a href="/versions/v9/software/S0154">Cobalt Strike</a> can also use <a href="/versions/v9/software/S0194">PowerSploit</a> and other scripting frameworks to perform execution.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="CobaltStrike Daddy May 2017">^{<a href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1059-003"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1059/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/003">Windows Command Shell</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> uses a command-line interface to interact with systems.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1059-005"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1059/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/005">Visual Basic</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use VBA to perform execution.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="CobaltStrike Daddy May 2017">^{<a href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1059-006"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1059/006">.006</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/006">Python</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use Python to perform execution.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="CobaltStrike Daddy May 2017">^{<a href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1059-007"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1059/007">.007</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/007">JavaScript</a> </td> <td> <p>The <a href="/versions/v9/software/S0154">Cobalt Strike</a> System Profiler can use JavaScript to perform reconnaissance actions.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1543-003"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1543">T1543</a> </td> <td> <a href="/versions/v9/techniques/T1543/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1543">Create or Modify System Process</a>: <a href="/versions/v9/techniques/T1543/003">Windows Service</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can install a new service.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1005"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1005">T1005</a> </td> <td> <a href="/versions/v9/techniques/T1005">Data from Local System</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can collect data from a local system.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1140"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1140">T1140</a> </td> <td> <a href="/versions/v9/techniques/T1140">Deobfuscate/Decode Files or Information</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can deobfuscate shellcode using a rolling XOR.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1573-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1573">T1573</a> </td> <td> <a href="/versions/v9/techniques/T1573/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1573">Encrypted Channel</a>: <a href="/versions/v9/techniques/T1573/001">Symmetric Cryptography</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> has the ability to use AES-256 symmetric encryption in CBC mode with HMAC-SHA-256 to encrypt task commands and XOR to encrypt shell code and configuration data.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1573-002"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1573/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1573">Encrypted Channel</a>: <a href="/versions/v9/techniques/T1573/002">Asymmetric Cryptography</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use RSA asymmetric encryption with PKCS1 padding to encrypt data sent to the C2 server.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1203"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1203">T1203</a> </td> <td> <a href="/versions/v9/techniques/T1203">Exploitation for Client Execution</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can exploit Oracle Java vulnerabilities for execution, including CVE-2011-3544, CVE-2013-2465, CVE-2012-4681, and CVE-2013-2460.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1068"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1068">T1068</a> </td> <td> <a href="/versions/v9/techniques/T1068">Exploitation for Privilege Escalation</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can exploit vulnerabilities such as MS14-058.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1562-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1562">T1562</a> </td> <td> <a href="/versions/v9/techniques/T1562/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1562">Impair Defenses</a>: <a href="/versions/v9/techniques/T1562/001">Disable or Modify Tools</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> has the ability to use Smart Applet attacks to disable the Java SecurityManager sandbox.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1070-006"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1070">T1070</a> </td> <td> <a href="/versions/v9/techniques/T1070/006">.006</a> </td> <td> <a href="/versions/v9/techniques/T1070">Indicator Removal on Host</a>: <a href="/versions/v9/techniques/T1070/006">Timestomp</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can timestomp any files or payloads placed on a target machine to help them blend in.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1105"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1105">T1105</a> </td> <td> <a href="/versions/v9/techniques/T1105">Ingress Tool Transfer</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can deliver additional payloads to victim machines.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1056-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1056">T1056</a> </td> <td> <a href="/versions/v9/techniques/T1056/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1056">Input Capture</a>: <a href="/versions/v9/techniques/T1056/001">Keylogging</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can track key presses with a keylogger module.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-7') id="scite-ref-7-a" class="scite-citeref-number" data-reference="Amnesty Intl. Ocean Lotus February 2021">^{<a href="https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/" target="_blank" data-hasqtip="6" aria-describedby="qtip-6">[7]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1185"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1185">T1185</a> </td> <td> <a href="/versions/v9/techniques/T1185">Man in the Browser</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can perform browser pivoting and inject into a user's browser to inherit cookies, authenticated HTTP sessions, and client SSL certificates.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1112"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1112">T1112</a> </td> <td> <a href="/versions/v9/techniques/T1112">Modify Registry</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can modify Registry values within <code>HKEY_CURRENT_USER\Software\Microsoft\Office\<Excel Version>\Excel\Security\AccessVBOM\</code> to enable the execution of additional code.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1106"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1106">T1106</a> </td> <td> <a href="/versions/v9/techniques/T1106">Native API</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a>'s "beacon" payload is capable of running shell commands without <code>cmd.exe</code> and PowerShell commands without <code>powershell.exe</code><span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1046"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1046">T1046</a> </td> <td> <a href="/versions/v9/techniques/T1046">Network Service Scanning</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can perform port scans from an infected host.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1135"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1135">T1135</a> </td> <td> <a href="/versions/v9/techniques/T1135">Network Share Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can query shared drives on the local system.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1095"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1095">T1095</a> </td> <td> <a href="/versions/v9/techniques/T1095">Non-Application Layer Protocol</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can be configured to use TCP for C2 communications.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1027"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1027">T1027</a> </td> <td> <a href="/versions/v9/techniques/T1027">Obfuscated Files or Information</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can hash functions to obfuscate calls to the Windows API.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1027-005"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1027/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1027/005">Indicator Removal from Tools</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> includes a capability to modify the "beacon" payload to eliminate known signatures or unpacking methods.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1137-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1137">T1137</a> </td> <td> <a href="/versions/v9/techniques/T1137/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1137">Office Application Startup</a>: <a href="/versions/v9/techniques/T1137/001">Office Template Macros</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> has the ability to use an Excel Workbook to execute additional code by enabling Office to trust macros and execute code without user permission.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1003-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1003">T1003</a> </td> <td> <a href="/versions/v9/techniques/T1003/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1003">OS Credential Dumping</a>: <a href="/versions/v9/techniques/T1003/002">Security Account Manager</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can recover hashed passwords.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1057"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1057">T1057</a> </td> <td> <a href="/versions/v9/techniques/T1057">Process Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a>'s "beacon" payload can collect information on process details.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1055"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1055">T1055</a> </td> <td> <a href="/versions/v9/techniques/T1055">Process Injection</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can inject a variety of payloads into processes dynamically chosen by the adversary.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1055-001"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1055/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1055/001">Dynamic-link Library Injection</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> has the ability to load DLLs via reflective injection.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1055-012"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1055/012">.012</a> </td> <td> <a href="/versions/v9/techniques/T1055/012">Process Hollowing</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use process hollowing for execution.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1572"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1572">T1572</a> </td> <td> <a href="/versions/v9/techniques/T1572">Protocol Tunneling</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> uses a custom command and control protocol that is encapsulated in HTTP, HTTPS, or DNS. In addition, it conducts peer-to-peer communication over Windows named pipes encapsulated in the SMB protocol. All protocols use their standard assigned ports.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1090-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1090">T1090</a> </td> <td> <a href="/versions/v9/techniques/T1090/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1090">Proxy</a>: <a href="/versions/v9/techniques/T1090/001">Internal Proxy</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can be configured to have commands relayed over a peer-to-peer network of infected hosts. This can be used to limit the number of egress points, or provide access to a host without direct internet access.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1012"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1012">T1012</a> </td> <td> <a href="/versions/v9/techniques/T1012">Query Registry</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can query <code>HKEY_CURRENT_USER\Software\Microsoft\Office\<Excel Version>\Excel\Security\AccessVBOM\</code> to determine if the security setting for restricting default programmatic access is enabled.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1021-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1021">T1021</a> </td> <td> <a href="/versions/v9/techniques/T1021/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1021">Remote Services</a>: <a href="/versions/v9/techniques/T1021/001">Remote Desktop Protocol</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can start a VNC-based remote desktop server and tunnel the connection through the already established C2 channel.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1021-002"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1021/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1021">Remote Services</a>: <a href="/versions/v9/techniques/T1021/002">SMB/Windows Admin Shares</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use Window admin shares (C$ and ADMIN$) for lateral movement.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1021-003"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1021/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1021">Remote Services</a>: <a href="/versions/v9/techniques/T1021/003">Distributed Component Object Model</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can deliver "beacon" payloads for lateral movement by leveraging remote COM execution.<span onclick=scrollToRef('scite-8') id="scite-ref-8-a" class="scite-citeref-number" data-reference="Cobalt Strike DCOM Jan 2017">^{<a href="https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement-technique/" target="_blank" data-hasqtip="7" aria-describedby="qtip-7">[8]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1021-004"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1021/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1021">Remote Services</a>: <a href="/versions/v9/techniques/T1021/004">SSH</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can SSH to a remote service.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1021-006"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1021/006">.006</a> </td> <td> <a href="/versions/v9/techniques/T1021">Remote Services</a>: <a href="/versions/v9/techniques/T1021/006">Windows Remote Management</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use <code>WinRM</code> to execute a payload on a remote host.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1018"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1018">T1018</a> </td> <td> <a href="/versions/v9/techniques/T1018">Remote System Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> uses the native Windows Network Enumeration APIs to interrogate and discover targets in a Windows Active Directory network.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1029"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1029">T1029</a> </td> <td> <a href="/versions/v9/techniques/T1029">Scheduled Transfer</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can set its "beacon" payload to reach out to the C2 server on an arbitrary and random interval. In addition it will break large data sets into smaller chunks for exfiltration.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1113"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1113">T1113</a> </td> <td> <a href="/versions/v9/techniques/T1113">Screen Capture</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a>'s "beacon" payload is capable of capturing screenshots.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-7') id="scite-ref-7-a" class="scite-citeref-number" data-reference="Amnesty Intl. Ocean Lotus February 2021">^{<a href="https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/" target="_blank" data-hasqtip="6" aria-describedby="qtip-6">[7]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1553-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1553">T1553</a> </td> <td> <a href="/versions/v9/techniques/T1553/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1553">Subvert Trust Controls</a>: <a href="/versions/v9/techniques/T1553/002">Code Signing</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use self signed Java applets to execute signed applet attacks.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1016"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1016">T1016</a> </td> <td> <a href="/versions/v9/techniques/T1016">System Network Configuration Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can determine the IP addresses of domain controllers.<span onclick=scrollToRef('scite-3') id="scite-ref-3-a" class="scite-citeref-number" data-reference="Cyberreason Anchor December 2019">^{<a href="https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" target="_blank" data-hasqtip="2" aria-describedby="qtip-2">[3]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1049"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1049">T1049</a> </td> <td> <a href="/versions/v9/techniques/T1049">System Network Connections Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can produce a sessions report from compromised hosts.<span onclick=scrollToRef('scite-4') id="scite-ref-4-a" class="scite-citeref-number" data-reference="Talos Cobalt Strike September 2020">^{<a href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank" data-hasqtip="3" aria-describedby="qtip-3">[4]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1569-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1569">T1569</a> </td> <td> <a href="/versions/v9/techniques/T1569/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1569">System Services</a>: <a href="/versions/v9/techniques/T1569/002">Service Execution</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use <a href="/versions/v9/software/S0029">PsExec</a> to execute a payload on a remote host. It can also use Service Control Manager to start new services.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1550-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1550">T1550</a> </td> <td> <a href="/versions/v9/techniques/T1550/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1550">Use Alternate Authentication Material</a>: <a href="/versions/v9/techniques/T1550/002">Pass the Hash</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can perform pass the hash.<span onclick=scrollToRef('scite-6') id="scite-ref-6-a" class="scite-citeref-number" data-reference="Cobalt Strike TTPs Dec 2017">^{<a href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank" data-hasqtip="5" aria-describedby="qtip-5">[6]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1078-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1078">T1078</a> </td> <td> <a href="/versions/v9/techniques/T1078/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1078">Valid Accounts</a>: <a href="/versions/v9/techniques/T1078/002">Domain Accounts</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use known credentials to run commands and spawn processes as a domain user account.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="CobaltStrike Daddy May 2017">^{<a href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1078-003"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1078/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1078">Valid Accounts</a>: <a href="/versions/v9/techniques/T1078/003">Local Accounts</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use known credentials to run commands and spawn processes as a local user account.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="CobaltStrike Daddy May 2017">^{<a href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1047"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1047">T1047</a> </td> <td> <a href="/versions/v9/techniques/T1047">Windows Management Instrumentation</a> </td> <td> <p><a href="/versions/v9/software/S0154">Cobalt Strike</a> can use WMI to deliver a payload to a remote host.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="cobaltstrike manual">^{<a href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> </tbody> </table> <h2 class="pt-3" id="groups">Groups That Use This Software</h2> <table class="table table-bordered table-alternate mt-2"> <thead> <tr> <th scope="col">ID</th> <th scope="col" width="20%">Name</th> <th scope="col">References</th> </tr> </thead> <tbody> <tr> <td> <a href="/versions/v9/groups/G0079">G0079</a> </td> <td> <a href="/versions/v9/groups/G0079">DarkHydrus</a> </td> <td> <p><span onclick=scrollToRef('scite-9') id="scite-ref-9-a" class="scite-citeref-number" data-reference="Unit 42 DarkHydrus July 2018">^{<a href="https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" target="_blank" data-hasqtip="8" aria-describedby="qtip-8">[9]</a>}</span><span onclick=scrollToRef('scite-10') id="scite-ref-10-a" class="scite-citeref-number" data-reference="Unit 42 Playbook Dec 2017">^{<a href="https://pan-unit42.github.io/playbook_viewer/" target="_blank" data-hasqtip="9" aria-describedby="qtip-9">[10]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0073">G0073</a> </td> <td> <a href="/versions/v9/groups/G0073">APT19</a> </td> <td> <p><span onclick=scrollToRef('scite-11') id="scite-ref-11-a" class="scite-citeref-number" data-reference="FireEye APT19">^{<a href="https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html" target="_blank" data-hasqtip="10" aria-describedby="qtip-10">[11]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0037">G0037</a> </td> <td> <a href="/versions/v9/groups/G0037">FIN6</a> </td> <td> <p><span onclick=scrollToRef('scite-12') id="scite-ref-12-a" class="scite-citeref-number" data-reference="FireEye FIN6 Apr 2019">^{<a href="https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html" target="_blank" data-hasqtip="11" aria-describedby="qtip-11">[12]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0052">G0052</a> </td> <td> <a href="/versions/v9/groups/G0052">CopyKittens</a> </td> <td> <p><span onclick=scrollToRef('scite-13') id="scite-ref-13-a" class="scite-citeref-number" data-reference="ClearSky Wilted Tulip July 2017">^{<a href="http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" target="_blank" data-hasqtip="12" aria-describedby="qtip-12">[13]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0065">G0065</a> </td> <td> <a href="/versions/v9/groups/G0065">Leviathan</a> </td> <td> <p><span onclick=scrollToRef('scite-14') id="scite-ref-14-a" class="scite-citeref-number" data-reference="Proofpoint Leviathan Oct 2017">^{<a href="https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" target="_blank" data-hasqtip="13" aria-describedby="qtip-13">[14]</a>}</span><span onclick=scrollToRef('scite-15') id="scite-ref-15-a" class="scite-citeref-number" data-reference="FireEye Periscope March 2018">^{<a href="https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html" target="_blank" data-hasqtip="14" aria-describedby="qtip-14">[15]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0050">G0050</a> </td> <td> <a href="/versions/v9/groups/G0050">APT32</a> </td> <td> <p><span onclick=scrollToRef('scite-16') id="scite-ref-16-a" class="scite-citeref-number" data-reference="FireEye APT32 May 2017">^{<a href="https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html" target="_blank" data-hasqtip="15" aria-describedby="qtip-15">[16]</a>}</span><span onclick=scrollToRef('scite-17') id="scite-ref-17-a" class="scite-citeref-number" data-reference="Volexity OceanLotus Nov 2017">^{<a href="https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/" target="_blank" data-hasqtip="16" aria-describedby="qtip-16">[17]</a>}</span><span onclick=scrollToRef('scite-18') id="scite-ref-18-a" class="scite-citeref-number" data-reference="Cybereason Oceanlotus May 2017">^{<a href="https://www.cybereason.com/blog/operation-cobalt-kitty-apt" target="_blank" data-hasqtip="17" aria-describedby="qtip-17">[18]</a>}</span><span onclick=scrollToRef('scite-19') id="scite-ref-19-a" class="scite-citeref-number" data-reference="Cybereason Cobalt Kitty 2017">^{<a href="https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf" target="_blank" data-hasqtip="18" aria-describedby="qtip-18">[19]</a>}</span><span onclick=scrollToRef('scite-20') id="scite-ref-20-a" class="scite-citeref-number" data-reference="Volexity Ocean Lotus November 2020">^{<a href="https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/" target="_blank" data-hasqtip="19" aria-describedby="qtip-19">[20]</a>}</span><span onclick=scrollToRef('scite-7') id="scite-ref-7-a" class="scite-citeref-number" data-reference="Amnesty Intl. Ocean Lotus February 2021">^{<a href="https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/" target="_blank" data-hasqtip="6" aria-describedby="qtip-6">[7]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0096">G0096</a> </td> <td> <a href="/versions/v9/groups/G0096">APT41</a> </td> <td> <p><span onclick=scrollToRef('scite-21') id="scite-ref-21-a" class="scite-citeref-number" data-reference="FireEye APT41 March 2020">^{<a href="https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html" target="_blank" data-hasqtip="20" aria-describedby="qtip-20">[21]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0016">G0016</a> </td> <td> <a href="/versions/v9/groups/G0016">APT29</a> </td> <td> <p><span onclick=scrollToRef('scite-22') id="scite-ref-22-a" class="scite-citeref-number" data-reference="FireEye APT29 Nov 2018">^{<a href="https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html" target="_blank" data-hasqtip="21" aria-describedby="qtip-21">[22]</a>}</span><span onclick=scrollToRef('scite-23') id="scite-ref-23-a" class="scite-citeref-number" data-reference="FireEye SUNBURST Backdoor December 2020">^{<a href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html" target="_blank" data-hasqtip="22" aria-describedby="qtip-22">[23]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0114">G0114</a> </td> <td> <a href="/versions/v9/groups/G0114">Chimera</a> </td> <td> <p><span onclick=scrollToRef('scite-24') id="scite-ref-24-a" class="scite-citeref-number" data-reference="Cycraft Chimera April 2020">^{<a href="https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf" target="_blank" data-hasqtip="23" aria-describedby="qtip-23">[24]</a>}</span><span onclick=scrollToRef('scite-25') id="scite-ref-25-a" class="scite-citeref-number" data-reference="NCC Group Chimera January 2021">^{<a href="https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/" target="_blank" data-hasqtip="24" aria-describedby="qtip-24">[25]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0080">G0080</a> </td> <td> <a href="/versions/v9/groups/G0080">Cobalt Group</a> </td> <td> <p><span onclick=scrollToRef('scite-26') id="scite-ref-26-a" class="scite-citeref-number" data-reference="Talos Cobalt Group July 2018">^{<a href="https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html" target="_blank" data-hasqtip="25" aria-describedby="qtip-25">[26]</a>}</span><span onclick=scrollToRef('scite-27') id="scite-ref-27-a" class="scite-citeref-number" data-reference="PTSecurity Cobalt Group Aug 2017">^{<a href="https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf" target="_blank" data-hasqtip="26" aria-describedby="qtip-26">[27]</a>}</span><span onclick=scrollToRef('scite-28') id="scite-ref-28-a" class="scite-citeref-number" data-reference="Group IB Cobalt Aug 2017">^{<a href="https://www.group-ib.com/blog/cobalt" target="_blank" data-hasqtip="27" aria-describedby="qtip-27">[28]</a>}</span><span onclick=scrollToRef('scite-29') id="scite-ref-29-a" class="scite-citeref-number" data-reference="Proofpoint Cobalt June 2017">^{<a href="https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target" target="_blank" data-hasqtip="28" aria-describedby="qtip-28">[29]</a>}</span> <span onclick=scrollToRef('scite-30') id="scite-ref-30-a" class="scite-citeref-number" data-reference="RiskIQ Cobalt Nov 2017">^{<a href="https://www.riskiq.com/blog/labs/cobalt-strike/" target="_blank" data-hasqtip="29" aria-describedby="qtip-29">[30]</a>}</span><span onclick=scrollToRef('scite-31') id="scite-ref-31-a" class="scite-citeref-number" data-reference="RiskIQ Cobalt Jan 2018">^{<a href="https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/" target="_blank" data-hasqtip="30" aria-describedby="qtip-30">[31]</a>}</span><span onclick=scrollToRef('scite-32') id="scite-ref-32-a" class="scite-citeref-number" data-reference="Crowdstrike Global Threat Report Feb 2018">^{<a href="https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report" target="_blank" data-hasqtip="31" aria-describedby="qtip-31">[32]</a>}</span><span onclick=scrollToRef('scite-33') id="scite-ref-33-a" class="scite-citeref-number" data-reference="TrendMicro Cobalt Group Nov 2017">^{<a href="https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/" target="_blank" data-hasqtip="32" aria-describedby="qtip-32">[33]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0102">G0102</a> </td> <td> <a href="/versions/v9/groups/G0102">Wizard Spider</a> </td> <td> <p><span onclick=scrollToRef('scite-34') id="scite-ref-34-a" class="scite-citeref-number" data-reference="FireEye KEGTAP SINGLEMALT October 2020">^{<a href="https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html" target="_blank" data-hasqtip="33" aria-describedby="qtip-33">[34]</a>}</span><span onclick=scrollToRef('scite-35') id="scite-ref-35-a" class="scite-citeref-number" data-reference="DHS/CISA Ransomware Targeting Healthcare October 2020">^{<a href="https://us-cert.cisa.gov/ncas/alerts/aa20-302a" target="_blank" data-hasqtip="34" aria-describedby="qtip-34">[35]</a>}</span><span onclick=scrollToRef('scite-36') id="scite-ref-36-a" class="scite-citeref-number" data-reference="DFIR Ryuk's Return October 2020">^{<a href="https://thedfirreport.com/2020/10/08/ryuks-return/" target="_blank" data-hasqtip="35" aria-describedby="qtip-35">[36]</a>}</span><span onclick=scrollToRef('scite-37') id="scite-ref-37-a" class="scite-citeref-number" data-reference="DFIR Ryuk 2 Hour Speed Run November 2020">^{<a href="https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/" target="_blank" data-hasqtip="36" aria-describedby="qtip-36">[37]</a>}</span><span onclick=scrollToRef('scite-38') id="scite-ref-38-a" class="scite-citeref-number" data-reference="DFIR Ryuk in 5 Hours October 2020">^{<a href="https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/" target="_blank" data-hasqtip="37" aria-describedby="qtip-37">[38]</a>}</span><span onclick=scrollToRef('scite-39') id="scite-ref-39-a" class="scite-citeref-number" data-reference="Sophos New Ryuk Attack October 2020">^{<a href="https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/" target="_blank" data-hasqtip="38" aria-describedby="qtip-38">[39]</a>}</span></p> </td> </tr> <tr> <td> <a href="/versions/v9/groups/G0129">G0129</a> </td> <td> <a href="/versions/v9/groups/G0129">Mustang Panda</a> </td> <td> <p><span onclick=scrollToRef('scite-40') id="scite-ref-40-a" class="scite-citeref-number" data-reference="Crowdstrike MUSTANG PANDA June 2018">^{<a href="https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/" target="_blank" data-hasqtip="39" aria-describedby="qtip-39">[40]</a>}</span><span onclick=scrollToRef('scite-41') id="scite-ref-41-a" class="scite-citeref-number" data-reference="Anomali MUSTANG PANDA October 2019">^{<a href="https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations" target="_blank" data-hasqtip="40" aria-describedby="qtip-40">[41]</a>}</span><span onclick=scrollToRef('scite-42') id="scite-ref-42-a" class="scite-citeref-number" data-reference="Secureworks BRONZE PRESIDENT December 2019">^{<a href="https://www.secureworks.com/research/bronze-president-targets-ngos" target="_blank" data-hasqtip="41" aria-describedby="qtip-41">[42]</a>}</span><span onclick=scrollToRef('scite-43') id="scite-ref-43-a" class="scite-citeref-number" data-reference="Recorded Future REDDELTA July 2020">^{<a href="https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf" target="_blank" data-hasqtip="42" aria-describedby="qtip-42">[43]</a>}</span><span onclick=scrollToRef('scite-44') id="scite-ref-44-a" class="scite-citeref-number" data-reference="McAfee Dianxun March 2021">^{<a href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf" target="_blank" data-hasqtip="43" aria-describedby="qtip-43">[44]</a>}</span></p> </td> </tr> </tbody> </table> <h2 class="pt-3" id="references">References</h2> <div class="row"> <div class="col"> <ol> <li> <span id="scite-1" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-1" href="https://cobaltstrike.com/downloads/csmanual38.pdf" target="_blank"> Strategic Cyber LLC. (2017, March 14). Cobalt Strike Manual. Retrieved May 24, 2017. </a> </span> </span> </li> <li> <span id="scite-2" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-2" href="https://blog.cobaltstrike.com/2017/05/23/cobalt-strike-3-8-whos-your-daddy/" target="_blank"> Mudge, R. (2017, May 23). Cobalt Strike 3.8 – Who’s Your Daddy?. Retrieved June 4, 2019. </a> </span> </span> </li> <li> <span id="scite-3" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-3" href="https://www.cybereason.com/blog/dropping-anchor-from-a-trickbot-infection-to-the-discovery-of-the-anchor-malware" target="_blank"> Dahan, A. et al. (2019, December 11). DROPPING ANCHOR: FROM A TRICKBOT INFECTION TO THE DISCOVERY OF THE ANCHOR MALWARE. Retrieved September 10, 2020. </a> </span> </span> </li> <li> <span id="scite-4" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-4" href=" https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf" target="_blank"> Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved April 6, 2021. </a> </span> </span> </li> <li> <span id="scite-5" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-5" href="https://www.cobaltstrike.com/help-scripted-web-delivery" target="_blank"> Strategic Cyber, LLC. (n.d.). Scripted Web Delivery. Retrieved January 23, 2018. </a> </span> </span> </li> <li> <span id="scite-6" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-6" href="https://www.cobaltstrike.com/downloads/reports/tacticstechniquesandprocedures.pdf" target="_blank"> Cobalt Strike. (2017, December 8). Tactics, Techniques, and Procedures. Retrieved December 20, 2017. </a> </span> </span> </li> <li> <span id="scite-7" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-7" href="https://www.amnesty.org/en/latest/news/2021/02/viet-nam-hacking-group-targets-activist/" target="_blank"> Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021. </a> </span> </span> </li> <li> <span id="scite-8" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-8" href="https://blog.cobaltstrike.com/2017/01/24/scripting-matt-nelsons-mmc20-application-lateral-movement-technique/" target="_blank"> Mudge, R. (2017, January 24). Scripting Matt Nelson’s MMC20.Application Lateral Movement Technique. Retrieved November 21, 2017. </a> </span> </span> </li> <li> <span id="scite-9" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-9" href="https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/" target="_blank"> Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018. </a> </span> </span> </li> <li> <span id="scite-10" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-10" href="https://pan-unit42.github.io/playbook_viewer/" target="_blank"> Unit 42. (2017, December 15). Unit 42 Playbook Viewer. Retrieved December 20, 2017. </a> </span> </span> </li> <li> <span id="scite-11" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-11" href="https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html" target="_blank"> Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018. </a> </span> </span> </li> <li> <span id="scite-12" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-12" href="https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html" target="_blank"> McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019. </a> </span> </span> </li> <li> <span id="scite-13" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-13" href="http://www.clearskysec.com/wp-content/uploads/2017/07/Operation_Wilted_Tulip.pdf" target="_blank"> ClearSky Cyber Security and Trend Micro. (2017, July). Operation Wilted Tulip: Exposing a cyber espionage apparatus. Retrieved August 21, 2017. </a> </span> </span> </li> <li> <span id="scite-14" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-14" href="https://www.proofpoint.com/us/threat-insight/post/leviathan-espionage-actor-spearphishes-maritime-and-defense-targets" target="_blank"> Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018. </a> </span> </span> </li> <li> <span id="scite-15" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-15" href="https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html" target="_blank"> FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018. </a> </span> </span> </li> <li> <span id="scite-16" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-16" href="https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html" target="_blank"> Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017. </a> </span> </span> </li> <li> <span id="scite-17" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-17" href="https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/" target="_blank"> Lassalle, D., et al. (2017, November 6). OceanLotus Blossoms: Mass Digital Surveillance and Attacks Targeting ASEAN, Asian Nations, the Media, Human Rights Groups, and Civil Society. Retrieved November 6, 2017. </a> </span> </span> </li> <li> <span id="scite-18" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-18" href="https://www.cybereason.com/blog/operation-cobalt-kitty-apt" target="_blank"> Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018. </a> </span> </span> </li> <li> <span id="scite-19" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-19" href="https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf" target="_blank"> Dahan, A. (2017). Operation Cobalt Kitty. Retrieved December 27, 2018. </a> </span> </span> </li> <li> <span id="scite-20" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-20" href="https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/" target="_blank"> Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020. </a> </span> </span> </li> <li> <span id="scite-21" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-21" href="https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html" target="_blank"> Glyer, C, et al. (2020, March). This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits. Retrieved April 28, 2020. </a> </span> </span> </li> <li> <span id="scite-22" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-22" href="https://www.fireeye.com/blog/threat-research/2018/11/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign.html" target="_blank"> Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018. </a> </span> </span> </li> </ol> </div> <div class="col"> <ol start="23.0"> <li> <span id="scite-23" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-23" href="https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html" target="_blank"> FireEye. (2020, December 13). Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. Retrieved January 4, 2021. </a> </span> </span> </li> <li> <span id="scite-24" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-24" href="https://cycraft.com/download/%5BTLP-White%5D20200415%20Chimera_V4.1.pdf" target="_blank"> Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020. </a> </span> </span> </li> <li> <span id="scite-25" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-25" href="https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/" target="_blank"> Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved January 19, 2021. </a> </span> </span> </li> <li> <span id="scite-26" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-26" href="https://blog.talosintelligence.com/2018/07/multiple-cobalt-personality-disorder.html" target="_blank"> Svajcer, V. (2018, July 31). Multiple Cobalt Personality Disorder. Retrieved September 5, 2018. </a> </span> </span> </li> <li> <span id="scite-27" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-27" href="https://www.ptsecurity.com/upload/corporate/ww-en/analytics/Cobalt-2017-eng.pdf" target="_blank"> Positive Technologies. (2017, August 16). Cobalt Strikes Back: An Evolving Multinational Threat to Finance. Retrieved September 5, 2018. </a> </span> </span> </li> <li> <span id="scite-28" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-28" href="https://www.group-ib.com/blog/cobalt" target="_blank"> Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018. </a> </span> </span> </li> <li> <span id="scite-29" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-29" href="https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target" target="_blank"> Mesa, M, et al. (2017, June 1). Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions. Retrieved October 10, 2018. </a> </span> </span> </li> <li> <span id="scite-30" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-30" href="https://www.riskiq.com/blog/labs/cobalt-strike/" target="_blank"> Klijnsma, Y.. (2017, November 28). Gaffe Reveals Full List of Targets in Spear Phishing Attack Using Cobalt Strike Against Financial Institutions. Retrieved October 10, 2018. </a> </span> </span> </li> <li> <span id="scite-31" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-31" href="https://www.riskiq.com/blog/labs/cobalt-group-spear-phishing-russian-banks/" target="_blank"> Klijnsma, Y.. (2018, January 16). First Activities of Cobalt Group in 2018: Spear Phishing Russian Banks. Retrieved October 10, 2018. </a> </span> </span> </li> <li> <span id="scite-32" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-32" href="https://crowdstrike.lookbookhq.com/global-threat-report-2018-web/cs-2018-global-threat-report" target="_blank"> CrowdStrike. (2018, February 26). CrowdStrike 2018 Global Threat Report. Retrieved October 10, 2018. </a> </span> </span> </li> <li> <span id="scite-33" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-33" href="https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/" target="_blank"> Giagone, R., Bermejo, L., and Yarochkin, F. (2017, November 20). Cobalt Strikes Again: Spam Runs Use Macros and CVE-2017-8759 Exploit Against Russian Banks. Retrieved March 7, 2019. </a> </span> </span> </li> <li> <span id="scite-34" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-34" href="https://www.fireeye.com/blog/threat-research/2020/10/kegtap-and-singlemalt-with-a-ransomware-chaser.html" target="_blank"> Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020. </a> </span> </span> </li> <li> <span id="scite-35" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-35" href="https://us-cert.cisa.gov/ncas/alerts/aa20-302a" target="_blank"> DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020. </a> </span> </span> </li> <li> <span id="scite-36" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-36" href="https://thedfirreport.com/2020/10/08/ryuks-return/" target="_blank"> The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020. </a> </span> </span> </li> <li> <span id="scite-37" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-37" href="https://thedfirreport.com/2020/11/05/ryuk-speed-run-2-hours-to-ransom/" target="_blank"> The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020. </a> </span> </span> </li> <li> <span id="scite-38" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-38" href="https://thedfirreport.com/2020/10/18/ryuk-in-5-hours/" target="_blank"> The DFIR Report. (2020, October 18). Ryuk in 5 Hours. Retrieved October 19, 2020. </a> </span> </span> </li> <li> <span id="scite-39" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-39" href="https://news.sophos.com/en-us/2020/10/14/inside-a-new-ryuk-ransomware-attack/" target="_blank"> Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020. </a> </span> </span> </li> <li> <span id="scite-40" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-40" href="https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda/" target="_blank"> Meyers, A. (2018, June 15). Meet CrowdStrike’s Adversary of the Month for June: MUSTANG PANDA. Retrieved April 12, 2021. </a> </span> </span> </li> <li> <span id="scite-41" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-41" href="https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations" target="_blank"> Anomali Threat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. </a> </span> </span> </li> <li> <span id="scite-42" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-42" href="https://www.secureworks.com/research/bronze-president-targets-ngos" target="_blank"> Counter Threat Unit Research Team. (2019, December 29). BRONZE PRESIDENT Targets NGOs. Retrieved April 13, 2021. </a> </span> </span> </li> <li> <span id="scite-43" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-43" href="https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf" target="_blank"> Insikt Group. (2020, July 28). CHINESE STATE-SPONSORED GROUP ‘REDDELTA’ TARGETS THE VATICAN AND CATHOLIC ORGANIZATIONS. Retrieved April 13, 2021. </a> </span> </span> </li> <li> <span id="scite-44" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-44" href="https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf" target="_blank"> Roccia, T., Seret, T., Fokker, J. (2021, March 16). Technical Analysis of Operation Dianxun. Retrieved April 13, 2021. </a> </span> </span> </li> </ol> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <!--stop-indexing-for-search--> <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner"> <!-- text input for searching --> <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">&times;</div> </div> </div> <!-- results and controls for loading more results --> <div id="search-body" class="search-body"> <div class="results" id="search-results"> <!-- content will be appended here on search --> </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <footer class="footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v9/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> © 2015-2021, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v9/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v9/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v9/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" title="ATT&amp;CK content version 9.0&#013;Website version 3.3.1">ATT&CK v9.0</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100"> <!-- <i class="fa fa-twitter"></i> --> <img src="/versions/v9/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v9/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v9/theme/scripts/popper.min.js"></script> <script src="/versions/v9/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v9/theme/scripts/site.js"></script> <script src="/versions/v9/theme/scripts/flexsearch.es5.js"></script> <script src="/versions/v9/theme/scripts/localforage.min.js"></script> <script src="/versions/v9/theme/scripts/settings.js?4101"></script> <script src="/versions/v9/theme/scripts/search_babelized.js"></script> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/navigation.js"></script> <script src="/versions/v9/theme/scripts/bootstrap-tourist.js"></script> <script src="/versions/v9/theme/scripts/settings.js"></script> <script src="/versions/v9/theme/scripts/tour/tour-relationships.js"></script> </body> </html>