<!DOCTYPE html> <html lang='en'> <head> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-62667723-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-62667723-1'); </script> <meta name="google-site-verification" content="2oJKLqNN62z6AOCb0A0IXGtbQuj-lev5YPAHFF_cbHQ"/> <meta charset='utf-8'> <meta name='viewport' content='width=device-width, initial-scale=1, shrink-to-fit=no'> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <link rel='shortcut icon' href="/versions/v9/theme/favicon.ico" type='image/x-icon'> <title>InvisiMole, Software S0260 | MITRE ATT&CK&reg;</title> <!-- Bootstrap CSS --> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-glyphicon.min.css" /> <link rel='stylesheet' href="/versions/v9/theme/style/bootstrap-tourist.css" /> <link rel="stylesheet" type="text/css" href="/versions/v9/theme/style.min.css?426cc53a"> </head> <body> <!--stopindex--> <header> <nav class='navbar navbar-expand-lg navbar-dark fixed-top'> <a class='navbar-brand' href="/versions/v9/"><img src="/versions/v9/theme/images/mitre_attack_logo.png" class="attack-logo"></a> <button class='navbar-toggler' type='button' data-toggle='collapse' data-target='#navbarCollapse' aria-controls='navbarCollapse' aria-expanded='false' aria-label='Toggle navigation'> <span class='navbar-toggler-icon'></span> </button> <div class='collapse navbar-collapse' id='navbarCollapse'> <ul class='nav nav-tabs ml-auto'> <li class="nav-item"> <a href="/versions/v9/matrices/" class="nav-link" ><b>Matrices</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/tactics/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Tactics</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/tactics/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/tactics/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/techniques/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Techniques</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/techniques/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/techniques/mobile/">Mobile</a> </div> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/mitigations/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Mitigations</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/mitigations/enterprise/">Enterprise</a> <a class="dropdown-item" href="/versions/v9/mitigations/mobile/">Mobile</a> </div> </li> <li class="nav-item"> <a href="/versions/v9/groups" class="nav-link" ><b>Groups</b></a> </li> <li class="nav-item"> <a href="/versions/v9/software/" class="nav-link" ><b>Software</b></a> </li> <li class="nav-item dropdown"> <a class="nav-link dropdown-toggle" href="/versions/v9/resources/" id="navbarDropdown" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>Resources</b> </a> <div class="dropdown-menu " aria-labelledby="navbarDropdown"> <a class="dropdown-item" href="/versions/v9/resources/">General Information</a> <a class="dropdown-item" href="/versions/v9/resources/getting-started/">Getting Started</a> <a class="dropdown-item" href="/versions/v9/resources/training/">Training</a> <a class="dropdown-item" href="/versions/v9/resources/attackcon/">ATT&CKcon</a> <a class="dropdown-item" href="/versions/v9/resources/working-with-attack/">Working with ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/faq/">FAQ</a> <a class="dropdown-item" href="/resources/updates/">Updates</a> <a class="dropdown-item" href="/resources/versions/">Versions of ATT&CK</a> <a class="dropdown-item" href="/versions/v9/resources/related-projects/">Related Projects</a> </div> </li> <li class="nav-item"> <a href="https://medium.com/mitre-attack/" target="_blank" class="nav-link"> <b>Blog</b>&nbsp; <img src="/versions/v9/theme/images/external-site.svg" alt="External site" class="external-icon" /> </a> </li> <li class="nav-item"> <a href="/versions/v9/resources/contribute/" class="nav-link" ><b>Contribute</b></a> </li> <li class="nav-item"> <button id="search-button" class="btn search-button">Search <div class="search-icon"></div></button> </li> </ul> </div> </nav> </header> <!-- don't edit or remove the line below even though it's commented out, it gets parsed and replaced by the versioning feature --> <div class="container-fluid version-banner"><div class="icon-inline baseline mr-1"><img src="/versions/v9/theme/images/icon-warning-24px.svg"></div>Currently viewing <a href="https://github.com/mitre/cti/releases/tag/ATT%26CK-v9.0" target="_blank">ATT&CK v9.0</a> which was live between April 29, 2021 and October 20, 2021. <a href="/resources/versions/">Learn more about the versioning system</a> or <a href="/">see the live site</a>.</div> <div id='content' class="maincontent"> <!--start-indexing-for-search--> <div class='container-fluid h-100'> <div class='row h-100'> <div class="nav flex-column col-xl-2 col-lg-3 col-md-3 sidebar nav pt-5 pb-3 pl-3 border-right" id="v-tab" role="tablist" aria-orientation="vertical"> <!--stop-indexing-for-search--> <div class="group-nav-desktop-view"> <span class="heading" id="v-home-tab" aria-selected="false">SOFTWARE</span> <div class="sidenav"> <div class="sidenav-head" id="0-0"> <a href="/versions/v9/software/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="3PARA RAT-3PARA RAT"> <a href="/versions/v9/software/S0066/"> 3PARA RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4H RAT-4H RAT"> <a href="/versions/v9/software/S0065/"> 4H RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ABK-ABK"> <a href="/versions/v9/software/S0469/"> ABK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="adbupd-adbupd"> <a href="/versions/v9/software/S0202/"> adbupd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AdFind-AdFind"> <a href="/versions/v9/software/S0552/"> AdFind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Adups-Adups"> <a href="/versions/v9/software/S0309/"> Adups </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ADVSTORESHELL-ADVSTORESHELL"> <a href="/versions/v9/software/S0045/"> ADVSTORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Agent Smith-Agent Smith"> <a href="/versions/v9/software/S0440/"> Agent Smith </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Agent Tesla-Agent Tesla"> <a href="/versions/v9/software/S0331/"> Agent Tesla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Agent.btz-Agent.btz"> <a href="/versions/v9/software/S0092/"> Agent.btz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Allwinner-Allwinner"> <a href="/versions/v9/software/S0319/"> Allwinner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Anchor-Anchor"> <a href="/versions/v9/software/S0504/"> Anchor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Android/AdDisplay.Ashas-Android/AdDisplay.Ashas"> <a href="/versions/v9/software/S0525/"> Android/AdDisplay.Ashas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Android/Chuli.A-Android/Chuli.A"> <a href="/versions/v9/software/S0304/"> Android/Chuli.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AndroidOS/MalLocker.B-AndroidOS/MalLocker.B"> <a href="/versions/v9/software/S0524/"> AndroidOS/MalLocker.B </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ANDROIDOS_ANSERVER.A-ANDROIDOS_ANSERVER.A"> <a href="/versions/v9/software/S0310/"> ANDROIDOS_ANSERVER.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AndroRAT-AndroRAT"> <a href="/versions/v9/software/S0292/"> AndroRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Anubis-Anubis"> <a href="/versions/v9/software/S0422/"> Anubis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AppleJeus-AppleJeus"> <a href="/versions/v9/software/S0584/"> AppleJeus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Aria-body-Aria-body"> <a href="/versions/v9/software/S0456/"> Aria-body </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Arp-Arp"> <a href="/versions/v9/software/S0099/"> Arp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Asacub-Asacub"> <a href="/versions/v9/software/S0540/"> Asacub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ASPXSpy-ASPXSpy"> <a href="/versions/v9/software/S0073/"> ASPXSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Astaroth-Astaroth"> <a href="/versions/v9/software/S0373/"> Astaroth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="at-at"> <a href="/versions/v9/software/S0110/"> at </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Attor-Attor"> <a href="/versions/v9/software/S0438/"> Attor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AuditCred-AuditCred"> <a href="/versions/v9/software/S0347/"> AuditCred </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="AutoIt backdoor-AutoIt backdoor"> <a href="/versions/v9/software/S0129/"> AutoIt backdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Avenger-Avenger"> <a href="/versions/v9/software/S0473/"> Avenger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Azorult-Azorult"> <a href="/versions/v9/software/S0344/"> Azorult </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BabyShark-BabyShark"> <a href="/versions/v9/software/S0414/"> BabyShark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BackConfig-BackConfig"> <a href="/versions/v9/software/S0475/"> BackConfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Backdoor.Oldrea-Backdoor.Oldrea"> <a href="/versions/v9/software/S0093/"> Backdoor.Oldrea </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BACKSPACE-BACKSPACE"> <a href="/versions/v9/software/S0031/"> BACKSPACE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BADCALL-BADCALL"> <a href="/versions/v9/software/S0245/"> BADCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BADNEWS-BADNEWS"> <a href="/versions/v9/software/S0128/"> BADNEWS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BadPatch-BadPatch"> <a href="/versions/v9/software/S0337/"> BadPatch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bandook-Bandook"> <a href="/versions/v9/software/S0234/"> Bandook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bankshot-Bankshot"> <a href="/versions/v9/software/S0239/"> Bankshot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bazar-Bazar"> <a href="/versions/v9/software/S0534/"> Bazar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BBK-BBK"> <a href="/versions/v9/software/S0470/"> BBK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BBSRAT-BBSRAT"> <a href="/versions/v9/software/S0127/"> BBSRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BendyBear-BendyBear"> <a href="/versions/v9/software/S0574/"> BendyBear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BISCUIT-BISCUIT"> <a href="/versions/v9/software/S0017/"> BISCUIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bisonal-Bisonal"> <a href="/versions/v9/software/S0268/"> Bisonal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BitPaymer-BitPaymer"> <a href="/versions/v9/software/S0570/"> BitPaymer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BITSAdmin-BITSAdmin"> <a href="/versions/v9/software/S0190/"> BITSAdmin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BLACKCOFFEE-BLACKCOFFEE"> <a href="/versions/v9/software/S0069/"> BLACKCOFFEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BlackEnergy-BlackEnergy"> <a href="/versions/v9/software/S0089/"> BlackEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BlackMould-BlackMould"> <a href="/versions/v9/software/S0564/"> BlackMould </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BLINDINGCAN-BLINDINGCAN"> <a href="/versions/v9/software/S0520/"> BLINDINGCAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BloodHound-BloodHound"> <a href="/versions/v9/software/S0521/"> BloodHound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bonadan-Bonadan"> <a href="/versions/v9/software/S0486/"> Bonadan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BONDUPDATER-BONDUPDATER"> <a href="/versions/v9/software/S0360/"> BONDUPDATER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BOOSTWRITE-BOOSTWRITE"> <a href="/versions/v9/software/S0415/"> BOOSTWRITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BOOTRASH-BOOTRASH"> <a href="/versions/v9/software/S0114/"> BOOTRASH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BrainTest-BrainTest"> <a href="/versions/v9/software/S0293/"> BrainTest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Brave Prince-Brave Prince"> <a href="/versions/v9/software/S0252/"> Brave Prince </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bread-Bread"> <a href="/versions/v9/software/S0432/"> Bread </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Briba-Briba"> <a href="/versions/v9/software/S0204/"> Briba </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BS2005-BS2005"> <a href="/versions/v9/software/S0014/"> BS2005 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="BUBBLEWRAP-BUBBLEWRAP"> <a href="/versions/v9/software/S0043/"> BUBBLEWRAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="build_downer-build_downer"> <a href="/versions/v9/software/S0471/"> build_downer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Bundlore-Bundlore"> <a href="/versions/v9/software/S0482/"> Bundlore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cachedump-Cachedump"> <a href="/versions/v9/software/S0119/"> Cachedump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cadelspy-Cadelspy"> <a href="/versions/v9/software/S0454/"> Cadelspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CALENDAR-CALENDAR"> <a href="/versions/v9/software/S0025/"> CALENDAR </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Calisto-Calisto"> <a href="/versions/v9/software/S0274/"> Calisto </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CallMe-CallMe"> <a href="/versions/v9/software/S0077/"> CallMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cannon-Cannon"> <a href="/versions/v9/software/S0351/"> Cannon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carbanak-Carbanak"> <a href="/versions/v9/software/S0030/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carberp-Carberp"> <a href="/versions/v9/software/S0484/"> Carberp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Carbon-Carbon"> <a href="/versions/v9/software/S0335/"> Carbon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CarbonSteal-CarbonSteal"> <a href="/versions/v9/software/S0529/"> CarbonSteal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cardinal RAT-Cardinal RAT"> <a href="/versions/v9/software/S0348/"> Cardinal RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CARROTBALL-CARROTBALL"> <a href="/versions/v9/software/S0465/"> CARROTBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CARROTBAT-CARROTBAT"> <a href="/versions/v9/software/S0462/"> CARROTBAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Catchamas-Catchamas"> <a href="/versions/v9/software/S0261/"> Catchamas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Caterpillar WebShell-Caterpillar WebShell"> <a href="/versions/v9/software/S0572/"> Caterpillar WebShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CCBkdr-CCBkdr"> <a href="/versions/v9/software/S0222/"> CCBkdr </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cerberus-Cerberus"> <a href="/versions/v9/software/S0480/"> Cerberus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="certutil-certutil"> <a href="/versions/v9/software/S0160/"> certutil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Chaos-Chaos"> <a href="/versions/v9/software/S0220/"> Chaos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Charger-Charger"> <a href="/versions/v9/software/S0323/"> Charger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ChChes-ChChes"> <a href="/versions/v9/software/S0144/"> ChChes </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CHEMISTGAMES-CHEMISTGAMES"> <a href="/versions/v9/software/S0555/"> CHEMISTGAMES </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cherry Picker-Cherry Picker"> <a href="/versions/v9/software/S0107/"> Cherry Picker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="China Chopper-China Chopper"> <a href="/versions/v9/software/S0020/"> China Chopper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CHOPSTICK-CHOPSTICK"> <a href="/versions/v9/software/S0023/"> CHOPSTICK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Circles-Circles"> <a href="/versions/v9/software/S0602/"> Circles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CloudDuke-CloudDuke"> <a href="/versions/v9/software/S0054/"> CloudDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="cmd-cmd"> <a href="/versions/v9/software/S0106/"> cmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cobalt Strike-Cobalt Strike"> <a href="/versions/v9/software/S0154/"> Cobalt Strike </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cobian RAT-Cobian RAT"> <a href="/versions/v9/software/S0338/"> Cobian RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CoinTicker-CoinTicker"> <a href="/versions/v9/software/S0369/"> CoinTicker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Comnie-Comnie"> <a href="/versions/v9/software/S0244/"> Comnie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ComRAT-ComRAT"> <a href="/versions/v9/software/S0126/"> ComRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Concipit1248-Concipit1248"> <a href="/versions/v9/software/S0426/"> Concipit1248 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ConnectWise-ConnectWise"> <a href="/versions/v9/software/S0591/"> ConnectWise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Conti-Conti"> <a href="/versions/v9/software/S0575/"> Conti </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CookieMiner-CookieMiner"> <a href="/versions/v9/software/S0492/"> CookieMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CORALDECK-CORALDECK"> <a href="/versions/v9/software/S0212/"> CORALDECK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CORESHELL-CORESHELL"> <a href="/versions/v9/software/S0137/"> CORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Corona Updates-Corona Updates"> <a href="/versions/v9/software/S0425/"> Corona Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CosmicDuke-CosmicDuke"> <a href="/versions/v9/software/S0050/"> CosmicDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CozyCar-CozyCar"> <a href="/versions/v9/software/S0046/"> CozyCar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CrackMapExec-CrackMapExec"> <a href="/versions/v9/software/S0488/"> CrackMapExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Crimson-Crimson"> <a href="/versions/v9/software/S0115/"> Crimson </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CrossRAT-CrossRAT"> <a href="/versions/v9/software/S0235/"> CrossRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Crutch-Crutch"> <a href="/versions/v9/software/S0538/"> Crutch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Cryptoistic-Cryptoistic"> <a href="/versions/v9/software/S0498/"> Cryptoistic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="CSPY Downloader-CSPY Downloader"> <a href="/versions/v9/software/S0527/"> CSPY Downloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dacls-Dacls"> <a href="/versions/v9/software/S0497/"> Dacls </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DarkComet-DarkComet"> <a href="/versions/v9/software/S0334/"> DarkComet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Daserf-Daserf"> <a href="/versions/v9/software/S0187/"> Daserf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DDKONG-DDKONG"> <a href="/versions/v9/software/S0255/"> DDKONG </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DealersChoice-DealersChoice"> <a href="/versions/v9/software/S0243/"> DealersChoice </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DEFENSOR ID-DEFENSOR ID"> <a href="/versions/v9/software/S0479/"> DEFENSOR ID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dendroid-Dendroid"> <a href="/versions/v9/software/S0301/"> Dendroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Denis-Denis"> <a href="/versions/v9/software/S0354/"> Denis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Derusbi-Derusbi"> <a href="/versions/v9/software/S0021/"> Derusbi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Desert Scorpion-Desert Scorpion"> <a href="/versions/v9/software/S0505/"> Desert Scorpion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dipsind-Dipsind"> <a href="/versions/v9/software/S0200/"> Dipsind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DOGCALL-DOGCALL"> <a href="/versions/v9/software/S0213/"> DOGCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dok-Dok"> <a href="/versions/v9/software/S0281/"> Dok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Doki-Doki"> <a href="/versions/v9/software/S0600/"> Doki </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DoubleAgent-DoubleAgent"> <a href="/versions/v9/software/S0550/"> DoubleAgent </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="down_new-down_new"> <a href="/versions/v9/software/S0472/"> down_new </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Downdelph-Downdelph"> <a href="/versions/v9/software/S0134/"> Downdelph </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DownPaper-DownPaper"> <a href="/versions/v9/software/S0186/"> DownPaper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DressCode-DressCode"> <a href="/versions/v9/software/S0300/"> DressCode </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dridex-Dridex"> <a href="/versions/v9/software/S0384/"> Dridex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DroidJack-DroidJack"> <a href="/versions/v9/software/S0320/"> DroidJack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DropBook-DropBook"> <a href="/versions/v9/software/S0547/"> DropBook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Drovorub-Drovorub"> <a href="/versions/v9/software/S0502/"> Drovorub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="dsquery-dsquery"> <a href="/versions/v9/software/S0105/"> dsquery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dtrack-Dtrack"> <a href="/versions/v9/software/S0567/"> Dtrack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DualToy-DualToy"> <a href="/versions/v9/software/S0315/"> DualToy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Duqu-Duqu"> <a href="/versions/v9/software/S0038/"> Duqu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="DustySky-DustySky"> <a href="/versions/v9/software/S0062/"> DustySky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dvmap-Dvmap"> <a href="/versions/v9/software/S0420/"> Dvmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Dyre-Dyre"> <a href="/versions/v9/software/S0024/"> Dyre </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ebury-Ebury"> <a href="/versions/v9/software/S0377/"> Ebury </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ECCENTRICBANDWAGON-ECCENTRICBANDWAGON"> <a href="/versions/v9/software/S0593/"> ECCENTRICBANDWAGON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Egregor-Egregor"> <a href="/versions/v9/software/S0554/"> Egregor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Elise-Elise"> <a href="/versions/v9/software/S0081/"> Elise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ELMER-ELMER"> <a href="/versions/v9/software/S0064/"> ELMER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Emissary-Emissary"> <a href="/versions/v9/software/S0082/"> Emissary </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Emotet-Emotet"> <a href="/versions/v9/software/S0367/"> Emotet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Empire-Empire"> <a href="/versions/v9/software/S0363/"> Empire </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Epic-Epic"> <a href="/versions/v9/software/S0091/"> Epic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="esentutl-esentutl"> <a href="/versions/v9/software/S0404/"> esentutl </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="eSurv-eSurv"> <a href="/versions/v9/software/S0507/"> eSurv </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EventBot-EventBot"> <a href="/versions/v9/software/S0478/"> EventBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EvilBunny-EvilBunny"> <a href="/versions/v9/software/S0396/"> EvilBunny </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EvilGrab-EvilGrab"> <a href="/versions/v9/software/S0152/"> EvilGrab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="EVILNUM-EVILNUM"> <a href="/versions/v9/software/S0568/"> EVILNUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exaramel for Linux-Exaramel for Linux"> <a href="/versions/v9/software/S0401/"> Exaramel for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exaramel for Windows-Exaramel for Windows"> <a href="/versions/v9/software/S0343/"> Exaramel for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exobot-Exobot"> <a href="/versions/v9/software/S0522/"> Exobot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Exodus-Exodus"> <a href="/versions/v9/software/S0405/"> Exodus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Expand-Expand"> <a href="/versions/v9/software/S0361/"> Expand </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Explosive-Explosive"> <a href="/versions/v9/software/S0569/"> Explosive </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FakeM-FakeM"> <a href="/versions/v9/software/S0076/"> FakeM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FakeSpy-FakeSpy"> <a href="/versions/v9/software/S0509/"> FakeSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FALLCHILL-FALLCHILL"> <a href="/versions/v9/software/S0181/"> FALLCHILL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FatDuke-FatDuke"> <a href="/versions/v9/software/S0512/"> FatDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Felismus-Felismus"> <a href="/versions/v9/software/S0171/"> Felismus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FELIXROOT-FELIXROOT"> <a href="/versions/v9/software/S0267/"> FELIXROOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Fgdump-Fgdump"> <a href="/versions/v9/software/S0120/"> Fgdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Final1stspy-Final1stspy"> <a href="/versions/v9/software/S0355/"> Final1stspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FinFisher-FinFisher"> <a href="/versions/v9/software/S0182/"> FinFisher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Flame-Flame"> <a href="/versions/v9/software/S0143/"> Flame </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FLASHFLOOD-FLASHFLOOD"> <a href="/versions/v9/software/S0036/"> FLASHFLOOD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FlawedAmmyy-FlawedAmmyy"> <a href="/versions/v9/software/S0381/"> FlawedAmmyy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FlawedGrace-FlawedGrace"> <a href="/versions/v9/software/S0383/"> FlawedGrace </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FlexiSpy-FlexiSpy"> <a href="/versions/v9/software/S0408/"> FlexiSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FLIPSIDE-FLIPSIDE"> <a href="/versions/v9/software/S0173/"> FLIPSIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Forfiles-Forfiles"> <a href="/versions/v9/software/S0193/"> Forfiles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FrameworkPOS-FrameworkPOS"> <a href="/versions/v9/software/S0503/"> FrameworkPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FrozenCell-FrozenCell"> <a href="/versions/v9/software/S0577/"> FrozenCell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FruitFly-FruitFly"> <a href="/versions/v9/software/S0277/"> FruitFly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="FTP-FTP"> <a href="/versions/v9/software/S0095/"> FTP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Fysbis-Fysbis"> <a href="/versions/v9/software/S0410/"> Fysbis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gazer-Gazer"> <a href="/versions/v9/software/S0168/"> Gazer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GeminiDuke-GeminiDuke"> <a href="/versions/v9/software/S0049/"> GeminiDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Get2-Get2"> <a href="/versions/v9/software/S0460/"> Get2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="gh0st RAT-gh0st RAT"> <a href="/versions/v9/software/S0032/"> gh0st RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ginp-Ginp"> <a href="/versions/v9/software/S0423/"> Ginp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GLOOXMAIL-GLOOXMAIL"> <a href="/versions/v9/software/S0026/"> GLOOXMAIL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gold Dragon-Gold Dragon"> <a href="/versions/v9/software/S0249/"> Gold Dragon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Golden Cup-Golden Cup"> <a href="/versions/v9/software/S0535/"> Golden Cup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldenEagle-GoldenEagle"> <a href="/versions/v9/software/S0551/"> GoldenEagle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldenSpy-GoldenSpy"> <a href="/versions/v9/software/S0493/"> GoldenSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldFinder-GoldFinder"> <a href="/versions/v9/software/S0597/"> GoldFinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GoldMax-GoldMax"> <a href="/versions/v9/software/S0588/"> GoldMax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GolfSpy-GolfSpy"> <a href="/versions/v9/software/S0421/"> GolfSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gooligan-Gooligan"> <a href="/versions/v9/software/S0290/"> Gooligan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Goopy-Goopy"> <a href="/versions/v9/software/S0477/"> Goopy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GPlayed-GPlayed"> <a href="/versions/v9/software/S0536/"> GPlayed </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Grandoreiro-Grandoreiro"> <a href="/versions/v9/software/S0531/"> Grandoreiro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GravityRAT-GravityRAT"> <a href="/versions/v9/software/S0237/"> GravityRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GreyEnergy-GreyEnergy"> <a href="/versions/v9/software/S0342/"> GreyEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GRIFFON-GRIFFON"> <a href="/versions/v9/software/S0417/"> GRIFFON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="gsecdump-gsecdump"> <a href="/versions/v9/software/S0008/"> gsecdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="GuLoader-GuLoader"> <a href="/versions/v9/software/S0561/"> GuLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Gustuff-Gustuff"> <a href="/versions/v9/software/S0406/"> Gustuff </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="H1N1-H1N1"> <a href="/versions/v9/software/S0132/"> H1N1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hacking Team UEFI Rootkit-Hacking Team UEFI Rootkit"> <a href="/versions/v9/software/S0047/"> Hacking Team UEFI Rootkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HALFBAKED-HALFBAKED"> <a href="/versions/v9/software/S0151/"> HALFBAKED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAMMERTOSS-HAMMERTOSS"> <a href="/versions/v9/software/S0037/"> HAMMERTOSS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hancitor-Hancitor"> <a href="/versions/v9/software/S0499/"> Hancitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAPPYWORK-HAPPYWORK"> <a href="/versions/v9/software/S0214/"> HAPPYWORK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HARDRAIN-HARDRAIN"> <a href="/versions/v9/software/S0246/"> HARDRAIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Havij-Havij"> <a href="/versions/v9/software/S0224/"> Havij </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HAWKBALL-HAWKBALL"> <a href="/versions/v9/software/S0391/"> HAWKBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="hcdLoader-hcdLoader"> <a href="/versions/v9/software/S0071/"> hcdLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HDoor-HDoor"> <a href="/versions/v9/software/S0061/"> HDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Helminth-Helminth"> <a href="/versions/v9/software/S0170/"> Helminth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HenBox-HenBox"> <a href="/versions/v9/software/S0544/"> HenBox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hi-Zor-Hi-Zor"> <a href="/versions/v9/software/S0087/"> Hi-Zor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HiddenWasp-HiddenWasp"> <a href="/versions/v9/software/S0394/"> HiddenWasp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HIDEDRV-HIDEDRV"> <a href="/versions/v9/software/S0135/"> HIDEDRV </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hikit-Hikit"> <a href="/versions/v9/software/S0009/"> Hikit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hildegard-Hildegard"> <a href="/versions/v9/software/S0601/"> Hildegard </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HOMEFRY-HOMEFRY"> <a href="/versions/v9/software/S0232/"> HOMEFRY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HOPLIGHT-HOPLIGHT"> <a href="/versions/v9/software/S0376/"> HOPLIGHT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HotCroissant-HotCroissant"> <a href="/versions/v9/software/S0431/"> HotCroissant </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HTRAN-HTRAN"> <a href="/versions/v9/software/S0040/"> HTRAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HTTPBrowser-HTTPBrowser"> <a href="/versions/v9/software/S0070/"> HTTPBrowser </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="httpclient-httpclient"> <a href="/versions/v9/software/S0068/"> httpclient </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HummingBad-HummingBad"> <a href="/versions/v9/software/S0322/"> HummingBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HummingWhale-HummingWhale"> <a href="/versions/v9/software/S0321/"> HummingWhale </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Hydraq-Hydraq"> <a href="/versions/v9/software/S0203/"> Hydraq </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HyperBro-HyperBro"> <a href="/versions/v9/software/S0398/"> HyperBro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="HyperStack-HyperStack"> <a href="/versions/v9/software/S0537/"> HyperStack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="IcedID-IcedID"> <a href="/versions/v9/software/S0483/"> IcedID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ifconfig-ifconfig"> <a href="/versions/v9/software/S0101/"> ifconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="iKitten-iKitten"> <a href="/versions/v9/software/S0278/"> iKitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Imminent Monitor-Imminent Monitor"> <a href="/versions/v9/software/S0434/"> Imminent Monitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Impacket-Impacket"> <a href="/versions/v9/software/S0357/"> Impacket </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="InnaputRAT-InnaputRAT"> <a href="/versions/v9/software/S0259/"> InnaputRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="INSOMNIA-INSOMNIA"> <a href="/versions/v9/software/S0463/"> INSOMNIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="InvisiMole-InvisiMole"> <a href="/versions/v9/software/S0260/"> InvisiMole </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Invoke-PSImage-Invoke-PSImage"> <a href="/versions/v9/software/S0231/"> Invoke-PSImage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ipconfig-ipconfig"> <a href="/versions/v9/software/S0100/"> ipconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="IronNetInjector-IronNetInjector"> <a href="/versions/v9/software/S0581/"> IronNetInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ISMInjector-ISMInjector"> <a href="/versions/v9/software/S0189/"> ISMInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ixeshe-Ixeshe"> <a href="/versions/v9/software/S0015/"> Ixeshe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Janicab-Janicab"> <a href="/versions/v9/software/S0163/"> Janicab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Javali-Javali"> <a href="/versions/v9/software/S0528/"> Javali </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="JCry-JCry"> <a href="/versions/v9/software/S0389/"> JCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="JHUHUGIT-JHUHUGIT"> <a href="/versions/v9/software/S0044/"> JHUHUGIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="JPIN-JPIN"> <a href="/versions/v9/software/S0201/"> JPIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="jRAT-jRAT"> <a href="/versions/v9/software/S0283/"> jRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Judy-Judy"> <a href="/versions/v9/software/S0325/"> Judy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KARAE-KARAE"> <a href="/versions/v9/software/S0215/"> KARAE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kasidet-Kasidet"> <a href="/versions/v9/software/S0088/"> Kasidet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kazuar-Kazuar"> <a href="/versions/v9/software/S0265/"> Kazuar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kerrdown-Kerrdown"> <a href="/versions/v9/software/S0585/"> Kerrdown </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kessel-Kessel"> <a href="/versions/v9/software/S0487/"> Kessel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KeyBoy-KeyBoy"> <a href="/versions/v9/software/S0387/"> KeyBoy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Keydnap-Keydnap"> <a href="/versions/v9/software/S0276/"> Keydnap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KEYMARBLE-KEYMARBLE"> <a href="/versions/v9/software/S0271/"> KEYMARBLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KeyRaider-KeyRaider"> <a href="/versions/v9/software/S0288/"> KeyRaider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KGH_SPY-KGH_SPY"> <a href="/versions/v9/software/S0526/"> KGH_SPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kinsing-Kinsing"> <a href="/versions/v9/software/S0599/"> Kinsing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kivars-Kivars"> <a href="/versions/v9/software/S0437/"> Kivars </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Koadic-Koadic"> <a href="/versions/v9/software/S0250/"> Koadic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Komplex-Komplex"> <a href="/versions/v9/software/S0162/"> Komplex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KOMPROGO-KOMPROGO"> <a href="/versions/v9/software/S0156/"> KOMPROGO </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="KONNI-KONNI"> <a href="/versions/v9/software/S0356/"> KONNI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Kwampirs-Kwampirs"> <a href="/versions/v9/software/S0236/"> Kwampirs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LaZagne-LaZagne"> <a href="/versions/v9/software/S0349/"> LaZagne </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LightNeuron-LightNeuron"> <a href="/versions/v9/software/S0395/"> LightNeuron </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Linfo-Linfo"> <a href="/versions/v9/software/S0211/"> Linfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Linux Rabbit-Linux Rabbit"> <a href="/versions/v9/software/S0362/"> Linux Rabbit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LockerGoga-LockerGoga"> <a href="/versions/v9/software/S0372/"> LockerGoga </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LoJax-LoJax"> <a href="/versions/v9/software/S0397/"> LoJax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lokibot-Lokibot"> <a href="/versions/v9/software/S0447/"> Lokibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LookBack-LookBack"> <a href="/versions/v9/software/S0582/"> LookBack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LoudMiner-LoudMiner"> <a href="/versions/v9/software/S0451/"> LoudMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="LOWBALL-LOWBALL"> <a href="/versions/v9/software/S0042/"> LOWBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lslsass-Lslsass"> <a href="/versions/v9/software/S0121/"> Lslsass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lucifer-Lucifer"> <a href="/versions/v9/software/S0532/"> Lucifer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Lurid-Lurid"> <a href="/versions/v9/software/S0010/"> Lurid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Machete-Machete"> <a href="/versions/v9/software/S0409/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MacSpy-MacSpy"> <a href="/versions/v9/software/S0282/"> MacSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MailSniper-MailSniper"> <a href="/versions/v9/software/S0413/"> MailSniper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mandrake-Mandrake"> <a href="/versions/v9/software/S0485/"> Mandrake </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Marcher-Marcher"> <a href="/versions/v9/software/S0317/"> Marcher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Matryoshka-Matryoshka"> <a href="/versions/v9/software/S0167/"> Matryoshka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MazarBOT-MazarBOT"> <a href="/versions/v9/software/S0303/"> MazarBOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Maze-Maze"> <a href="/versions/v9/software/S0449/"> Maze </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MCMD-MCMD"> <a href="/versions/v9/software/S0500/"> MCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MechaFlounder-MechaFlounder"> <a href="/versions/v9/software/S0459/"> MechaFlounder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="meek-meek"> <a href="/versions/v9/software/S0175/"> meek </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MegaCortex-MegaCortex"> <a href="/versions/v9/software/S0576/"> MegaCortex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Melcoz-Melcoz"> <a href="/versions/v9/software/S0530/"> Melcoz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MESSAGETAP-MESSAGETAP"> <a href="/versions/v9/software/S0443/"> MESSAGETAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Metamorfo-Metamorfo"> <a href="/versions/v9/software/S0455/"> Metamorfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Micropsia-Micropsia"> <a href="/versions/v9/software/S0339/"> Micropsia </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mimikatz-Mimikatz"> <a href="/versions/v9/software/S0002/"> Mimikatz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MimiPenguin-MimiPenguin"> <a href="/versions/v9/software/S0179/"> MimiPenguin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Miner-C-Miner-C"> <a href="/versions/v9/software/S0133/"> Miner-C </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MiniDuke-MiniDuke"> <a href="/versions/v9/software/S0051/"> MiniDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MirageFox-MirageFox"> <a href="/versions/v9/software/S0280/"> MirageFox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mis-Type-Mis-Type"> <a href="/versions/v9/software/S0084/"> Mis-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Misdat-Misdat"> <a href="/versions/v9/software/S0083/"> Misdat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mivast-Mivast"> <a href="/versions/v9/software/S0080/"> Mivast </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MobileOrder-MobileOrder"> <a href="/versions/v9/software/S0079/"> MobileOrder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MoleNet-MoleNet"> <a href="/versions/v9/software/S0553/"> MoleNet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Monokle-Monokle"> <a href="/versions/v9/software/S0407/"> Monokle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MoonWind-MoonWind"> <a href="/versions/v9/software/S0149/"> MoonWind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="More_eggs-More_eggs"> <a href="/versions/v9/software/S0284/"> More_eggs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Mosquito-Mosquito"> <a href="/versions/v9/software/S0256/"> Mosquito </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="MURKYTOP-MURKYTOP"> <a href="/versions/v9/software/S0233/"> MURKYTOP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Naid-Naid"> <a href="/versions/v9/software/S0205/"> Naid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NanHaiShu-NanHaiShu"> <a href="/versions/v9/software/S0228/"> NanHaiShu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NanoCore-NanoCore"> <a href="/versions/v9/software/S0336/"> NanoCore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NavRAT-NavRAT"> <a href="/versions/v9/software/S0247/"> NavRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NBTscan-NBTscan"> <a href="/versions/v9/software/S0590/"> NBTscan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="nbtstat-nbtstat"> <a href="/versions/v9/software/S0102/"> nbtstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NDiskMonitor-NDiskMonitor"> <a href="/versions/v9/software/S0272/"> NDiskMonitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Nerex-Nerex"> <a href="/versions/v9/software/S0210/"> Nerex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Net-Net"> <a href="/versions/v9/software/S0039/"> Net </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Net Crawler-Net Crawler"> <a href="/versions/v9/software/S0056/"> Net Crawler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NETEAGLE-NETEAGLE"> <a href="/versions/v9/software/S0034/"> NETEAGLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="netsh-netsh"> <a href="/versions/v9/software/S0108/"> netsh </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="netstat-netstat"> <a href="/versions/v9/software/S0104/"> netstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NetTraveler-NetTraveler"> <a href="/versions/v9/software/S0033/"> NetTraveler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Netwalker-Netwalker"> <a href="/versions/v9/software/S0457/"> Netwalker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NETWIRE-NETWIRE"> <a href="/versions/v9/software/S0198/"> NETWIRE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ngrok-Ngrok"> <a href="/versions/v9/software/S0508/"> Ngrok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Nidiran-Nidiran"> <a href="/versions/v9/software/S0118/"> Nidiran </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="njRAT-njRAT"> <a href="/versions/v9/software/S0385/"> njRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Nltest-Nltest"> <a href="/versions/v9/software/S0359/"> Nltest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NOKKI-NOKKI"> <a href="/versions/v9/software/S0353/"> NOKKI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NotCompatible-NotCompatible"> <a href="/versions/v9/software/S0299/"> NotCompatible </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="NotPetya-NotPetya"> <a href="/versions/v9/software/S0368/"> NotPetya </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OBAD-OBAD"> <a href="/versions/v9/software/S0286/"> OBAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OceanSalt-OceanSalt"> <a href="/versions/v9/software/S0346/"> OceanSalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Octopus-Octopus"> <a href="/versions/v9/software/S0340/"> Octopus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Okrum-Okrum"> <a href="/versions/v9/software/S0439/"> Okrum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OLDBAIT-OLDBAIT"> <a href="/versions/v9/software/S0138/"> OLDBAIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OldBoot-OldBoot"> <a href="/versions/v9/software/S0285/"> OldBoot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Olympic Destroyer-Olympic Destroyer"> <a href="/versions/v9/software/S0365/"> Olympic Destroyer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OnionDuke-OnionDuke"> <a href="/versions/v9/software/S0052/"> OnionDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OopsIE-OopsIE"> <a href="/versions/v9/software/S0264/"> OopsIE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Orz-Orz"> <a href="/versions/v9/software/S0229/"> Orz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OSInfo-OSInfo"> <a href="/versions/v9/software/S0165/"> OSInfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OSX/Shlayer-OSX/Shlayer"> <a href="/versions/v9/software/S0402/"> OSX/Shlayer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OSX_OCEANLOTUS.D-OSX_OCEANLOTUS.D"> <a href="/versions/v9/software/S0352/"> OSX_OCEANLOTUS.D </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Out1-Out1"> <a href="/versions/v9/software/S0594/"> Out1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="OwaAuth-OwaAuth"> <a href="/versions/v9/software/S0072/"> OwaAuth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="P.A.S. Webshell-P.A.S. Webshell"> <a href="/versions/v9/software/S0598/"> P.A.S. Webshell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="P2P ZeuS-P2P ZeuS"> <a href="/versions/v9/software/S0016/"> P2P ZeuS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pallas-Pallas"> <a href="/versions/v9/software/S0399/"> Pallas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pasam-Pasam"> <a href="/versions/v9/software/S0208/"> Pasam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pass-The-Hash Toolkit-Pass-The-Hash Toolkit"> <a href="/versions/v9/software/S0122/"> Pass-The-Hash Toolkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pay2Key-Pay2Key"> <a href="/versions/v9/software/S0556/"> Pay2Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pegasus for Android-Pegasus for Android"> <a href="/versions/v9/software/S0316/"> Pegasus for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pegasus for iOS-Pegasus for iOS"> <a href="/versions/v9/software/S0289/"> Pegasus for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Penquin-Penquin"> <a href="/versions/v9/software/S0587/"> Penquin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PHOREAL-PHOREAL"> <a href="/versions/v9/software/S0158/"> PHOREAL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pillowmint-Pillowmint"> <a href="/versions/v9/software/S0517/"> Pillowmint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PinchDuke-PinchDuke"> <a href="/versions/v9/software/S0048/"> PinchDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ping-Ping"> <a href="/versions/v9/software/S0097/"> Ping </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PipeMon-PipeMon"> <a href="/versions/v9/software/S0501/"> PipeMon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pisloader-Pisloader"> <a href="/versions/v9/software/S0124/"> Pisloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PJApps-PJApps"> <a href="/versions/v9/software/S0291/"> PJApps </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PLAINTEE-PLAINTEE"> <a href="/versions/v9/software/S0254/"> PLAINTEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PLEAD-PLEAD"> <a href="/versions/v9/software/S0435/"> PLEAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PlugX-PlugX"> <a href="/versions/v9/software/S0013/"> PlugX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="pngdowner-pngdowner"> <a href="/versions/v9/software/S0067/"> pngdowner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PoetRAT-PoetRAT"> <a href="/versions/v9/software/S0428/"> PoetRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PoisonIvy-PoisonIvy"> <a href="/versions/v9/software/S0012/"> PoisonIvy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PolyglotDuke-PolyglotDuke"> <a href="/versions/v9/software/S0518/"> PolyglotDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pony-Pony"> <a href="/versions/v9/software/S0453/"> Pony </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POORAIM-POORAIM"> <a href="/versions/v9/software/S0216/"> POORAIM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PoshC2-PoshC2"> <a href="/versions/v9/software/S0378/"> PoshC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POSHSPY-POSHSPY"> <a href="/versions/v9/software/S0150/"> POSHSPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Power Loader-Power Loader"> <a href="/versions/v9/software/S0177/"> Power Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerDuke-PowerDuke"> <a href="/versions/v9/software/S0139/"> PowerDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerShower-PowerShower"> <a href="/versions/v9/software/S0441/"> PowerShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWERSOURCE-POWERSOURCE"> <a href="/versions/v9/software/S0145/"> POWERSOURCE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerSploit-PowerSploit"> <a href="/versions/v9/software/S0194/"> PowerSploit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PowerStallion-PowerStallion"> <a href="/versions/v9/software/S0393/"> PowerStallion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWERSTATS-POWERSTATS"> <a href="/versions/v9/software/S0223/"> POWERSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWERTON-POWERTON"> <a href="/versions/v9/software/S0371/"> POWERTON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="POWRUNER-POWRUNER"> <a href="/versions/v9/software/S0184/"> POWRUNER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Prikormka-Prikormka"> <a href="/versions/v9/software/S0113/"> Prikormka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Proton-Proton"> <a href="/versions/v9/software/S0279/"> Proton </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Proxysvc-Proxysvc"> <a href="/versions/v9/software/S0238/"> Proxysvc </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PsExec-PsExec"> <a href="/versions/v9/software/S0029/"> PsExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Psylo-Psylo"> <a href="/versions/v9/software/S0078/"> Psylo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pteranodon-Pteranodon"> <a href="/versions/v9/software/S0147/"> Pteranodon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PUNCHBUGGY-PUNCHBUGGY"> <a href="/versions/v9/software/S0196/"> PUNCHBUGGY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="PUNCHTRACK-PUNCHTRACK"> <a href="/versions/v9/software/S0197/"> PUNCHTRACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pupy-Pupy"> <a href="/versions/v9/software/S0192/"> Pupy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="pwdump-pwdump"> <a href="/versions/v9/software/S0006/"> pwdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Pysa-Pysa"> <a href="/versions/v9/software/S0583/"> Pysa </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="QUADAGENT-QUADAGENT"> <a href="/versions/v9/software/S0269/"> QUADAGENT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="QuasarRAT-QuasarRAT"> <a href="/versions/v9/software/S0262/"> QuasarRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ragnar Locker-Ragnar Locker"> <a href="/versions/v9/software/S0481/"> Ragnar Locker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Raindrop-Raindrop"> <a href="/versions/v9/software/S0565/"> Raindrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ramsay-Ramsay"> <a href="/versions/v9/software/S0458/"> Ramsay </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RARSTONE-RARSTONE"> <a href="/versions/v9/software/S0055/"> RARSTONE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RATANKBA-RATANKBA"> <a href="/versions/v9/software/S0241/"> RATANKBA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RawDisk-RawDisk"> <a href="/versions/v9/software/S0364/"> RawDisk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RawPOS-RawPOS"> <a href="/versions/v9/software/S0169/"> RawPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RCSAndroid-RCSAndroid"> <a href="/versions/v9/software/S0295/"> RCSAndroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RDAT-RDAT"> <a href="/versions/v9/software/S0495/"> RDAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RDFSNIFFER-RDFSNIFFER"> <a href="/versions/v9/software/S0416/"> RDFSNIFFER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Reaver-Reaver"> <a href="/versions/v9/software/S0172/"> Reaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Red Alert 2.0-Red Alert 2.0"> <a href="/versions/v9/software/S0539/"> Red Alert 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RedDrop-RedDrop"> <a href="/versions/v9/software/S0326/"> RedDrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RedLeaves-RedLeaves"> <a href="/versions/v9/software/S0153/"> RedLeaves </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Reg-Reg"> <a href="/versions/v9/software/S0075/"> Reg </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RegDuke-RegDuke"> <a href="/versions/v9/software/S0511/"> RegDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Regin-Regin"> <a href="/versions/v9/software/S0019/"> Regin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Remcos-Remcos"> <a href="/versions/v9/software/S0332/"> Remcos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Remexi-Remexi"> <a href="/versions/v9/software/S0375/"> Remexi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RemoteCMD-RemoteCMD"> <a href="/versions/v9/software/S0166/"> RemoteCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RemoteUtilities-RemoteUtilities"> <a href="/versions/v9/software/S0592/"> RemoteUtilities </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Remsec-Remsec"> <a href="/versions/v9/software/S0125/"> Remsec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Responder-Responder"> <a href="/versions/v9/software/S0174/"> Responder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Revenge RAT-Revenge RAT"> <a href="/versions/v9/software/S0379/"> Revenge RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="REvil-REvil"> <a href="/versions/v9/software/S0496/"> REvil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RGDoor-RGDoor"> <a href="/versions/v9/software/S0258/"> RGDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rifdoor-Rifdoor"> <a href="/versions/v9/software/S0433/"> Rifdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Riltok-Riltok"> <a href="/versions/v9/software/S0403/"> Riltok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RIPTIDE-RIPTIDE"> <a href="/versions/v9/software/S0003/"> RIPTIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rising Sun-Rising Sun"> <a href="/versions/v9/software/S0448/"> Rising Sun </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RobbinHood-RobbinHood"> <a href="/versions/v9/software/S0400/"> RobbinHood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ROCKBOOT-ROCKBOOT"> <a href="/versions/v9/software/S0112/"> ROCKBOOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RogueRobin-RogueRobin"> <a href="/versions/v9/software/S0270/"> RogueRobin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ROKRAT-ROKRAT"> <a href="/versions/v9/software/S0240/"> ROKRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rotexy-Rotexy"> <a href="/versions/v9/software/S0411/"> Rotexy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="route-route"> <a href="/versions/v9/software/S0103/"> route </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Rover-Rover"> <a href="/versions/v9/software/S0090/"> Rover </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RTM-RTM"> <a href="/versions/v9/software/S0148/"> RTM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ruler-Ruler"> <a href="/versions/v9/software/S0358/"> Ruler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RuMMS-RuMMS"> <a href="/versions/v9/software/S0313/"> RuMMS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="RunningRAT-RunningRAT"> <a href="/versions/v9/software/S0253/"> RunningRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ryuk-Ryuk"> <a href="/versions/v9/software/S0446/"> Ryuk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="S-Type-S-Type"> <a href="/versions/v9/software/S0085/"> S-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sakula-Sakula"> <a href="/versions/v9/software/S0074/"> Sakula </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SamSam-SamSam"> <a href="/versions/v9/software/S0370/"> SamSam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="schtasks-schtasks"> <a href="/versions/v9/software/S0111/"> schtasks </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SDBbot-SDBbot"> <a href="/versions/v9/software/S0461/"> SDBbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SDelete-SDelete"> <a href="/versions/v9/software/S0195/"> SDelete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SeaDuke-SeaDuke"> <a href="/versions/v9/software/S0053/"> SeaDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Seasalt-Seasalt"> <a href="/versions/v9/software/S0345/"> Seasalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SEASHARPEE-SEASHARPEE"> <a href="/versions/v9/software/S0185/"> SEASHARPEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ServHelper-ServHelper"> <a href="/versions/v9/software/S0382/"> ServHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShadowPad-ShadowPad"> <a href="/versions/v9/software/S0596/"> ShadowPad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Shamoon-Shamoon"> <a href="/versions/v9/software/S0140/"> Shamoon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SharpStage-SharpStage"> <a href="/versions/v9/software/S0546/"> SharpStage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHARPSTATS-SHARPSTATS"> <a href="/versions/v9/software/S0450/"> SHARPSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShiftyBug-ShiftyBug"> <a href="/versions/v9/software/S0294/"> ShiftyBug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShimRat-ShimRat"> <a href="/versions/v9/software/S0444/"> ShimRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ShimRatReporter-ShimRatReporter"> <a href="/versions/v9/software/S0445/"> ShimRatReporter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHIPSHAPE-SHIPSHAPE"> <a href="/versions/v9/software/S0028/"> SHIPSHAPE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHOTPUT-SHOTPUT"> <a href="/versions/v9/software/S0063/"> SHOTPUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SHUTTERSPEED-SHUTTERSPEED"> <a href="/versions/v9/software/S0217/"> SHUTTERSPEED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sibot-Sibot"> <a href="/versions/v9/software/S0589/"> Sibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SilkBean-SilkBean"> <a href="/versions/v9/software/S0549/"> SilkBean </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SimBad-SimBad"> <a href="/versions/v9/software/S0419/"> SimBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Skeleton Key-Skeleton Key"> <a href="/versions/v9/software/S0007/"> Skeleton Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Skidmap-Skidmap"> <a href="/versions/v9/software/S0468/"> Skidmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Skygofree-Skygofree"> <a href="/versions/v9/software/S0327/"> Skygofree </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SLOTHFULMEDIA-SLOTHFULMEDIA"> <a href="/versions/v9/software/S0533/"> SLOTHFULMEDIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SLOWDRIFT-SLOWDRIFT"> <a href="/versions/v9/software/S0218/"> SLOWDRIFT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Smoke Loader-Smoke Loader"> <a href="/versions/v9/software/S0226/"> Smoke Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SNUGRIDE-SNUGRIDE"> <a href="/versions/v9/software/S0159/"> SNUGRIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Socksbot-Socksbot"> <a href="/versions/v9/software/S0273/"> Socksbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SoreFang-SoreFang"> <a href="/versions/v9/software/S0516/"> SoreFang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SOUNDBITE-SOUNDBITE"> <a href="/versions/v9/software/S0157/"> SOUNDBITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SPACESHIP-SPACESHIP"> <a href="/versions/v9/software/S0035/"> SPACESHIP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Spark-Spark"> <a href="/versions/v9/software/S0543/"> Spark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SpeakUp-SpeakUp"> <a href="/versions/v9/software/S0374/"> SpeakUp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="spwebmember-spwebmember"> <a href="/versions/v9/software/S0227/"> spwebmember </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SpyDealer-SpyDealer"> <a href="/versions/v9/software/S0324/"> SpyDealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SpyNote RAT-SpyNote RAT"> <a href="/versions/v9/software/S0305/"> SpyNote RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="sqlmap-sqlmap"> <a href="/versions/v9/software/S0225/"> sqlmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SQLRat-SQLRat"> <a href="/versions/v9/software/S0390/"> SQLRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SslMM-SslMM"> <a href="/versions/v9/software/S0058/"> SslMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Starloader-Starloader"> <a href="/versions/v9/software/S0188/"> Starloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Stealth Mango-Stealth Mango"> <a href="/versions/v9/software/S0328/"> Stealth Mango </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="StoneDrill-StoneDrill"> <a href="/versions/v9/software/S0380/"> StoneDrill </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="StreamEx-StreamEx"> <a href="/versions/v9/software/S0142/"> StreamEx </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="StrongPity-StrongPity"> <a href="/versions/v9/software/S0491/"> StrongPity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SUNBURST-SUNBURST"> <a href="/versions/v9/software/S0559/"> SUNBURST </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SUNSPOT-SUNSPOT"> <a href="/versions/v9/software/S0562/"> SUNSPOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SUPERNOVA-SUPERNOVA"> <a href="/versions/v9/software/S0578/"> SUPERNOVA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sykipot-Sykipot"> <a href="/versions/v9/software/S0018/"> Sykipot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SynAck-SynAck"> <a href="/versions/v9/software/S0242/"> SynAck </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SYNful Knock-SYNful Knock"> <a href="/versions/v9/software/S0519/"> SYNful Knock </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Sys10-Sys10"> <a href="/versions/v9/software/S0060/"> Sys10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="SYSCON-SYSCON"> <a href="/versions/v9/software/S0464/"> SYSCON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Systeminfo-Systeminfo"> <a href="/versions/v9/software/S0096/"> Systeminfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="T9000-T9000"> <a href="/versions/v9/software/S0098/"> T9000 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Taidoor-Taidoor"> <a href="/versions/v9/software/S0011/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TAINTEDSCRIBE-TAINTEDSCRIBE"> <a href="/versions/v9/software/S0586/"> TAINTEDSCRIBE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TajMahal-TajMahal"> <a href="/versions/v9/software/S0467/"> TajMahal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tangelo-Tangelo"> <a href="/versions/v9/software/S0329/"> Tangelo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tasklist-Tasklist"> <a href="/versions/v9/software/S0057/"> Tasklist </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TDTESS-TDTESS"> <a href="/versions/v9/software/S0164/"> TDTESS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TEARDROP-TEARDROP"> <a href="/versions/v9/software/S0560/"> TEARDROP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TERRACOTTA-TERRACOTTA"> <a href="/versions/v9/software/S0545/"> TERRACOTTA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TEXTMATE-TEXTMATE"> <a href="/versions/v9/software/S0146/"> TEXTMATE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ThiefQuest-ThiefQuest"> <a href="/versions/v9/software/S0595/"> ThiefQuest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tiktok Pro-Tiktok Pro"> <a href="/versions/v9/software/S0558/"> Tiktok Pro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TINYTYPHON-TINYTYPHON"> <a href="/versions/v9/software/S0131/"> TINYTYPHON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TinyZBot-TinyZBot"> <a href="/versions/v9/software/S0004/"> TinyZBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Tor-Tor"> <a href="/versions/v9/software/S0183/"> Tor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Triada-Triada"> <a href="/versions/v9/software/S0424/"> Triada </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TrickBot-TrickBot"> <a href="/versions/v9/software/S0266/"> TrickBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TrickMo-TrickMo"> <a href="/versions/v9/software/S0427/"> TrickMo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan-SMS.AndroidOS.Agent.ao-Trojan-SMS.AndroidOS.Agent.ao"> <a href="/versions/v9/software/S0307/"> Trojan-SMS.AndroidOS.Agent.ao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan-SMS.AndroidOS.FakeInst.a-Trojan-SMS.AndroidOS.FakeInst.a"> <a href="/versions/v9/software/S0306/"> Trojan-SMS.AndroidOS.FakeInst.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan-SMS.AndroidOS.OpFake.a-Trojan-SMS.AndroidOS.OpFake.a"> <a href="/versions/v9/software/S0308/"> Trojan-SMS.AndroidOS.OpFake.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan.Karagany-Trojan.Karagany"> <a href="/versions/v9/software/S0094/"> Trojan.Karagany </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Trojan.Mebromi-Trojan.Mebromi"> <a href="/versions/v9/software/S0001/"> Trojan.Mebromi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Truvasys-Truvasys"> <a href="/versions/v9/software/S0178/"> Truvasys </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TSCookie-TSCookie"> <a href="/versions/v9/software/S0436/"> TSCookie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TURNEDUP-TURNEDUP"> <a href="/versions/v9/software/S0199/"> TURNEDUP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Twitoor-Twitoor"> <a href="/versions/v9/software/S0302/"> Twitoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="TYPEFRAME-TYPEFRAME"> <a href="/versions/v9/software/S0263/"> TYPEFRAME </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="UACMe-UACMe"> <a href="/versions/v9/software/S0116/"> UACMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="UBoatRAT-UBoatRAT"> <a href="/versions/v9/software/S0333/"> UBoatRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Umbreon-Umbreon"> <a href="/versions/v9/software/S0221/"> Umbreon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Unknown Logger-Unknown Logger"> <a href="/versions/v9/software/S0130/"> Unknown Logger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="UPPERCUT-UPPERCUT"> <a href="/versions/v9/software/S0275/"> UPPERCUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Uroburos-Uroburos"> <a href="/versions/v9/software/S0022/"> Uroburos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Ursnif-Ursnif"> <a href="/versions/v9/software/S0386/"> Ursnif </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="USBferry-USBferry"> <a href="/versions/v9/software/S0452/"> USBferry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="USBStealer-USBStealer"> <a href="/versions/v9/software/S0136/"> USBStealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Valak-Valak"> <a href="/versions/v9/software/S0476/"> Valak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Vasport-Vasport"> <a href="/versions/v9/software/S0207/"> Vasport </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="VBShower-VBShower"> <a href="/versions/v9/software/S0442/"> VBShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="VERMIN-VERMIN"> <a href="/versions/v9/software/S0257/"> VERMIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ViceLeaker-ViceLeaker"> <a href="/versions/v9/software/S0418/"> ViceLeaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ViperRAT-ViperRAT"> <a href="/versions/v9/software/S0506/"> ViperRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Volgmer-Volgmer"> <a href="/versions/v9/software/S0180/"> Volgmer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WannaCry-WannaCry"> <a href="/versions/v9/software/S0366/"> WannaCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Waterbear-Waterbear"> <a href="/versions/v9/software/S0579/"> Waterbear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WEBC2-WEBC2"> <a href="/versions/v9/software/S0109/"> WEBC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WellMail-WellMail"> <a href="/versions/v9/software/S0515/"> WellMail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WellMess-WellMess"> <a href="/versions/v9/software/S0514/"> WellMess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wiarp-Wiarp"> <a href="/versions/v9/software/S0206/"> Wiarp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Windows Credential Editor-Windows Credential Editor"> <a href="/versions/v9/software/S0005/"> Windows Credential Editor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WINDSHIELD-WINDSHIELD"> <a href="/versions/v9/software/S0155/"> WINDSHIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WindTail-WindTail"> <a href="/versions/v9/software/S0466/"> WindTail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WINERACK-WINERACK"> <a href="/versions/v9/software/S0219/"> WINERACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winexe-Winexe"> <a href="/versions/v9/software/S0191/"> Winexe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wingbird-Wingbird"> <a href="/versions/v9/software/S0176/"> Wingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WinMM-WinMM"> <a href="/versions/v9/software/S0059/"> WinMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winnti for Linux-Winnti for Linux"> <a href="/versions/v9/software/S0430/"> Winnti for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Winnti for Windows-Winnti for Windows"> <a href="/versions/v9/software/S0141/"> Winnti for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Wiper-Wiper"> <a href="/versions/v9/software/S0041/"> Wiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WireLurker-WireLurker"> <a href="/versions/v9/software/S0312/"> WireLurker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="WolfRAT-WolfRAT"> <a href="/versions/v9/software/S0489/"> WolfRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="X-Agent for Android-X-Agent for Android"> <a href="/versions/v9/software/S0314/"> X-Agent for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XAgentOSX-XAgentOSX"> <a href="/versions/v9/software/S0161/"> XAgentOSX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Xbash-Xbash"> <a href="/versions/v9/software/S0341/"> Xbash </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Xbot-Xbot"> <a href="/versions/v9/software/S0298/"> Xbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="xCmd-xCmd"> <a href="/versions/v9/software/S0123/"> xCmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XcodeGhost-XcodeGhost"> <a href="/versions/v9/software/S0297/"> XcodeGhost </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XLoader for Android-XLoader for Android"> <a href="/versions/v9/software/S0318/"> XLoader for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XLoader for iOS-XLoader for iOS"> <a href="/versions/v9/software/S0490/"> XLoader for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="XTunnel-XTunnel"> <a href="/versions/v9/software/S0117/"> XTunnel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="YAHOYAH-YAHOYAH"> <a href="/versions/v9/software/S0388/"> YAHOYAH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="YiSpecter-YiSpecter"> <a href="/versions/v9/software/S0311/"> YiSpecter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="yty-yty"> <a href="/versions/v9/software/S0248/"> yty </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zebrocy-Zebrocy"> <a href="/versions/v9/software/S0251/"> Zebrocy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zen-Zen"> <a href="/versions/v9/software/S0494/"> Zen </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZergHelper-ZergHelper"> <a href="/versions/v9/software/S0287/"> ZergHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zeroaccess-Zeroaccess"> <a href="/versions/v9/software/S0027/"> Zeroaccess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZeroT-ZeroT"> <a href="/versions/v9/software/S0230/"> ZeroT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="Zeus Panda-Zeus Panda"> <a href="/versions/v9/software/S0330/"> Zeus Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZLib-ZLib"> <a href="/versions/v9/software/S0086/"> ZLib </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="zwShell-zwShell"> <a href="/versions/v9/software/S0350/"> zwShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="ZxShell-ZxShell"> <a href="/versions/v9/software/S0412/"> ZxShell </a> </div> </div> </div> <div class="group-nav-mobile-view"> <span class="heading" id="v-home-tab" aria-selected="false">SOFTWARE</span> <div class="sidenav"> <div class="sidenav-head" id="0-0"> <a href="/versions/v9/software/"> Overview </a> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="48418f3c6358406ca44dc7b2e84bda24"> <span>1-9</span> <div class="expand-button collapsed" id="48418f3c6358406ca44dc7b2e84bda24-header" data-toggle="collapse" data-target="#48418f3c6358406ca44dc7b2e84bda24-body" aria-expanded="false" aria-controls="#48418f3c6358406ca44dc7b2e84bda24-body"></div> </div> <div class="sidenav-body collapse" id="48418f3c6358406ca44dc7b2e84bda24-body" aria-labelledby="48418f3c6358406ca44dc7b2e84bda24-header"> <div class="sidenav"> <div class="sidenav-head" id="48418f3c6358406ca44dc7b2e84bda24-6292761697c84af2b3ab47e564c686ab"> <a href="/versions/v9/software/S0066/"> 3PARA RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="48418f3c6358406ca44dc7b2e84bda24-17fcf8f0d70e44b58bde97ee87b3565b"> <a href="/versions/v9/software/S0065/"> 4H RAT </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="7188c073623b4deea3ad87f4c7b3a4a6"> <span>A-B</span> <div class="expand-button collapsed" id="7188c073623b4deea3ad87f4c7b3a4a6-header" data-toggle="collapse" data-target="#7188c073623b4deea3ad87f4c7b3a4a6-body" aria-expanded="false" aria-controls="#7188c073623b4deea3ad87f4c7b3a4a6-body"></div> </div> <div class="sidenav-body collapse" id="7188c073623b4deea3ad87f4c7b3a4a6-body" aria-labelledby="7188c073623b4deea3ad87f4c7b3a4a6-header"> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-c361fed4a2074ad7a1b58a298c868ebe"> <a href="/versions/v9/software/S0469/"> ABK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3c28e91d0f7d4f699305d80a31914546"> <a href="/versions/v9/software/S0202/"> adbupd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-dcfaa7c55aa54178bb1cc38ebb04cd6b"> <a href="/versions/v9/software/S0552/"> AdFind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3e8ea259f66b434c9588b0e2c0349926"> <a href="/versions/v9/software/S0309/"> Adups </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-e088cc1834d34121af72dc7b045482fd"> <a href="/versions/v9/software/S0045/"> ADVSTORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9f815df98da84d3796ae7d95cffc9f24"> <a href="/versions/v9/software/S0440/"> Agent Smith </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-5b248b193495413c9facde687b2e847f"> <a href="/versions/v9/software/S0331/"> Agent Tesla </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-5ebfbe1d23fc48cab30374a1245c473c"> <a href="/versions/v9/software/S0092/"> Agent.btz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-30fecf8c31324fd18243df17eaa001bc"> <a href="/versions/v9/software/S0319/"> Allwinner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-650af89e5439418384922ea1c5d7203d"> <a href="/versions/v9/software/S0504/"> Anchor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-e241110c3cfd497987f99cdc22bed84c"> <a href="/versions/v9/software/S0525/"> Android/AdDisplay.Ashas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-c455c275f1104f2b9568877e39ec371a"> <a href="/versions/v9/software/S0304/"> Android/Chuli.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-049ae09456f440f8b186438d24818080"> <a href="/versions/v9/software/S0524/"> AndroidOS/MalLocker.B </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1a447cea39ce4c7d96479b78bb151b38"> <a href="/versions/v9/software/S0310/"> ANDROIDOS_ANSERVER.A </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-518a1b4049754cb68fabe42c4f7be83e"> <a href="/versions/v9/software/S0292/"> AndroRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9f91b583c2284257bfd7b5d2e8ed159e"> <a href="/versions/v9/software/S0422/"> Anubis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2c29f7b3241f4412a6af27efb5267c98"> <a href="/versions/v9/software/S0584/"> AppleJeus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3fceb81ae6334adba4e53928c78aae45"> <a href="/versions/v9/software/S0456/"> Aria-body </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-38c89689838e4cc58ae68c68aa6d2ba8"> <a href="/versions/v9/software/S0099/"> Arp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3ec5cd516aba43e1b565c349e0e0af61"> <a href="/versions/v9/software/S0540/"> Asacub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-d6c4219cc90c4477b8afde579671bd4d"> <a href="/versions/v9/software/S0073/"> ASPXSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-ca5e8e9311c740d8999891bbe66a7473"> <a href="/versions/v9/software/S0373/"> Astaroth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-8f07137280d748029a428f9c869490f1"> <a href="/versions/v9/software/S0110/"> at </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-21ba4399938d430a93a3870b52d4074f"> <a href="/versions/v9/software/S0438/"> Attor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-72cc824120794007bbb90faaaaabea70"> <a href="/versions/v9/software/S0347/"> AuditCred </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-ed6da5f058a44bf2ae11275996b538d4"> <a href="/versions/v9/software/S0129/"> AutoIt backdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-8a6b6cb297d143b7b42383cccacfa307"> <a href="/versions/v9/software/S0473/"> Avenger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-978a5d6b115140139cea6617c618a64f"> <a href="/versions/v9/software/S0344/"> Azorult </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-822554ddc024457796d462a62758ce5c"> <a href="/versions/v9/software/S0414/"> BabyShark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-bff93946cb2d48cf826fd3bff6ab9335"> <a href="/versions/v9/software/S0475/"> BackConfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-50c9eb5bed2745ae87547a9c1796d515"> <a href="/versions/v9/software/S0093/"> Backdoor.Oldrea </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1d4dcd04271e4d3f80126e736572db43"> <a href="/versions/v9/software/S0031/"> BACKSPACE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-aebb4b3c06ce4e56945bcc799a52a88e"> <a href="/versions/v9/software/S0245/"> BADCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9994806518954b64bd5412d9d343ba29"> <a href="/versions/v9/software/S0128/"> BADNEWS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-a26f35ae3d6944469dd839fc3b72f541"> <a href="/versions/v9/software/S0337/"> BadPatch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1a2fbb2fda144f648411131ee14da0c6"> <a href="/versions/v9/software/S0234/"> Bandook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2c8d1b721be04f898f11e64d83e23cc7"> <a href="/versions/v9/software/S0239/"> Bankshot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-10bd8795e03147fc818236863fdd80b5"> <a href="/versions/v9/software/S0534/"> Bazar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-38276d27a0374313a4e7714fdc4059c5"> <a href="/versions/v9/software/S0470/"> BBK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-87f24b07cfd8464692c0cc5c89fccbde"> <a href="/versions/v9/software/S0127/"> BBSRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2e08a24c21a64b2c86e94708c5358265"> <a href="/versions/v9/software/S0574/"> BendyBear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-9ccb2a12b027460abb117c09b0d07ed2"> <a href="/versions/v9/software/S0017/"> BISCUIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-8b3c0ea89a17410293a45ff73448425c"> <a href="/versions/v9/software/S0268/"> Bisonal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-2718d54e72074504b90503b4bc99b07c"> <a href="/versions/v9/software/S0570/"> BitPaymer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3b45607bc5994a338fe62b8db410de1f"> <a href="/versions/v9/software/S0190/"> BITSAdmin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-fc913627c5194c75b21a6940c6944926"> <a href="/versions/v9/software/S0069/"> BLACKCOFFEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-a6a73e3cb1654412bba4a0543decaec8"> <a href="/versions/v9/software/S0089/"> BlackEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-df1ced35d9d94bbc9210e374b3ab67e1"> <a href="/versions/v9/software/S0564/"> BlackMould </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-a6cb5b8bf420475db961cf2c1d907002"> <a href="/versions/v9/software/S0520/"> BLINDINGCAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1f6dc762aa94492885c1c497e0c9ddd1"> <a href="/versions/v9/software/S0521/"> BloodHound </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-02043ab47c384237a7aa4ae2f58bbde3"> <a href="/versions/v9/software/S0486/"> Bonadan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-750a5513c41a4721be478e5d0eca8193"> <a href="/versions/v9/software/S0360/"> BONDUPDATER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-29a722ee137f4dffa821f75ebd28084b"> <a href="/versions/v9/software/S0415/"> BOOSTWRITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-838ad4c53d3f44a481952a144c2bade1"> <a href="/versions/v9/software/S0114/"> BOOTRASH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-6e542a152aff45698a40c0e3355730c4"> <a href="/versions/v9/software/S0293/"> BrainTest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-0f116510c376423bb447f11f31569445"> <a href="/versions/v9/software/S0252/"> Brave Prince </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-f8410717cea048a18d4a1cbfd0d6ec0e"> <a href="/versions/v9/software/S0432/"> Bread </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-14305b258f924dc69805ccca619fc289"> <a href="/versions/v9/software/S0204/"> Briba </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-3c936682994942799c616c5dbfdd1616"> <a href="/versions/v9/software/S0014/"> BS2005 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-54a4b9ab2d6b4cb385713de7b962e14c"> <a href="/versions/v9/software/S0043/"> BUBBLEWRAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-1ec2787799bf4b33a2503115682766e3"> <a href="/versions/v9/software/S0471/"> build_downer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7188c073623b4deea3ad87f4c7b3a4a6-85f3be01078e4d07ae9dcc12d28a350f"> <a href="/versions/v9/software/S0482/"> Bundlore </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="45d7b74aa0944de18130a412091c2509"> <span>C-D</span> <div class="expand-button collapsed" id="45d7b74aa0944de18130a412091c2509-header" data-toggle="collapse" data-target="#45d7b74aa0944de18130a412091c2509-body" aria-expanded="false" aria-controls="#45d7b74aa0944de18130a412091c2509-body"></div> </div> <div class="sidenav-body collapse" id="45d7b74aa0944de18130a412091c2509-body" aria-labelledby="45d7b74aa0944de18130a412091c2509-header"> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-dad0af829bbb4a9395c730410f88e2e7"> <a href="/versions/v9/software/S0119/"> Cachedump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-de6f81ee60034dcbba5a68d8db2e3265"> <a href="/versions/v9/software/S0454/"> Cadelspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-01265574e664494ebcafbfa532b50fc6"> <a href="/versions/v9/software/S0025/"> CALENDAR </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e6ae9e482ffa4d44958f0a0743a60190"> <a href="/versions/v9/software/S0274/"> Calisto </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b7c27f7c3b42438084f65c75a11f6565"> <a href="/versions/v9/software/S0077/"> CallMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-9e34224cc35b4f5f80bede1031672758"> <a href="/versions/v9/software/S0351/"> Cannon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-1be1987dbcdb418ba963efc08035dcb7"> <a href="/versions/v9/software/S0030/"> Carbanak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-cdb5bf3a936c4bd5891db6557758b8e0"> <a href="/versions/v9/software/S0484/"> Carberp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-105da4ac017a475e996da2a02a510117"> <a href="/versions/v9/software/S0335/"> Carbon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e2132eeea32f43f9a10eca6a6b45fc45"> <a href="/versions/v9/software/S0529/"> CarbonSteal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-48735f1d19c5466ca1f0e08e2f140fd2"> <a href="/versions/v9/software/S0348/"> Cardinal RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5e1645f3b9c345ddbd6ae47b727c1147"> <a href="/versions/v9/software/S0465/"> CARROTBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e955430c035e4528a1d5a801c7dc362f"> <a href="/versions/v9/software/S0462/"> CARROTBAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b4dc0bd1f545420b99a1a9e4cc96a103"> <a href="/versions/v9/software/S0261/"> Catchamas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b1a3a7d15ad84f86ab845ed9418b5f30"> <a href="/versions/v9/software/S0572/"> Caterpillar WebShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-48c60ad8c9414793b82ae2e4b18c1d89"> <a href="/versions/v9/software/S0222/"> CCBkdr </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-4ac63d8c3f004beca2c39e03aa9214f0"> <a href="/versions/v9/software/S0480/"> Cerberus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-589addb37a2540cba233dc99523bb4e8"> <a href="/versions/v9/software/S0160/"> certutil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-7cbb910100a6400a9f0908afee4f0e13"> <a href="/versions/v9/software/S0220/"> Chaos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f84cae45f1734efe9a38ff69c4999c68"> <a href="/versions/v9/software/S0323/"> Charger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b7ea032273d14477aef845efab4ac4e1"> <a href="/versions/v9/software/S0144/"> ChChes </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-52fd1fc57d714395a84887087abf19c1"> <a href="/versions/v9/software/S0555/"> CHEMISTGAMES </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-73854f02864544e7bdcfe218c431f145"> <a href="/versions/v9/software/S0107/"> Cherry Picker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-eeaf494c03694aabaedd33c962cef449"> <a href="/versions/v9/software/S0020/"> China Chopper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5348a1bd98264c819cbdbafc413854b4"> <a href="/versions/v9/software/S0023/"> CHOPSTICK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-cd75d2edc6f74f28bec4aad343a3afb3"> <a href="/versions/v9/software/S0602/"> Circles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-c1106e7c997448f9b31530026c59d44b"> <a href="/versions/v9/software/S0054/"> CloudDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-72565e36ba454a99aae137a6ca24c733"> <a href="/versions/v9/software/S0106/"> cmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f131493e37a5488a93a5139a465e1c25"> <a href="/versions/v9/software/S0154/"> Cobalt Strike </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-04d6b8d929e24e56bd31461a3d6948ae"> <a href="/versions/v9/software/S0338/"> Cobian RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-8664bd79ce864898ab5bd66a38e95cf2"> <a href="/versions/v9/software/S0369/"> CoinTicker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-a1b6d60ce8974ebc8e60ebf22f197cc0"> <a href="/versions/v9/software/S0244/"> Comnie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-eab1b3bbaa944f0489a05755a82a2d58"> <a href="/versions/v9/software/S0126/"> ComRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b3a86a366f3147cf9243008da1d3779b"> <a href="/versions/v9/software/S0426/"> Concipit1248 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-cbb4d5b88d2648fab212979e84a8eda4"> <a href="/versions/v9/software/S0591/"> ConnectWise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-10b66095858747c283c1b835297089dc"> <a href="/versions/v9/software/S0575/"> Conti </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-636f8f0797d34c4c98a8db4a12ce97a3"> <a href="/versions/v9/software/S0492/"> CookieMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5e2920a47cd04278a5ed7f647796e216"> <a href="/versions/v9/software/S0212/"> CORALDECK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-691179444b504df79e5cde4d7ef407eb"> <a href="/versions/v9/software/S0137/"> CORESHELL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5bcc7a6ed46d41d0a655b69190233504"> <a href="/versions/v9/software/S0425/"> Corona Updates </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-7ddeee50080b41bfaa7aa2ff81d7636c"> <a href="/versions/v9/software/S0050/"> CosmicDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-46b4abcccb0f4fc7b64dec9039e06d1c"> <a href="/versions/v9/software/S0046/"> CozyCar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-ff1c32c259394e37830d8f88222a3035"> <a href="/versions/v9/software/S0488/"> CrackMapExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-85e1e120a7844821bc6e61fe91780793"> <a href="/versions/v9/software/S0115/"> Crimson </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-76f3ee6d70e84263810dae1d8f61f0df"> <a href="/versions/v9/software/S0235/"> CrossRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-1491ddb715884b50af82d4be6b3813cc"> <a href="/versions/v9/software/S0538/"> Crutch </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-4917f92d6b2a4fc992cfb2c5509e9c04"> <a href="/versions/v9/software/S0498/"> Cryptoistic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d8b7b5f1e00a4c2da5abc58d62e64d2f"> <a href="/versions/v9/software/S0527/"> CSPY Downloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b609e4bb10af49fe94202373f70a947a"> <a href="/versions/v9/software/S0497/"> Dacls </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e85c09afbce04478afc62f2c5dae9a8f"> <a href="/versions/v9/software/S0334/"> DarkComet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-2972aba1d08242c397b6e568e422ce90"> <a href="/versions/v9/software/S0187/"> Daserf </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-825bc4f61d1b4bafab04caba19a26e88"> <a href="/versions/v9/software/S0255/"> DDKONG </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-47d1e9e048a941b3ae254814d2028265"> <a href="/versions/v9/software/S0243/"> DealersChoice </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e3a46bb9605b456bb082db70738d7714"> <a href="/versions/v9/software/S0479/"> DEFENSOR ID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-c850e96cf9ca4b1daf8743091f92c3be"> <a href="/versions/v9/software/S0301/"> Dendroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-999990709ba842358ab749cedb6318e0"> <a href="/versions/v9/software/S0354/"> Denis </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b0e6ee62f57d449187222d1b29795390"> <a href="/versions/v9/software/S0021/"> Derusbi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5f3f9ca9a3184c78a97a5f9134802f97"> <a href="/versions/v9/software/S0505/"> Desert Scorpion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d2b4fb9f315541ec9daff39f1f1f1578"> <a href="/versions/v9/software/S0200/"> Dipsind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-3cc8a2c475954ea1a01aefa8ad1f02e1"> <a href="/versions/v9/software/S0213/"> DOGCALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-0af4d57a58b748389510a5707b46bef7"> <a href="/versions/v9/software/S0281/"> Dok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-e79202c9fc8e47958dd3c0594270b149"> <a href="/versions/v9/software/S0600/"> Doki </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-5b685bd7b0e54ab2ab1dfb1dcbe5f87e"> <a href="/versions/v9/software/S0550/"> DoubleAgent </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d40e4c25800e492f9fa0d7237d6a6574"> <a href="/versions/v9/software/S0472/"> down_new </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-318f3e3aba4247249bcd3315cdef6e9e"> <a href="/versions/v9/software/S0134/"> Downdelph </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-73f7193d85bc456abf76b76e23a5408b"> <a href="/versions/v9/software/S0186/"> DownPaper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-d78df7f9ce6445839574b0de511cee94"> <a href="/versions/v9/software/S0300/"> DressCode </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-fa4cbfb5fb2b4924ba720a7471e0c7d7"> <a href="/versions/v9/software/S0384/"> Dridex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f29dec5d90124dc383fd704790a56adf"> <a href="/versions/v9/software/S0320/"> DroidJack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-72e27647836b41d2891f3aa86e9eb5d7"> <a href="/versions/v9/software/S0547/"> DropBook </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-082862e8aaa4476a85feb3fa0b4ee427"> <a href="/versions/v9/software/S0502/"> Drovorub </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-b45370169aca4afbbf90a25713df83f4"> <a href="/versions/v9/software/S0105/"> dsquery </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-83ab160e2f944e0f930ec564eee30b1f"> <a href="/versions/v9/software/S0567/"> Dtrack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-ea784617c55649e5afd0ff7592ee5748"> <a href="/versions/v9/software/S0315/"> DualToy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-8401eaf6aa7140c8ad9c02f4b93991a5"> <a href="/versions/v9/software/S0038/"> Duqu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-37dcdb82678c40f5844d6a6da1ac99b9"> <a href="/versions/v9/software/S0062/"> DustySky </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-0a68233f002244dc816940be9a0c5a91"> <a href="/versions/v9/software/S0420/"> Dvmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="45d7b74aa0944de18130a412091c2509-f698142a09fe40f0acd96f3e06ff4a62"> <a href="/versions/v9/software/S0024/"> Dyre </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="995763ff60774cf6905e1c1225aa6cd3"> <span>E-F</span> <div class="expand-button collapsed" id="995763ff60774cf6905e1c1225aa6cd3-header" data-toggle="collapse" data-target="#995763ff60774cf6905e1c1225aa6cd3-body" aria-expanded="false" aria-controls="#995763ff60774cf6905e1c1225aa6cd3-body"></div> </div> <div class="sidenav-body collapse" id="995763ff60774cf6905e1c1225aa6cd3-body" aria-labelledby="995763ff60774cf6905e1c1225aa6cd3-header"> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-440f7c89572f45459fde0f2b3f78af44"> <a href="/versions/v9/software/S0377/"> Ebury </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-af702b2b4d1c4369b91a94f544ed9dc5"> <a href="/versions/v9/software/S0593/"> ECCENTRICBANDWAGON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-92800ced9f9c49e1801f9b0515ccd9bc"> <a href="/versions/v9/software/S0554/"> Egregor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-1c4639d52c5b42619d9241b0af6162b2"> <a href="/versions/v9/software/S0081/"> Elise </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-3837c26de33f42e2859703e13989f07e"> <a href="/versions/v9/software/S0064/"> ELMER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-579ebdbfad37467b8b654b1762fafcb3"> <a href="/versions/v9/software/S0082/"> Emissary </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-4d64ad85a3ae425b9b27317efba9b8ee"> <a href="/versions/v9/software/S0367/"> Emotet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-36953764dc7148d68be75e1c0d44df6b"> <a href="/versions/v9/software/S0363/"> Empire </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-315be8b1c5414f41b96c87ed4d5bda14"> <a href="/versions/v9/software/S0091/"> Epic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-b6cb7a3c66734b75b3b2947b812f6015"> <a href="/versions/v9/software/S0404/"> esentutl </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-501630d620c64844aad50e4efda919b0"> <a href="/versions/v9/software/S0507/"> eSurv </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-f6a6f27546ae4243931a90dab5c9c05a"> <a href="/versions/v9/software/S0478/"> EventBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-39969cce13a0435ab804d1966e0c0d06"> <a href="/versions/v9/software/S0396/"> EvilBunny </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-ae9c39bd012b4b42b7b93ec2aa085252"> <a href="/versions/v9/software/S0152/"> EvilGrab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-becba6a835494476ba9ba67466806cc1"> <a href="/versions/v9/software/S0568/"> EVILNUM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-38e3cf036c114a428b8ebd0949b04ca0"> <a href="/versions/v9/software/S0401/"> Exaramel for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-8fe762f488324340bf591085e32ed4f0"> <a href="/versions/v9/software/S0343/"> Exaramel for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-1efdb46c675244fe9905f40dab34784d"> <a href="/versions/v9/software/S0522/"> Exobot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-65873afe72f347ec9c23193d4ea207cb"> <a href="/versions/v9/software/S0405/"> Exodus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-9c9808f5b39742e7a7c8851232fc98b3"> <a href="/versions/v9/software/S0361/"> Expand </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-f036159060774437a649ecff71d96392"> <a href="/versions/v9/software/S0569/"> Explosive </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-1bb75bf13b454132b4f2d6f49ad79196"> <a href="/versions/v9/software/S0076/"> FakeM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-e27cb3bd2d1e4db5bdf971b4a6810657"> <a href="/versions/v9/software/S0509/"> FakeSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-44bd9661e61345439195a28bbfef165b"> <a href="/versions/v9/software/S0181/"> FALLCHILL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-c7a52e1061e54cb7a7e54d126e19f36c"> <a href="/versions/v9/software/S0512/"> FatDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-8b957d75690d428bb943f4ff6c4f0409"> <a href="/versions/v9/software/S0171/"> Felismus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-7b8d3d8c16574e1c86904ecdefc66495"> <a href="/versions/v9/software/S0267/"> FELIXROOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-2660039fd2ba487ba124a9c4ee077db4"> <a href="/versions/v9/software/S0120/"> Fgdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-3a17a2e1458f4f3ca0b6cb0ec557cbe9"> <a href="/versions/v9/software/S0355/"> Final1stspy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-dae234fb63374b9ea14e943efd098143"> <a href="/versions/v9/software/S0182/"> FinFisher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-4f617b954de64c9fba3e2384f654a9bd"> <a href="/versions/v9/software/S0143/"> Flame </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-89c77272716844e3a5ff144d0f7d96a8"> <a href="/versions/v9/software/S0036/"> FLASHFLOOD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-23cd0ec2130b4cb08fade93190bfc2c9"> <a href="/versions/v9/software/S0381/"> FlawedAmmyy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-41c0eac5fe6b48cb9b590f3008ec18d0"> <a href="/versions/v9/software/S0383/"> FlawedGrace </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-b24d12ea13284553a4ce495c23ec2da9"> <a href="/versions/v9/software/S0408/"> FlexiSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-0004f61cbecc488e950b5d5823945b87"> <a href="/versions/v9/software/S0173/"> FLIPSIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-a4dd54ccde59437a951a3a43ea883a43"> <a href="/versions/v9/software/S0193/"> Forfiles </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-08df06ecbf794e4b9f186eb39d9f2454"> <a href="/versions/v9/software/S0503/"> FrameworkPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-f984817dbfcd4011b2cd08e2e36f520e"> <a href="/versions/v9/software/S0577/"> FrozenCell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-e90edf8b275e46f188cb74dcec6105b0"> <a href="/versions/v9/software/S0277/"> FruitFly </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-eaf3bceec6a24054ad25195399c9b56b"> <a href="/versions/v9/software/S0095/"> FTP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="995763ff60774cf6905e1c1225aa6cd3-6dc5615da30647799b4fd29942a7601d"> <a href="/versions/v9/software/S0410/"> Fysbis </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="7dda4863994e41969314028147217d4b"> <span>G-H</span> <div class="expand-button collapsed" id="7dda4863994e41969314028147217d4b-header" data-toggle="collapse" data-target="#7dda4863994e41969314028147217d4b-body" aria-expanded="false" aria-controls="#7dda4863994e41969314028147217d4b-body"></div> </div> <div class="sidenav-body collapse" id="7dda4863994e41969314028147217d4b-body" aria-labelledby="7dda4863994e41969314028147217d4b-header"> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-96c3a7e149f8443883fb29e3fb8c17d0"> <a href="/versions/v9/software/S0168/"> Gazer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-068b14a3f8904e0393a7c41db7899025"> <a href="/versions/v9/software/S0049/"> GeminiDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-39539bdfc5554eeb9861f2b88936cc13"> <a href="/versions/v9/software/S0460/"> Get2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-1379197e041e4f49b753bbad9ab55d5d"> <a href="/versions/v9/software/S0032/"> gh0st RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0a1b690dca9c424c9dd3d3d84aee2a12"> <a href="/versions/v9/software/S0423/"> Ginp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0fb3045a074c41fb8186f4bba6880ca4"> <a href="/versions/v9/software/S0026/"> GLOOXMAIL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0b4bdbfb8cac4d7b91b45c06510b664f"> <a href="/versions/v9/software/S0249/"> Gold Dragon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-32b08aa056464f55879d72bcfc3f1c7e"> <a href="/versions/v9/software/S0535/"> Golden Cup </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-61f827c3521242968b6917fc1c89d1ef"> <a href="/versions/v9/software/S0551/"> GoldenEagle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-b6542052a3c045c0975867c84f7f8ac9"> <a href="/versions/v9/software/S0493/"> GoldenSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-57504368f36f4b009a5db0bd1c4e5ca5"> <a href="/versions/v9/software/S0597/"> GoldFinder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-ec7a7bb8ff1b42fca43931d4508c6893"> <a href="/versions/v9/software/S0588/"> GoldMax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-199454843d354ee585d312061c05c59b"> <a href="/versions/v9/software/S0421/"> GolfSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-bb53aabf90a84a4f983d725c0bf4d753"> <a href="/versions/v9/software/S0290/"> Gooligan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-5ea97ac576bc4a299da0082d0d97e5fb"> <a href="/versions/v9/software/S0477/"> Goopy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0d14e13bfec04b78acf37473f35c2de7"> <a href="/versions/v9/software/S0536/"> GPlayed </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-60fe034b7b5c4d219234baa028eb05c2"> <a href="/versions/v9/software/S0531/"> Grandoreiro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-bb8c6a5e36974e7a9a1482a005f50e52"> <a href="/versions/v9/software/S0237/"> GravityRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-0a6266a7b2b04e968513cc93e5c21308"> <a href="/versions/v9/software/S0342/"> GreyEnergy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-11d60f2256f643ccb5d3365f842ed916"> <a href="/versions/v9/software/S0417/"> GRIFFON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-578c22d4f5054d6f96295dc9bccadfd7"> <a href="/versions/v9/software/S0008/"> gsecdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-7c07dfc2afba4c31a9ae969b7a565793"> <a href="/versions/v9/software/S0561/"> GuLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-1163df4d3fd2447dbaa2b50e21bfb631"> <a href="/versions/v9/software/S0406/"> Gustuff </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-f3d85c50ecac4af790400f86293fbfc6"> <a href="/versions/v9/software/S0132/"> H1N1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-8b9a871d7bc949e2b245482480f41887"> <a href="/versions/v9/software/S0047/"> Hacking Team UEFI Rootkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-2686b8a32f264a4ea8725539a6c0138a"> <a href="/versions/v9/software/S0151/"> HALFBAKED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-6ddd8a7c2fcc44a6be4fecf905f28dc6"> <a href="/versions/v9/software/S0037/"> HAMMERTOSS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-098de606790d4a6b9f96822c8c9cf8bb"> <a href="/versions/v9/software/S0499/"> Hancitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-887e37ed1c9a4af1a7f6a0ee03658e97"> <a href="/versions/v9/software/S0214/"> HAPPYWORK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-bb6014d8e91d4bb09a5435ea0469c61c"> <a href="/versions/v9/software/S0246/"> HARDRAIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-2e825e70c3154d4b9b5daaa719bfd71f"> <a href="/versions/v9/software/S0224/"> Havij </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-df118731429a492dab61890aa302cccb"> <a href="/versions/v9/software/S0391/"> HAWKBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-763c001420674678b586a1a6371e2090"> <a href="/versions/v9/software/S0071/"> hcdLoader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-9cb257c7297241389f7ef7b505836f66"> <a href="/versions/v9/software/S0061/"> HDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-b4264d11660f43aebbf18b58acc38578"> <a href="/versions/v9/software/S0170/"> Helminth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-66fb445f47b44daea9a51c95c2e89e69"> <a href="/versions/v9/software/S0544/"> HenBox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-624ac6fa8f7548c88de3a1f492371a85"> <a href="/versions/v9/software/S0087/"> Hi-Zor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-4174588c8a784aa7b86bf44cca029f0e"> <a href="/versions/v9/software/S0394/"> HiddenWasp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-56d093a3a65940c5ab13c4c46b6c6a41"> <a href="/versions/v9/software/S0135/"> HIDEDRV </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-f7582b8b16d646b18d1cccc40502e080"> <a href="/versions/v9/software/S0009/"> Hikit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-cfbb1a3b2af84107b3b553ca52b0dc9a"> <a href="/versions/v9/software/S0601/"> Hildegard </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-259bb3505eae4ad9a7e20f92398a645b"> <a href="/versions/v9/software/S0232/"> HOMEFRY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-8da03ca68df54ae2bb0a6bb4159869ce"> <a href="/versions/v9/software/S0376/"> HOPLIGHT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-af129521a0f9411d9ce612a0fcbcc38e"> <a href="/versions/v9/software/S0431/"> HotCroissant </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-f64a8f347ef74cd4a081e01eca2e7eab"> <a href="/versions/v9/software/S0040/"> HTRAN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-a45716a36032488c8e9948a50838c255"> <a href="/versions/v9/software/S0070/"> HTTPBrowser </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-50729d64d668464dbbc7c8330fdad07c"> <a href="/versions/v9/software/S0068/"> httpclient </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-b446f4c7d5ed4f38847b873ff1fe1964"> <a href="/versions/v9/software/S0322/"> HummingBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-6a05d0e232b2476bb6dfc8eef44dedb8"> <a href="/versions/v9/software/S0321/"> HummingWhale </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-d7ba3aafe5f74bc691385c71cfbbeb70"> <a href="/versions/v9/software/S0203/"> Hydraq </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-9a14ee55c92944d3bd6e444a4a03dc34"> <a href="/versions/v9/software/S0398/"> HyperBro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="7dda4863994e41969314028147217d4b-7f65bf8eade14e8aa999c61158f72523"> <a href="/versions/v9/software/S0537/"> HyperStack </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="1fb850c336df45e2badf3c675ecf29e3"> <span>I-J</span> <div class="expand-button collapsed" id="1fb850c336df45e2badf3c675ecf29e3-header" data-toggle="collapse" data-target="#1fb850c336df45e2badf3c675ecf29e3-body" aria-expanded="false" aria-controls="#1fb850c336df45e2badf3c675ecf29e3-body"></div> </div> <div class="sidenav-body collapse" id="1fb850c336df45e2badf3c675ecf29e3-body" aria-labelledby="1fb850c336df45e2badf3c675ecf29e3-header"> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-3d40ba62c14a493480edc1728666aeba"> <a href="/versions/v9/software/S0483/"> IcedID </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-b4182532aaa24485af90d97a9aa1952e"> <a href="/versions/v9/software/S0101/"> ifconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-6beee0141dac4625afc4478f6a4b78bf"> <a href="/versions/v9/software/S0278/"> iKitten </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-8d781293905445ee8e05d26859313757"> <a href="/versions/v9/software/S0434/"> Imminent Monitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-7684f92140c243608b02a6d042cc465f"> <a href="/versions/v9/software/S0357/"> Impacket </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-da794609c7994d7c95075ceb3b1ebc0f"> <a href="/versions/v9/software/S0259/"> InnaputRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-01130ca148184b70a711973a77fa0806"> <a href="/versions/v9/software/S0463/"> INSOMNIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head active" id="1fb850c336df45e2badf3c675ecf29e3-4a36b62bf4e34ed387f8a2346700f719"> <a href="/versions/v9/software/S0260/"> InvisiMole </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-a7c39411776c4e8690ea794ca7f38620"> <a href="/versions/v9/software/S0231/"> Invoke-PSImage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-233c3873a10e44428baa1e141eab02d8"> <a href="/versions/v9/software/S0100/"> ipconfig </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-9c613e68b89d408bbc1fb7f58e6c10da"> <a href="/versions/v9/software/S0581/"> IronNetInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-26fa4f3bda444405993504417e0e14b8"> <a href="/versions/v9/software/S0189/"> ISMInjector </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-bbcc26bad22740c1bc33863e7613b32c"> <a href="/versions/v9/software/S0015/"> Ixeshe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-279190baddd04d27942986d05a0202d6"> <a href="/versions/v9/software/S0163/"> Janicab </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-dbf21dc30e9c4484893c9fe96a1a7709"> <a href="/versions/v9/software/S0528/"> Javali </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-9dcb81f14ce74a14bf7d792831629db5"> <a href="/versions/v9/software/S0389/"> JCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-aab2f351221148e9aa59b738ebef31a9"> <a href="/versions/v9/software/S0044/"> JHUHUGIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-a199308d03e542e4a9cb13b225f64f3b"> <a href="/versions/v9/software/S0201/"> JPIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-00c9db0c3eed46108db3d22e71e08a8d"> <a href="/versions/v9/software/S0283/"> jRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1fb850c336df45e2badf3c675ecf29e3-23903cfe984d444cb9a0c1eb6e97d98f"> <a href="/versions/v9/software/S0325/"> Judy </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="56cffb3dd4fc4e38868dba75d49ec567"> <span>K-L</span> <div class="expand-button collapsed" id="56cffb3dd4fc4e38868dba75d49ec567-header" data-toggle="collapse" data-target="#56cffb3dd4fc4e38868dba75d49ec567-body" aria-expanded="false" aria-controls="#56cffb3dd4fc4e38868dba75d49ec567-body"></div> </div> <div class="sidenav-body collapse" id="56cffb3dd4fc4e38868dba75d49ec567-body" aria-labelledby="56cffb3dd4fc4e38868dba75d49ec567-header"> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f77ada02ba3e4f8b9eb4c0859a06f549"> <a href="/versions/v9/software/S0215/"> KARAE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-d67dff796de24c7bbbf867bc80233183"> <a href="/versions/v9/software/S0088/"> Kasidet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-ececab99072d48f1adc66cd5378e94f5"> <a href="/versions/v9/software/S0265/"> Kazuar </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f8847c79826b46438ddee9c498526222"> <a href="/versions/v9/software/S0585/"> Kerrdown </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-7fd9cc8646384389a9999c3f7177eb07"> <a href="/versions/v9/software/S0487/"> Kessel </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-4f1a8954e70c4a6b8545fbe79858a59a"> <a href="/versions/v9/software/S0387/"> KeyBoy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f98ce974c937466abda3fd8dbe8891d6"> <a href="/versions/v9/software/S0276/"> Keydnap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-5f3b7542656242bdb46e39d3b4c4f72f"> <a href="/versions/v9/software/S0271/"> KEYMARBLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-64e1d76b46764879b2b5a2ead9c78a87"> <a href="/versions/v9/software/S0288/"> KeyRaider </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-4657bc4617c149afb9f585b96923b600"> <a href="/versions/v9/software/S0526/"> KGH_SPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-bbaed415b2d242b887372c5311efc1d7"> <a href="/versions/v9/software/S0599/"> Kinsing </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-7bc048a70ad244b3bb873a699e730598"> <a href="/versions/v9/software/S0437/"> Kivars </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-2daeb36dc3d2442d9c0903f066ba60a7"> <a href="/versions/v9/software/S0250/"> Koadic </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-472418f1763441aa8fedc6330cfbbbcb"> <a href="/versions/v9/software/S0162/"> Komplex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-9373784fcfe04a0393f3ebcee431beaf"> <a href="/versions/v9/software/S0156/"> KOMPROGO </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-b7ac592a1cee47dd81b8ceb1191f8d83"> <a href="/versions/v9/software/S0356/"> KONNI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-3034cdc6a1f141f8b87065bca529b203"> <a href="/versions/v9/software/S0236/"> Kwampirs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-e966a5795b8c45229f5d87ba392be3f6"> <a href="/versions/v9/software/S0349/"> LaZagne </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-18df2766ab6f470c93d06ba657a07ce0"> <a href="/versions/v9/software/S0395/"> LightNeuron </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-fed64c4332ed4ac6b437ecd0575fc475"> <a href="/versions/v9/software/S0211/"> Linfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-36377314560944ef9afdbded7f3b3b55"> <a href="/versions/v9/software/S0362/"> Linux Rabbit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-d2335b6d5bbd4f399f2ff6874a52eb39"> <a href="/versions/v9/software/S0372/"> LockerGoga </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-2da91ae36682427b89a2aec900a16f70"> <a href="/versions/v9/software/S0397/"> LoJax </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-595c207eec2c42eb9eba8164b7c41ffa"> <a href="/versions/v9/software/S0447/"> Lokibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-e13b6d6e12b545ab9708c99547d9250b"> <a href="/versions/v9/software/S0582/"> LookBack </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-f172a7d526304444b76d8be5a7b233ea"> <a href="/versions/v9/software/S0451/"> LoudMiner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-0c323671203948c4a80babf1dc1ed468"> <a href="/versions/v9/software/S0042/"> LOWBALL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-4a4f0b3db0bf4f03a24f7bcedfd3695b"> <a href="/versions/v9/software/S0121/"> Lslsass </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-e51744fa8f084fbca7800c3005f93f73"> <a href="/versions/v9/software/S0532/"> Lucifer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="56cffb3dd4fc4e38868dba75d49ec567-b16a3ead86764bc08a02d401e0c7ddef"> <a href="/versions/v9/software/S0010/"> Lurid </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="39e3ccf5e40641dd904b0d11d0c696e4"> <span>M-N</span> <div class="expand-button collapsed" id="39e3ccf5e40641dd904b0d11d0c696e4-header" data-toggle="collapse" data-target="#39e3ccf5e40641dd904b0d11d0c696e4-body" aria-expanded="false" aria-controls="#39e3ccf5e40641dd904b0d11d0c696e4-body"></div> </div> <div class="sidenav-body collapse" id="39e3ccf5e40641dd904b0d11d0c696e4-body" aria-labelledby="39e3ccf5e40641dd904b0d11d0c696e4-header"> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-ad929117e09c414a99510c6884b8fbbd"> <a href="/versions/v9/software/S0409/"> Machete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-1be03db82b904c3d9c3def4cd5307df3"> <a href="/versions/v9/software/S0282/"> MacSpy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-854f7ba19f764fafa71f39422a209dc3"> <a href="/versions/v9/software/S0413/"> MailSniper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-6c7f7d70f91140f3a5cb1346216d79e9"> <a href="/versions/v9/software/S0485/"> Mandrake </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-6df4c2455a694f588b7e7f48db1d1320"> <a href="/versions/v9/software/S0317/"> Marcher </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3908733201d1485397d84dbbba44a8c6"> <a href="/versions/v9/software/S0167/"> Matryoshka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-da462f365ca0493786b531201ad50e96"> <a href="/versions/v9/software/S0303/"> MazarBOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-a7abc2ef8f8f4c6a8ad7e3fe1f7e172a"> <a href="/versions/v9/software/S0449/"> Maze </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-ae9a0cccb9d740ce8c9eaea8013a9ea3"> <a href="/versions/v9/software/S0500/"> MCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-cf63d9e793ff4bb79c8d6f1621a598bd"> <a href="/versions/v9/software/S0459/"> MechaFlounder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c790a4e42ac341c3955c5bf4447c2ab0"> <a href="/versions/v9/software/S0175/"> meek </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-8721b77ee5184cea8335bd7254836979"> <a href="/versions/v9/software/S0576/"> MegaCortex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-721a9f2030c0422cbd7392e72c28584a"> <a href="/versions/v9/software/S0530/"> Melcoz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-f8f4d0bce12b4736bd4f3bfdf90584de"> <a href="/versions/v9/software/S0443/"> MESSAGETAP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-1da54db31e6d4b64a31852798f0d4990"> <a href="/versions/v9/software/S0455/"> Metamorfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-004261e81643479e991be592c70f5062"> <a href="/versions/v9/software/S0339/"> Micropsia </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-5ecf9de241b64124a1fb9e357f3a8813"> <a href="/versions/v9/software/S0002/"> Mimikatz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c478b0248ea24614944a6a2e4952c95b"> <a href="/versions/v9/software/S0179/"> MimiPenguin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c3e1dd27da46472caf37200b211d2ac5"> <a href="/versions/v9/software/S0133/"> Miner-C </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-bad0c4c4be6e42fab0dd5f6cb168478e"> <a href="/versions/v9/software/S0051/"> MiniDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-36c0a28ca3cc4a84b795cb71ef88906c"> <a href="/versions/v9/software/S0280/"> MirageFox </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-9be1eb1f139e4855a1e496520c428b67"> <a href="/versions/v9/software/S0084/"> Mis-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3e7c4a59633444c9a2b513a17f677b8a"> <a href="/versions/v9/software/S0083/"> Misdat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-39f1845f13494108bb8d9ceac30747b2"> <a href="/versions/v9/software/S0080/"> Mivast </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3823ed1fcb6a4963a5892b961f2d5c58"> <a href="/versions/v9/software/S0079/"> MobileOrder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-f3283bf6f961410daa182f9c616fe683"> <a href="/versions/v9/software/S0553/"> MoleNet </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3cc87a218f854f01a39b074ce385493d"> <a href="/versions/v9/software/S0407/"> Monokle </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-24b9f40b56bb414e8646435a75c0789d"> <a href="/versions/v9/software/S0149/"> MoonWind </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-78e27f7765e442f0ad63cad93b6c7623"> <a href="/versions/v9/software/S0284/"> More_eggs </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-8187b4ae14764ffa8f6955b6631e7b9c"> <a href="/versions/v9/software/S0256/"> Mosquito </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-1bbd06698a184d7a928ab3b978fa6b0e"> <a href="/versions/v9/software/S0233/"> MURKYTOP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-329d993dff564edeab6a3e8a3c047a83"> <a href="/versions/v9/software/S0205/"> Naid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-57bb1e806b094adaa76a5d5ac422df66"> <a href="/versions/v9/software/S0228/"> NanHaiShu </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-383d88f910024a9b96534b50707590c5"> <a href="/versions/v9/software/S0336/"> NanoCore </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c145f2bf6cd343f0bbe141b4b872bc36"> <a href="/versions/v9/software/S0247/"> NavRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-4ac9ba123fd24f51a2673406d350b453"> <a href="/versions/v9/software/S0590/"> NBTscan </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-237cd62fb48c46e79a89c0d95816211a"> <a href="/versions/v9/software/S0102/"> nbtstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-8239c6acce7345d7b214877a597b547b"> <a href="/versions/v9/software/S0272/"> NDiskMonitor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-2cbaccb651054ac980f1cb98119c41d2"> <a href="/versions/v9/software/S0210/"> Nerex </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-3451e90b94af4b0692914f9ed0d77855"> <a href="/versions/v9/software/S0039/"> Net </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-ba349ab92da348918f09459989f1b0d0"> <a href="/versions/v9/software/S0056/"> Net Crawler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-82712a11e595430088def8ae706e1dcb"> <a href="/versions/v9/software/S0034/"> NETEAGLE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-99911262ee034dfba7696a9ebbe9f7a7"> <a href="/versions/v9/software/S0108/"> netsh </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-e0b2b87eb57e4b968dd5ac1b5c686caa"> <a href="/versions/v9/software/S0104/"> netstat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-d0c11584f2b74392b2d1f533f81371ae"> <a href="/versions/v9/software/S0033/"> NetTraveler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-421955b56ae1467bb0e5d76189f39f25"> <a href="/versions/v9/software/S0457/"> Netwalker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-cc3558cc87ec4534b60db1eb81343fd6"> <a href="/versions/v9/software/S0198/"> NETWIRE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-4869ab27832a4c089c48b3526b840df4"> <a href="/versions/v9/software/S0508/"> Ngrok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-bf54a356521245f3a0cfdeb480f90796"> <a href="/versions/v9/software/S0118/"> Nidiran </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-70a2e95f5fc5468293820c24cc00e5ba"> <a href="/versions/v9/software/S0385/"> njRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-7853dd3460244e25835b6e07a6564e72"> <a href="/versions/v9/software/S0359/"> Nltest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-06008a854bea4165bf51aa294c9a5439"> <a href="/versions/v9/software/S0353/"> NOKKI </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-c851e818d6504bcab55a8eeb452ef612"> <a href="/versions/v9/software/S0299/"> NotCompatible </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="39e3ccf5e40641dd904b0d11d0c696e4-5db08187e1f04e6785664ec216fb438b"> <a href="/versions/v9/software/S0368/"> NotPetya </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="765d7bcc2f35481abaf311c71e691b83"> <span>O-P</span> <div class="expand-button collapsed" id="765d7bcc2f35481abaf311c71e691b83-header" data-toggle="collapse" data-target="#765d7bcc2f35481abaf311c71e691b83-body" aria-expanded="false" aria-controls="#765d7bcc2f35481abaf311c71e691b83-body"></div> </div> <div class="sidenav-body collapse" id="765d7bcc2f35481abaf311c71e691b83-body" aria-labelledby="765d7bcc2f35481abaf311c71e691b83-header"> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-d02af7fe8e3041e9a094fb891ea9a6d8"> <a href="/versions/v9/software/S0286/"> OBAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-eed06a361c6249e49fd10519e054f6a1"> <a href="/versions/v9/software/S0346/"> OceanSalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-733a765d980747a1a5702334bcf168bb"> <a href="/versions/v9/software/S0340/"> Octopus </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-aa36d57739a944a5aafadc4cd9f6955d"> <a href="/versions/v9/software/S0439/"> Okrum </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-e79b3832a34c4be59e591111a511f0a3"> <a href="/versions/v9/software/S0138/"> OLDBAIT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-33a51d03895544248d4d463fabd5237d"> <a href="/versions/v9/software/S0285/"> OldBoot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-512d584663794170a397f688f117bb7b"> <a href="/versions/v9/software/S0365/"> Olympic Destroyer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-622e5f32421d4c4696d0976414810b0a"> <a href="/versions/v9/software/S0052/"> OnionDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-37b25c0eb5ba4e7dbf4e08fc20a9364a"> <a href="/versions/v9/software/S0264/"> OopsIE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-dc8e7d261028475f8987251e1040691f"> <a href="/versions/v9/software/S0229/"> Orz </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-3ce2ce7ebdcd41c0836de01cdf9ed07e"> <a href="/versions/v9/software/S0165/"> OSInfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-15ee2f0eaf9f45588448b0c93fb0b65c"> <a href="/versions/v9/software/S0402/"> OSX/Shlayer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-6d9b8ade4f4248c894b2c74d12867cc1"> <a href="/versions/v9/software/S0352/"> OSX_OCEANLOTUS.D </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-73b29d4d4489437687f4239e5813dcd2"> <a href="/versions/v9/software/S0594/"> Out1 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-248016dca2af41718474a50fb029859f"> <a href="/versions/v9/software/S0072/"> OwaAuth </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-0a7b03a25954470b8146c88e68f15067"> <a href="/versions/v9/software/S0598/"> P.A.S. Webshell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-bac0568ce8fe451d9ecd40b8dbae3265"> <a href="/versions/v9/software/S0016/"> P2P ZeuS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a65692d250264a7e8363058ba9620bb8"> <a href="/versions/v9/software/S0399/"> Pallas </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-9f8e69e8e9974f32a0e7a0aaf6bc7cf7"> <a href="/versions/v9/software/S0208/"> Pasam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-77943927dbf84eaf9d063afb4d9558ce"> <a href="/versions/v9/software/S0122/"> Pass-The-Hash Toolkit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-29c42cf923454e23a0b49b593759b21e"> <a href="/versions/v9/software/S0556/"> Pay2Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1580852c70904a4d92fff291b51efcc7"> <a href="/versions/v9/software/S0316/"> Pegasus for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-564799ac5bbf4df18c94663955e465dc"> <a href="/versions/v9/software/S0289/"> Pegasus for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-d3a5b3f2de99484184392431d06ee6e9"> <a href="/versions/v9/software/S0587/"> Penquin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a062fb28bd634dd2b7dd5b0c6cc78556"> <a href="/versions/v9/software/S0158/"> PHOREAL </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b1344bfc5b5e4a24aba03e74eda7556b"> <a href="/versions/v9/software/S0517/"> Pillowmint </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-2a27e3fa9f4c4de8a09b279088b9e1c4"> <a href="/versions/v9/software/S0048/"> PinchDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-ff886d9db7c84ee1ac33f6644f497643"> <a href="/versions/v9/software/S0097/"> Ping </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-5e2b48ed7eb84c3e9ee931eca5e4b6ab"> <a href="/versions/v9/software/S0501/"> PipeMon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b86fea5e5f1047d5b69331b71696ec8c"> <a href="/versions/v9/software/S0124/"> Pisloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-d291369e05324e859f7c5c8468f1f7c6"> <a href="/versions/v9/software/S0291/"> PJApps </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-5b560a3bb78540cfb3b65fd33cba0ceb"> <a href="/versions/v9/software/S0254/"> PLAINTEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-e1f529ec6cd14dbd9e4944898fa33021"> <a href="/versions/v9/software/S0435/"> PLEAD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-ad32b797007648db98eac0516e701208"> <a href="/versions/v9/software/S0013/"> PlugX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-4cb2b1be41f64c889593fb025d2b2dc9"> <a href="/versions/v9/software/S0067/"> pngdowner </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1e37110d87664e1d9a70d1917b812b5b"> <a href="/versions/v9/software/S0428/"> PoetRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-c3910be3a28e447abea8b2e49d19cd14"> <a href="/versions/v9/software/S0012/"> PoisonIvy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-edd68a24caa547f7bd36ee48b0b82aeb"> <a href="/versions/v9/software/S0518/"> PolyglotDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-75ad2d21cb6849ca847ae90683a4bde4"> <a href="/versions/v9/software/S0453/"> Pony </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-84da3071627c48a0b11c6b066638c810"> <a href="/versions/v9/software/S0216/"> POORAIM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-78c179ad0ba04768bfa9e02a7c1b77c0"> <a href="/versions/v9/software/S0378/"> PoshC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-c978ee001e4545bb86eb5c19c5681c59"> <a href="/versions/v9/software/S0150/"> POSHSPY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b239ee716eb046d8b85304ff03233b1f"> <a href="/versions/v9/software/S0177/"> Power Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-655f8e173a3642248cd8b8d63da37385"> <a href="/versions/v9/software/S0139/"> PowerDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-f86a51265afa497faba0e365a4cc8ee7"> <a href="/versions/v9/software/S0441/"> PowerShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-64b1f2a3d5454da8a9e19842d38e06da"> <a href="/versions/v9/software/S0145/"> POWERSOURCE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-0031cd6a045c4725ad4ce1bf68ad9428"> <a href="/versions/v9/software/S0194/"> PowerSploit </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-17ef6b47e44744aea2f60bcfc29c3f7e"> <a href="/versions/v9/software/S0393/"> PowerStallion </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-c24e2755414247fdaf7a9900fe1b6cee"> <a href="/versions/v9/software/S0223/"> POWERSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-abbfb1ae473548ecacf912ce30c9d9af"> <a href="/versions/v9/software/S0371/"> POWERTON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a8b1dffb0c204208b9d03e78e7aaf103"> <a href="/versions/v9/software/S0184/"> POWRUNER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-f3b1bd95bba54546872464de91080385"> <a href="/versions/v9/software/S0113/"> Prikormka </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b0a0f24554d643a7aa78067a2e184d34"> <a href="/versions/v9/software/S0279/"> Proton </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1f702a63fd234899917773ce398bb143"> <a href="/versions/v9/software/S0238/"> Proxysvc </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-dadd7124e6ac44d5bb37674ede9e4691"> <a href="/versions/v9/software/S0029/"> PsExec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-f3178421604a451ca5b384ad2c1473f1"> <a href="/versions/v9/software/S0078/"> Psylo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-1ce1a24553e743d18e17196db129f46c"> <a href="/versions/v9/software/S0147/"> Pteranodon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-fd0b0fca5ab74159b779d9eab2953fc5"> <a href="/versions/v9/software/S0196/"> PUNCHBUGGY </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-5caaefa62cf84497b802a52e1b3734c5"> <a href="/versions/v9/software/S0197/"> PUNCHTRACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b1c9926545fb4fe290504e708cbb3553"> <a href="/versions/v9/software/S0192/"> Pupy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-b71eb17a19764209b61d1d8347243cda"> <a href="/versions/v9/software/S0006/"> pwdump </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="765d7bcc2f35481abaf311c71e691b83-a4f3c87e46424c06851258ff2eb97c04"> <a href="/versions/v9/software/S0583/"> Pysa </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="1d295894e7a94614ab8c6a56330ce2cf"> <span>Q-R</span> <div class="expand-button collapsed" id="1d295894e7a94614ab8c6a56330ce2cf-header" data-toggle="collapse" data-target="#1d295894e7a94614ab8c6a56330ce2cf-body" aria-expanded="false" aria-controls="#1d295894e7a94614ab8c6a56330ce2cf-body"></div> </div> <div class="sidenav-body collapse" id="1d295894e7a94614ab8c6a56330ce2cf-body" aria-labelledby="1d295894e7a94614ab8c6a56330ce2cf-header"> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-cd0e5123083445d59444154270f83a6b"> <a href="/versions/v9/software/S0269/"> QUADAGENT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-8cd12cd6394242bebb93a35acc650bc8"> <a href="/versions/v9/software/S0262/"> QuasarRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-ff5b834c1fa04f66b1f9f2f55d53bda6"> <a href="/versions/v9/software/S0481/"> Ragnar Locker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-da739d517c3a4bb48bdbc9911114b074"> <a href="/versions/v9/software/S0565/"> Raindrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-211d9bdbc7d94a85957d5498024379c4"> <a href="/versions/v9/software/S0458/"> Ramsay </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-7344e222306a4ddba5691e97946414b3"> <a href="/versions/v9/software/S0055/"> RARSTONE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-9426299bd74542d5927b2b61042e5199"> <a href="/versions/v9/software/S0241/"> RATANKBA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-d1691d8cc8834ef794756ab458f7ee00"> <a href="/versions/v9/software/S0364/"> RawDisk </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-57e09eee33b247c49c9970ab7404a689"> <a href="/versions/v9/software/S0169/"> RawPOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-9d9ff53d728641d8be3a450d59717164"> <a href="/versions/v9/software/S0295/"> RCSAndroid </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-67f158b9c68b407c80f75e18c95581bc"> <a href="/versions/v9/software/S0495/"> RDAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2c8651703a08466ba672bd625d5a933e"> <a href="/versions/v9/software/S0416/"> RDFSNIFFER </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-8d55201f80f3470b8908c22974608d4e"> <a href="/versions/v9/software/S0172/"> Reaver </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-5702ad7da0d849c69fb44c4c863d3b43"> <a href="/versions/v9/software/S0539/"> Red Alert 2.0 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-d8a41dad618e4edf80a35c4445f5beb1"> <a href="/versions/v9/software/S0326/"> RedDrop </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-bcc5b9affe674cc9834c5b9b19eceae1"> <a href="/versions/v9/software/S0153/"> RedLeaves </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-8e17302b07e64557b7240b8cc13cdc5f"> <a href="/versions/v9/software/S0075/"> Reg </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-df3ea8cf02904d1089194a3878d45ad8"> <a href="/versions/v9/software/S0511/"> RegDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-40a2a2dbe0ec47d2a9efb7db4039b6fb"> <a href="/versions/v9/software/S0019/"> Regin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2500d8a0e8bb465c9d17fdec75751dc9"> <a href="/versions/v9/software/S0332/"> Remcos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2323308f8ae642b08afdac7fbb3a7585"> <a href="/versions/v9/software/S0375/"> Remexi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-469ff9d046ad4832858610168eb420c0"> <a href="/versions/v9/software/S0166/"> RemoteCMD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-25051c5399a24d228818d28d464a0061"> <a href="/versions/v9/software/S0592/"> RemoteUtilities </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-5464941c17844028b4df8a8ed74c6248"> <a href="/versions/v9/software/S0125/"> Remsec </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-9f73fb7701754315b7fd4280919d0f0b"> <a href="/versions/v9/software/S0174/"> Responder </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-55d3f71459004f2ca2f7dbbc5868bc1a"> <a href="/versions/v9/software/S0379/"> Revenge RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-b7f7effca712495aae8a4ba8bb701354"> <a href="/versions/v9/software/S0496/"> REvil </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-eb811d090d2d4882ba8a160dad72cfc2"> <a href="/versions/v9/software/S0258/"> RGDoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-abb7cdadf1d741ba86a6560b6fcfd712"> <a href="/versions/v9/software/S0433/"> Rifdoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-a6ae63409a014629aed6b70c8988cc3e"> <a href="/versions/v9/software/S0403/"> Riltok </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-0ef24be3505b4e2c945010b9800a3eeb"> <a href="/versions/v9/software/S0003/"> RIPTIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-45f68fc46b3d44bd948abf038b19007c"> <a href="/versions/v9/software/S0448/"> Rising Sun </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-f6fed98ddde348a7946c8597deb6aba2"> <a href="/versions/v9/software/S0400/"> RobbinHood </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-6a15713c27ed400c9003a03e667978b2"> <a href="/versions/v9/software/S0112/"> ROCKBOOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-0d84f873b32749e394a3a739dee2cbc9"> <a href="/versions/v9/software/S0270/"> RogueRobin </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-0447dc0196c14bddba552213a370fd51"> <a href="/versions/v9/software/S0240/"> ROKRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-ae828b9e8e9f4c7ca772262e8e7b94e1"> <a href="/versions/v9/software/S0411/"> Rotexy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-3e8228a832114024939f8a4d57f61e76"> <a href="/versions/v9/software/S0103/"> route </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-6728f74d4d9a482a806dd0a00fa3adc3"> <a href="/versions/v9/software/S0090/"> Rover </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-03fb989e8d784e72b89e318434b89f5a"> <a href="/versions/v9/software/S0148/"> RTM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-ba8a862396554b1a9b7556360555ec38"> <a href="/versions/v9/software/S0358/"> Ruler </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-2ac50fed105949b5a11c4113bff084cb"> <a href="/versions/v9/software/S0313/"> RuMMS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-5183fbba5a3b43e6af87b9e680c25877"> <a href="/versions/v9/software/S0253/"> RunningRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="1d295894e7a94614ab8c6a56330ce2cf-b369784646f34c408eb50353ae0b81cf"> <a href="/versions/v9/software/S0446/"> Ryuk </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="15aa0ca24b1f4115a3ec8a114cf45759"> <span>S-T</span> <div class="expand-button collapsed" id="15aa0ca24b1f4115a3ec8a114cf45759-header" data-toggle="collapse" data-target="#15aa0ca24b1f4115a3ec8a114cf45759-body" aria-expanded="false" aria-controls="#15aa0ca24b1f4115a3ec8a114cf45759-body"></div> </div> <div class="sidenav-body collapse" id="15aa0ca24b1f4115a3ec8a114cf45759-body" aria-labelledby="15aa0ca24b1f4115a3ec8a114cf45759-header"> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-ea6e98679a2e482cba9c14b4e9da4180"> <a href="/versions/v9/software/S0085/"> S-Type </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-6152c407d01448769ad39d0d3f01d076"> <a href="/versions/v9/software/S0074/"> Sakula </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d8b854356cb14539b6b613e7c3186d28"> <a href="/versions/v9/software/S0370/"> SamSam </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-bcee0fc4bebc4a85acb57b05b8f201a0"> <a href="/versions/v9/software/S0111/"> schtasks </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0a9386f7dd60457e945c336059afa9b3"> <a href="/versions/v9/software/S0461/"> SDBbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-c9c3fa1db1e644a7b223d17f3f38760f"> <a href="/versions/v9/software/S0195/"> SDelete </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-4fdc7944b99b4e42856fc8049d0baa65"> <a href="/versions/v9/software/S0053/"> SeaDuke </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-f983f05c988742f8b95fcc1d07ac346f"> <a href="/versions/v9/software/S0345/"> Seasalt </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-c909a35768b145c5b78c928c4379697c"> <a href="/versions/v9/software/S0185/"> SEASHARPEE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-52727e23d6c44c64a196e60a8e49984c"> <a href="/versions/v9/software/S0382/"> ServHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-a872f109703146a4b0d9e22b7fa9f100"> <a href="/versions/v9/software/S0596/"> ShadowPad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-01f3a26d7a4f4dacb01dd0b502bd15cd"> <a href="/versions/v9/software/S0140/"> Shamoon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-5d54439399874fc99c02541fd70664b9"> <a href="/versions/v9/software/S0546/"> SharpStage </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1b90224aaa2540a3895cb354d056a386"> <a href="/versions/v9/software/S0450/"> SHARPSTATS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-80d7e92bf75d4d45b6c024bd7ead1cc3"> <a href="/versions/v9/software/S0294/"> ShiftyBug </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-55dbab27a2314d1f9985a1eeeb72065d"> <a href="/versions/v9/software/S0444/"> ShimRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-3ed080aa09f34b0da33f4fc83fcf507e"> <a href="/versions/v9/software/S0445/"> ShimRatReporter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-545577c2e50b471491533e4edc550a05"> <a href="/versions/v9/software/S0028/"> SHIPSHAPE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-5394b8427e8d45dabc231338cf8adbab"> <a href="/versions/v9/software/S0063/"> SHOTPUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-9ebe30d5a3f04a0692e9bdb596e25ae2"> <a href="/versions/v9/software/S0217/"> SHUTTERSPEED </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-acb11ef1550e47598904f5076b4b5ea0"> <a href="/versions/v9/software/S0589/"> Sibot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d667077ff4e24e319173e3d09713d478"> <a href="/versions/v9/software/S0549/"> SilkBean </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-dbc487142b8f4d88aa76b9909628e237"> <a href="/versions/v9/software/S0419/"> SimBad </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1518b6b3fc2f4fada42918c8d71c4c3c"> <a href="/versions/v9/software/S0007/"> Skeleton Key </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-4b55bdcd98624f83837778868f3096db"> <a href="/versions/v9/software/S0468/"> Skidmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-ec3d0ebce4254daa90d337b7ba3571a6"> <a href="/versions/v9/software/S0327/"> Skygofree </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-16a2a9044f004b139e034a223b8540f6"> <a href="/versions/v9/software/S0533/"> SLOTHFULMEDIA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-01c63e07064349fcbc8c1c88f519a938"> <a href="/versions/v9/software/S0218/"> SLOWDRIFT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-dc198740f2d94484af9a1d5505e8ef59"> <a href="/versions/v9/software/S0226/"> Smoke Loader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-74481046eff346e1974a7e7f0e4fab5a"> <a href="/versions/v9/software/S0159/"> SNUGRIDE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b5cde379d3b54ccbaa3fb3a1e8570dff"> <a href="/versions/v9/software/S0273/"> Socksbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-9f1a3fc6ea9743fcb7d10a9193378976"> <a href="/versions/v9/software/S0516/"> SoreFang </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-548bd8cbd2ed424ca926af80c212699d"> <a href="/versions/v9/software/S0157/"> SOUNDBITE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-95e20b4079504fbfb38d71fe492f677b"> <a href="/versions/v9/software/S0035/"> SPACESHIP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-323c20e773614934acee3650115e0f35"> <a href="/versions/v9/software/S0543/"> Spark </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b706daf112a24c94a704ad2493ee60e4"> <a href="/versions/v9/software/S0374/"> SpeakUp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-c48c4de5dde14d5ba98fd078096fba69"> <a href="/versions/v9/software/S0227/"> spwebmember </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b2a14338c5bf41709bc62a5b178eff49"> <a href="/versions/v9/software/S0324/"> SpyDealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-98f6995dbd6943ee914a923d7d4d936b"> <a href="/versions/v9/software/S0305/"> SpyNote RAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-4cb101c759e24b4db2d09d57aeaa787f"> <a href="/versions/v9/software/S0225/"> sqlmap </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-6f36597c58a64ee398dd795f6f222bfa"> <a href="/versions/v9/software/S0390/"> SQLRat </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-e2489e7c9df742d9b9f2e74fcd37781d"> <a href="/versions/v9/software/S0058/"> SslMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-472a04b1ee2a4ef1839d944c8d494d1c"> <a href="/versions/v9/software/S0188/"> Starloader </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-2eecda35affa48b38f788ab837008042"> <a href="/versions/v9/software/S0328/"> Stealth Mango </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0e3dd73036e9463b9628c0b621b1c7ea"> <a href="/versions/v9/software/S0380/"> StoneDrill </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-98b5d6f482224fb29f4323aca6c816f8"> <a href="/versions/v9/software/S0142/"> StreamEx </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-f2a4f1d11a374352a3a87e9ad607bf4f"> <a href="/versions/v9/software/S0491/"> StrongPity </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-08e85fc1741c459c9385ef6998c583af"> <a href="/versions/v9/software/S0559/"> SUNBURST </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d29d56e66e7447e28e40bdb9e74fa1a6"> <a href="/versions/v9/software/S0562/"> SUNSPOT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-98c9f44bf41d45c79411c3651b99d679"> <a href="/versions/v9/software/S0578/"> SUPERNOVA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-44e26958502648ae890e46f20c62c34a"> <a href="/versions/v9/software/S0018/"> Sykipot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-e89ead481eab4935a7d255a749c56c02"> <a href="/versions/v9/software/S0242/"> SynAck </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-53ca34c7f5a04b19ada6955481bb3581"> <a href="/versions/v9/software/S0519/"> SYNful Knock </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-a1a848232dae4f7f89408cd9979a0745"> <a href="/versions/v9/software/S0060/"> Sys10 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-ee44814b98514821b0bae9a1cf36d070"> <a href="/versions/v9/software/S0464/"> SYSCON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-7deb103aa3c54bebb99f89553538113d"> <a href="/versions/v9/software/S0096/"> Systeminfo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1a357678b8024f85af86418de4b6e7a9"> <a href="/versions/v9/software/S0098/"> T9000 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d8fcb654e00b4aeaabe9201a3cdd182a"> <a href="/versions/v9/software/S0011/"> Taidoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-8f9a6ec8e8e24e55b8b360dd9419865a"> <a href="/versions/v9/software/S0586/"> TAINTEDSCRIBE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-61fc867a4867446392bfd85b18fa44e5"> <a href="/versions/v9/software/S0467/"> TajMahal </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-3176860488734abe90a1fc7d08ec333f"> <a href="/versions/v9/software/S0329/"> Tangelo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-490904e37b8e4c9b878fe9914b39b650"> <a href="/versions/v9/software/S0057/"> Tasklist </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-67c19529f9df4ca38170275765e797be"> <a href="/versions/v9/software/S0164/"> TDTESS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b80db1c7728142c28270168205aa00b5"> <a href="/versions/v9/software/S0560/"> TEARDROP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-34ef4cae4c7c483983d402055ccb3c02"> <a href="/versions/v9/software/S0545/"> TERRACOTTA </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0d7ccab9f5a34f87b2c6b8e0d2c1e93f"> <a href="/versions/v9/software/S0146/"> TEXTMATE </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d9f9d047e4a74fc3abbd97f5ff90c380"> <a href="/versions/v9/software/S0595/"> ThiefQuest </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-2383282c4c50465b883c8194d1f4b0f7"> <a href="/versions/v9/software/S0558/"> Tiktok Pro </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-d6e3c98e52444ecf8b2dc4dda2637543"> <a href="/versions/v9/software/S0131/"> TINYTYPHON </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-302e64ce1d7841cb946cdc2553a1f110"> <a href="/versions/v9/software/S0004/"> TinyZBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-be0fe600775047f4a170946bf709b54f"> <a href="/versions/v9/software/S0183/"> Tor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-0d1a2fc569b44d64982dd46689f42e8a"> <a href="/versions/v9/software/S0424/"> Triada </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-2e7ef33c492f4b33ae1dda162c91a720"> <a href="/versions/v9/software/S0266/"> TrickBot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b8d5d5c5582644008526787eaa15f1ec"> <a href="/versions/v9/software/S0427/"> TrickMo </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-1e2f6ff87c1b430da45f35525599d318"> <a href="/versions/v9/software/S0307/"> Trojan-SMS.AndroidOS.Agent.ao </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-691eebd166a44ff1946a8f105c238ebe"> <a href="/versions/v9/software/S0306/"> Trojan-SMS.AndroidOS.FakeInst.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-cc1d5d39020a41cc888fce098c17b97a"> <a href="/versions/v9/software/S0308/"> Trojan-SMS.AndroidOS.OpFake.a </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-7af8eca0765a44c88b2ad88f4aab80cc"> <a href="/versions/v9/software/S0094/"> Trojan.Karagany </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-9779b768ef5c4124ae91412fa50c2fd7"> <a href="/versions/v9/software/S0001/"> Trojan.Mebromi </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-282f499a654c4c85840ac62568502153"> <a href="/versions/v9/software/S0178/"> Truvasys </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-fd3b52ec0c2c4a16b9e08d15dabfc35a"> <a href="/versions/v9/software/S0436/"> TSCookie </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-943771414962416d911cf963c66b4749"> <a href="/versions/v9/software/S0199/"> TURNEDUP </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-813def908b244b4a94e1834eb7a350f1"> <a href="/versions/v9/software/S0302/"> Twitoor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="15aa0ca24b1f4115a3ec8a114cf45759-b0a00ee9448642a580b7effa8c12e6c0"> <a href="/versions/v9/software/S0263/"> TYPEFRAME </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="77e4f19870be4252a0de8a84c11b4ee1"> <span>U-V</span> <div class="expand-button collapsed" id="77e4f19870be4252a0de8a84c11b4ee1-header" data-toggle="collapse" data-target="#77e4f19870be4252a0de8a84c11b4ee1-body" aria-expanded="false" aria-controls="#77e4f19870be4252a0de8a84c11b4ee1-body"></div> </div> <div class="sidenav-body collapse" id="77e4f19870be4252a0de8a84c11b4ee1-body" aria-labelledby="77e4f19870be4252a0de8a84c11b4ee1-header"> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-43e43427743a49b9828a5b8d322dc275"> <a href="/versions/v9/software/S0116/"> UACMe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-d6ae64d8c61543579d5167f4719c3287"> <a href="/versions/v9/software/S0333/"> UBoatRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-a4dcfce6e57f478e8c4571d85789897b"> <a href="/versions/v9/software/S0221/"> Umbreon </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-23436e3c6e4e43fdba5e718b42220d62"> <a href="/versions/v9/software/S0130/"> Unknown Logger </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-8e32f4628e984236b076fb6794199a24"> <a href="/versions/v9/software/S0275/"> UPPERCUT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-912abd85faee4bc88b2221d308893f91"> <a href="/versions/v9/software/S0022/"> Uroburos </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-e6de7b31fc504ea8b22d1642a022a149"> <a href="/versions/v9/software/S0386/"> Ursnif </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-6cdae87bbddc4f7cac03296202d72112"> <a href="/versions/v9/software/S0452/"> USBferry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-84ffddf95e264244b31c48ef02de69f7"> <a href="/versions/v9/software/S0136/"> USBStealer </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-9dc2dc0c9a9a4f9a870757b67fd00fc5"> <a href="/versions/v9/software/S0476/"> Valak </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-94dab4452e6d4d05938a4725574980f1"> <a href="/versions/v9/software/S0207/"> Vasport </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-8786aae2da804a1e913848ceb6842d7a"> <a href="/versions/v9/software/S0442/"> VBShower </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-eaaaba953cdf432caa8dcee6515ba34a"> <a href="/versions/v9/software/S0257/"> VERMIN </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-419191f6ce5b4d488727b1891de51122"> <a href="/versions/v9/software/S0418/"> ViceLeaker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-5f659086bae54408b26fa129d97d37ec"> <a href="/versions/v9/software/S0506/"> ViperRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="77e4f19870be4252a0de8a84c11b4ee1-f580c77dfe3f4daf85e6330bfe594edf"> <a href="/versions/v9/software/S0180/"> Volgmer </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="55d438137efb45b2a8ab34a3e319980b"> <span>W-X</span> <div class="expand-button collapsed" id="55d438137efb45b2a8ab34a3e319980b-header" data-toggle="collapse" data-target="#55d438137efb45b2a8ab34a3e319980b-body" aria-expanded="false" aria-controls="#55d438137efb45b2a8ab34a3e319980b-body"></div> </div> <div class="sidenav-body collapse" id="55d438137efb45b2a8ab34a3e319980b-body" aria-labelledby="55d438137efb45b2a8ab34a3e319980b-header"> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-700c9c47465c43cdab6c1ce6bd9c1dd8"> <a href="/versions/v9/software/S0366/"> WannaCry </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-a768f763025947258e6c29d2e8d4081f"> <a href="/versions/v9/software/S0579/"> Waterbear </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-7c804ba0883a4eeebc8e997ad633efdf"> <a href="/versions/v9/software/S0109/"> WEBC2 </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-b3c2103e0e694da0a58d3f80887a55f1"> <a href="/versions/v9/software/S0515/"> WellMail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-5c415dc7c7fe46e399218f643eefd0c1"> <a href="/versions/v9/software/S0514/"> WellMess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-1126f71fede44e248bf58f0808c61eac"> <a href="/versions/v9/software/S0206/"> Wiarp </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-5c302499f1964d518a04679075b6017d"> <a href="/versions/v9/software/S0005/"> Windows Credential Editor </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-322e2caf814c4e5ebf535247daacecda"> <a href="/versions/v9/software/S0155/"> WINDSHIELD </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-40ac3a659af24593a82a7d2adf125dfd"> <a href="/versions/v9/software/S0466/"> WindTail </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-9b37411796514207a5fce16dfbc50eeb"> <a href="/versions/v9/software/S0219/"> WINERACK </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-3087e3820f234d3182240772f94f006d"> <a href="/versions/v9/software/S0191/"> Winexe </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-81a16b302f0b47f9a74e65ceac8093ce"> <a href="/versions/v9/software/S0176/"> Wingbird </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-7603c9cd4b58423dac33dc67152a3a08"> <a href="/versions/v9/software/S0059/"> WinMM </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-0242b9ed2b7b4188bfde9875cacff24c"> <a href="/versions/v9/software/S0430/"> Winnti for Linux </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-80aed80f3f1f4495893e0fbd29798e6e"> <a href="/versions/v9/software/S0141/"> Winnti for Windows </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-eab80861027d45c59c02b1bb4d68a41a"> <a href="/versions/v9/software/S0041/"> Wiper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-6ed7b149839f49c6bb1047d4f419f66f"> <a href="/versions/v9/software/S0312/"> WireLurker </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-2c0ca6604e37439d843b5c9af0d887eb"> <a href="/versions/v9/software/S0489/"> WolfRAT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-b725ef00df2a46c0abda20bd4fec1d02"> <a href="/versions/v9/software/S0314/"> X-Agent for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-5aa24b597dd544d3a9396643988afc71"> <a href="/versions/v9/software/S0161/"> XAgentOSX </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-b88905a73aee4963bcbf00678bb4d4ce"> <a href="/versions/v9/software/S0341/"> Xbash </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-eb4f8b9a090446bdab68741ac3a491a9"> <a href="/versions/v9/software/S0298/"> Xbot </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-889991f3d20a4164a81259a419ef1930"> <a href="/versions/v9/software/S0123/"> xCmd </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-1896d41242324c059e40bac0ee3a64d1"> <a href="/versions/v9/software/S0297/"> XcodeGhost </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-a5fad0a88f2148d79f29eadad968eff9"> <a href="/versions/v9/software/S0318/"> XLoader for Android </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-3e2b327de8ef418a84640cb872e674ee"> <a href="/versions/v9/software/S0490/"> XLoader for iOS </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="55d438137efb45b2a8ab34a3e319980b-800b43f387e94cc0a1da9b53eda1eba0"> <a href="/versions/v9/software/S0117/"> XTunnel </a> </div> </div> </div> </div> <div class="sidenav"> <div class="sidenav-head " id="4fd897e7588447a2a2622250f2b7755b"> <span>Y-Z</span> <div class="expand-button collapsed" id="4fd897e7588447a2a2622250f2b7755b-header" data-toggle="collapse" data-target="#4fd897e7588447a2a2622250f2b7755b-body" aria-expanded="false" aria-controls="#4fd897e7588447a2a2622250f2b7755b-body"></div> </div> <div class="sidenav-body collapse" id="4fd897e7588447a2a2622250f2b7755b-body" aria-labelledby="4fd897e7588447a2a2622250f2b7755b-header"> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-7ba0d36f96844fab8bca01f9245277b4"> <a href="/versions/v9/software/S0388/"> YAHOYAH </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-d0c50e5480f64fb2a80d99230b360648"> <a href="/versions/v9/software/S0311/"> YiSpecter </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-cc980bf115dc4d1f82d6ec873933aca6"> <a href="/versions/v9/software/S0248/"> yty </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-d1df68c14ceb425d9ac54e0d57be9016"> <a href="/versions/v9/software/S0251/"> Zebrocy </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-881d59775df74bf98fe38a32cf3a1b8c"> <a href="/versions/v9/software/S0494/"> Zen </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-36c9677d75074742a54558d001d57f23"> <a href="/versions/v9/software/S0287/"> ZergHelper </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-fb940d1e2ba941da86bcc8b80a19080f"> <a href="/versions/v9/software/S0027/"> Zeroaccess </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-5db84952c85b413d9d2bf7fa4831d11a"> <a href="/versions/v9/software/S0230/"> ZeroT </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-1dacedbe178c47858f279515adf022b3"> <a href="/versions/v9/software/S0330/"> Zeus Panda </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-140b30c9da1b46539712f639a365ef4a"> <a href="/versions/v9/software/S0086/"> ZLib </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-7f953f79d6fa4d6c8b3856712508f25c"> <a href="/versions/v9/software/S0350/"> zwShell </a> </div> </div> <div class="sidenav"> <div class="sidenav-head" id="4fd897e7588447a2a2622250f2b7755b-18672cae57a442d6a5895c5abd2d1761"> <a href="/versions/v9/software/S0412/"> ZxShell </a> </div> </div> </div> </div> </div> <!--start-indexing-for-search--> </div> <div class="tab-content col-xl-10 col-lg-9 col-md-9 pt-4" id="v-tabContent"> <div class="tab-pane fade show active" id="v-attckmatrix" role="tabpanel" aria-labelledby="v-attckmatrix-tab"> <ol class="breadcrumb"> <li class="breadcrumb-item"><a href="/versions/v9/">Home</a></li> <li class="breadcrumb-item"><a href="/versions/v9/software/">Software</a></li> <li class="breadcrumb-item">InvisiMole</li> </ol> <div class="tab-pane fade show active" id="v-" role="tabpanel" aria-labelledby="v--tab"></div> <div class="row"> <div class="col-xl-12"> <div class="jumbotron jumbotron-fluid"> <div class="container-fluid"> <h1> InvisiMole </h1> <div class="row"> <div class="col-md-8"> <div class="description-body"> <p><a href="/versions/v9/software/S0260">InvisiMole</a> is a modular spyware program that has been used by the InvisiMole Group since at least 2013. <a href="/versions/v9/software/S0260">InvisiMole</a> has two backdoor modules called RC2FM and RC2CL that are used to perform post-exploitation activities. It has been discovered on compromised victims in the Ukraine and Russia. <a href="/versions/v9/groups/G0047">Gamaredon Group</a> infrastructure has been used to download and execute <a href="/versions/v9/software/S0260">InvisiMole</a> against a small number of victims.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </div> </div> <div class="col-md-4"> <div class="card"> <div class="card-body"> <div id="card-id" class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">ID:&nbsp;</span>S0260 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="This software is commercial, custom closed source, or open source software intended to be used for malicious purposes by adversaries">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Type</span>: MALWARE </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"> <span data-toggle="tooltip" data-placement="left" title="" data-test-ignore="true" data-original-title="The system an adversary is operating within; could be an operating system or application">&#9432;</span> </div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Platforms</span>: Windows </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Contributors</span>: ESET </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Version</span>: 2.0 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Created:&nbsp;</span>17 October 2018 </div> </div> <div class="row card-data"> <div class="col-md-1 px-0 text-center"></div> <div class="col-md-11 pl-0"> <span class="h5 card-title">Last Modified:&nbsp;</span>21 October 2020 </div> </div> </div> </div> <div class="text-center pt-2 version-button permalink"> <div class="live"> <a data-toggle="tooltip" data-placement="bottom" title="Permalink to this version of S0260" href="/versions/v9/software/S0260/" data-test-ignore="true">Version Permalink</a> </div> <div class="permalink"> <a data-toggle="tooltip" data-placement="bottom" title="Go to the live version of S0260" href="/software/S0260/" data-test-ignore="true">Live Version</a><!--do not change this line without also changing versions.py--> </div> </div> </div> </div> <!--stop-indexing-for-search--> <div class="dropdown h3 mt-3 float-right"> <button class="btn btn-navy dropdown-toggle" type="button" id="dropdownMenuButton" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> <b>ATT&amp;CK^&reg; Navigator Layers</b> </button> <div class="dropdown-menu" aria-labelledby="dropdownMenuButton"> <h6 class="dropdown-header">Enterprise Layer</h6> <a class="dropdown-item" href="/versions/v9/software/S0260/S0260-enterprise-layer.json" download target="_blank">download</a> <!-- only show view on navigator link if layer link is defined --> <a class="dropdown-item" href="#" id="view-layer-on-navigator-enterprise" target="_blank">view <img width="10" src="/versions/v9/theme/images/external-site-dark.jpeg"></a> <script src="/versions/v9/theme/scripts/settings.js"></script> <script> if (window.location.protocol == "https:") { //view on navigator only works when this site is hosted on HTTPS layerURL = window.location.protocol + "//" + window.location.host + base_url + "software/S0260/S0260-enterprise-layer.json"; document.getElementById("view-layer-on-navigator-enterprise").href = "https://mitre-attack.github.io/attack-navigator//#layerURL=" + encodeURIComponent(layerURL); } else { //hide button document.getElementById("view-layer-on-navigator-enterprise").classList.add("d-none"); } </script> </div> </div> <!--start-indexing-for-search--> <h2 class="pt-3" id="techniques">Techniques Used</h2> <table class="table techniques-used table-bordered mt-2"> <thead> <tr> <th class="p-2" scope="col">Domain</th> <th class="p-2" colspan="2">ID</th> <th class="p-2" scope="col">Name</th> <th class="p-2" scope="col">Use</th> </tr> </thead> <tbody> <tr class="sub technique noparent" id="uses-T1548-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1548">T1548</a> </td> <td> <a href="/versions/v9/techniques/T1548/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1548">Abuse Elevation Control Mechanism</a>: <a href="/versions/v9/techniques/T1548/002">Bypass User Account Control</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use fileless UAC bypass and create an elevated COM object to escalate privileges.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1087-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1087">T1087</a> </td> <td> <a href="/versions/v9/techniques/T1087/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1087">Account Discovery</a>: <a href="/versions/v9/techniques/T1087/001">Local Account</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has a command to list account information on the victim鈥檚 machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1071-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1071">T1071</a> </td> <td> <a href="/versions/v9/techniques/T1071/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1071">Application Layer Protocol</a>: <a href="/versions/v9/techniques/T1071/001">Web Protocols</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> uses HTTP for C2 communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1071-004"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1071/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1071">Application Layer Protocol</a>: <a href="/versions/v9/techniques/T1071/004">DNS</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has used a custom implementation of DNS tunneling to embed C2 communications in DNS requests and replies.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1010"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1010">T1010</a> </td> <td> <a href="/versions/v9/techniques/T1010">Application Window Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can enumerate windows and child windows on a compromised host.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1560-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1560">T1560</a> </td> <td> <a href="/versions/v9/techniques/T1560/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1560">Archive Collected Data</a>: <a href="/versions/v9/techniques/T1560/001">Archive via Utility</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> uses WinRAR to compress data that is intended to be exfiltrated.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1560-002"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1560/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1560">Archive Collected Data</a>: <a href="/versions/v9/techniques/T1560/002">Archive via Library</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use zlib to compress and decompress data.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1560-003"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1560/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1560">Archive Collected Data</a>: <a href="/versions/v9/techniques/T1560/003">Archive via Custom Method</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> uses a variation of the XOR cipher to encrypt files before exfiltration.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1123"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1123">T1123</a> </td> <td> <a href="/versions/v9/techniques/T1123">Audio Capture</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can record sound using input audio devices.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1119"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1119">T1119</a> </td> <td> <a href="/versions/v9/techniques/T1119">Automated Collection</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can sort and collect specific documents as well as generate a list of all files on a newly inserted drive and store them in an encrypted file.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1547-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1547">T1547</a> </td> <td> <a href="/versions/v9/techniques/T1547/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1547">Boot or Logon Autostart Execution</a>: <a href="/versions/v9/techniques/T1547/001">Registry Run Keys / Startup Folder</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can place a lnk file in the Startup Folder to achieve persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1547-009"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1547/009">.009</a> </td> <td> <a href="/versions/v9/techniques/T1547">Boot or Logon Autostart Execution</a>: <a href="/versions/v9/techniques/T1547/009">Shortcut Modification</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use a .lnk shortcut for the Control Panel to establish persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1059-003"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1059">T1059</a> </td> <td> <a href="/versions/v9/techniques/T1059/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/003">Windows Command Shell</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can launch a remote shell to execute commands.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1059-007"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1059/007">.007</a> </td> <td> <a href="/versions/v9/techniques/T1059">Command and Scripting Interpreter</a>: <a href="/versions/v9/techniques/T1059/007">JavaScript</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use a JavaScript file as part of its execution chain.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1543-003"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1543">T1543</a> </td> <td> <a href="/versions/v9/techniques/T1543/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1543">Create or Modify System Process</a>: <a href="/versions/v9/techniques/T1543/003">Windows Service</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can register a Windows service named CsPower as part of its execution chain, and a Windows service named clr_optimization_v2.0.51527_X86 to achieve persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1132-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1132">T1132</a> </td> <td> <a href="/versions/v9/techniques/T1132/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1132">Data Encoding</a>: <a href="/versions/v9/techniques/T1132/002">Non-Standard Encoding</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use a modified base32 encoding to encode data within the subdomain of C2 requests.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1005"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1005">T1005</a> </td> <td> <a href="/versions/v9/techniques/T1005">Data from Local System</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can collect data from the system, and can monitor changes in specified directories.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1025"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1025">T1025</a> </td> <td> <a href="/versions/v9/techniques/T1025">Data from Removable Media</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can collect jpeg files from connected MTP devices.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1001-003"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1001">T1001</a> </td> <td> <a href="/versions/v9/techniques/T1001/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1001">Data Obfuscation</a>: <a href="/versions/v9/techniques/T1001/003">Protocol Impersonation</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can mimic HTTP protocol with custom HTTP "verbs" HIDE, ZVVP, and NOP.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1074-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1074">T1074</a> </td> <td> <a href="/versions/v9/techniques/T1074/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1074">Data Staged</a>: <a href="/versions/v9/techniques/T1074/001">Local Data Staging</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> determines a working directory where it stores all the gathered data about the compromised machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1140"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1140">T1140</a> </td> <td> <a href="/versions/v9/techniques/T1140">Deobfuscate/Decode Files or Information</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can decrypt, unpack and load a DLL from its resources, or from blobs encrypted with Data Protection API, two-key triple DES, and variations of the XOR cipher.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1573-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1573">T1573</a> </td> <td> <a href="/versions/v9/techniques/T1573/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1573">Encrypted Channel</a>: <a href="/versions/v9/techniques/T1573/001">Symmetric Cryptography</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> uses variations of a simple XOR encryption routine for C&amp;C communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1480-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1480">T1480</a> </td> <td> <a href="/versions/v9/techniques/T1480/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1480">Execution Guardrails</a>: <a href="/versions/v9/techniques/T1480/001">Environmental Keying</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use Data Protection API to encrypt its components on the victim鈥檚 computer, to evade detection, and to make sure the payload can only be decrypted and loaded on one specific compromised computer.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1203"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1203">T1203</a> </td> <td> <a href="/versions/v9/techniques/T1203">Exploitation for Client Execution</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has installed legitimate but vulnerable Total Video Player software and wdigest.dll library drivers on compromised hosts to exploit stack overflow and input validation vulnerabilities for code execution.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1068"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1068">T1068</a> </td> <td> <a href="/versions/v9/techniques/T1068">Exploitation for Privilege Escalation</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has exploited CVE-2007-5633 vulnerability in the speedfan.sys driver to obtain kernel mode privileges.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1210"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1210">T1210</a> </td> <td> <a href="/versions/v9/techniques/T1210">Exploitation of Remote Services</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can spread within a network via the BlueKeep (CVE-2019-0708) and EternalBlue (CVE-2017-0144) vulnerabilities in RDP and SMB respectively.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1008"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1008">T1008</a> </td> <td> <a href="/versions/v9/techniques/T1008">Fallback Channels</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has been configured with several servers available for alternate C2 communications.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1083"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1083">T1083</a> </td> <td> <a href="/versions/v9/techniques/T1083">File and Directory Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can list information about files in a directory and recently opened or used documents. <a href="/versions/v9/software/S0260">InvisiMole</a> can also search for specific files by supplied file mask.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1564-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1564">T1564</a> </td> <td> <a href="/versions/v9/techniques/T1564/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1564">Hide Artifacts</a>: <a href="/versions/v9/techniques/T1564/001">Hidden Files and Directories</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can create hidden system directories.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1564-003"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1564/003">.003</a> </td> <td> <a href="/versions/v9/techniques/T1564">Hide Artifacts</a>: <a href="/versions/v9/techniques/T1564/003">Hidden Window</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has executed legitimate tools in hidden windows.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1574-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1574">T1574</a> </td> <td> <a href="/versions/v9/techniques/T1574/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1574">Hijack Execution Flow</a>: <a href="/versions/v9/techniques/T1574/001">DLL Search Order Hijacking</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can be launched by using DLL search order hijacking in which the wrapper DLL is placed in the same folder as explorer.exe and loaded during startup into the Windows Explorer process instead of the legitimate library.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1562-004"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1562">T1562</a> </td> <td> <a href="/versions/v9/techniques/T1562/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1562">Impair Defenses</a>: <a href="/versions/v9/techniques/T1562/004">Disable or Modify System Firewall</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has a command to disable routing and the Firewall on the victim鈥檚 machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1070-004"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1070">T1070</a> </td> <td> <a href="/versions/v9/techniques/T1070/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1070">Indicator Removal on Host</a>: <a href="/versions/v9/techniques/T1070/004">File Deletion</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has deleted files and directories including XML and files successfully uploaded to C2 servers.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1070-005"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1070/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1070">Indicator Removal on Host</a>: <a href="/versions/v9/techniques/T1070/005">Network Share Connection Removal</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can disconnect previously connected remote drives.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1070-006"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1070/006">.006</a> </td> <td> <a href="/versions/v9/techniques/T1070">Indicator Removal on Host</a>: <a href="/versions/v9/techniques/T1070/006">Timestomp</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> samples were timestomped by the authors by setting the PE timestamps to all zero values. <a href="/versions/v9/software/S0260">InvisiMole</a> also has a built-in command to modify file times.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1105"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1105">T1105</a> </td> <td> <a href="/versions/v9/techniques/T1105">Ingress Tool Transfer</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can upload files to the victim's machine for operations.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1490"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1490">T1490</a> </td> <td> <a href="/versions/v9/techniques/T1490">Inhibit System Recovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can can remove all system restore points.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1056-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1056">T1056</a> </td> <td> <a href="/versions/v9/techniques/T1056/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1056">Input Capture</a>: <a href="/versions/v9/techniques/T1056/001">Keylogging</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can capture keystrokes on a compromised host.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1559-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1559">T1559</a> </td> <td> <a href="/versions/v9/techniques/T1559/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1559">Inter-Process Communication</a>: <a href="/versions/v9/techniques/T1559/001">Component Object Model</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use the <code>ITaskService</code>, <code>ITaskDefinition</code> and <code>ITaskSettings</code> COM interfaces to schedule a task.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1036-004"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1036">T1036</a> </td> <td> <a href="/versions/v9/techniques/T1036/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1036">Masquerading</a>: <a href="/versions/v9/techniques/T1036/004">Masquerade Task or Service</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has attempted to disguise itself by registering under a seemingly legitimate service name.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1036-005"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1036/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1036">Masquerading</a>: <a href="/versions/v9/techniques/T1036/005">Match Legitimate Name or Location</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has disguised its droppers as legitimate software or documents, matching their original names and locations, and saved its files as mpr.dll in the Windows folder.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1112"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1112">T1112</a> </td> <td> <a href="/versions/v9/techniques/T1112">Modify Registry</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has a command to create, set, copy, or delete a specified Registry key or value.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1106"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1106">T1106</a> </td> <td> <a href="/versions/v9/techniques/T1106">Native API</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can use winapiexec tool for indirect execution of <code>ShellExecuteW</code> and <code>CreateProcessA</code>.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1046"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1046">T1046</a> </td> <td> <a href="/versions/v9/techniques/T1046">Network Service Scanning</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can scan the network for open ports and vulnerable instances of RDP and SMB protocols.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1135"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1135">T1135</a> </td> <td> <a href="/versions/v9/techniques/T1135">Network Share Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can gather network share information.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1095"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1095">T1095</a> </td> <td> <a href="/versions/v9/techniques/T1095">Non-Application Layer Protocol</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has used TCP to download additional modules.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1027"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1027">T1027</a> </td> <td> <a href="/versions/v9/techniques/T1027">Obfuscated Files or Information</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> avoids analysis by encrypting all strings, internal files, configuration data and by using a custom executable format.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1027-005"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1027/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1027/005">Indicator Removal from Tools</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has undergone regular technical improvements in an attempt to evade detection.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1057"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1057">T1057</a> </td> <td> <a href="/versions/v9/techniques/T1057">Process Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can obtain a list of running processes.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1055"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1055">T1055</a> </td> <td> <a href="/versions/v9/techniques/T1055">Process Injection</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can inject itself into another process to avoid detection including use of a technique called ListPlanting that customizes the sorting algorithm in a ListView structure.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1055-002"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1055/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1055/002">Portable Executable Injection</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can inject its backdoor as a portable executable into a target process.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span> </p> </td> </tr> <tr class="sub technique" id="uses-T1055-004"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1055/004">.004</a> </td> <td> <a href="/versions/v9/techniques/T1055/004">Asynchronous Procedure Call</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can inject its code into a trusted process via the APC queue.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1090-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1090">T1090</a> </td> <td> <a href="/versions/v9/techniques/T1090/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1090">Proxy</a>: <a href="/versions/v9/techniques/T1090/001">Internal Proxy</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can function as a proxy to create a server that relays communication between the client and C&amp;C server, or between two clients.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1090-002"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1090/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1090">Proxy</a>: <a href="/versions/v9/techniques/T1090/002">External Proxy</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> InvisiMole can identify proxy servers used by the victim and use them for C2 communication.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1012"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1012">T1012</a> </td> <td> <a href="/versions/v9/techniques/T1012">Query Registry</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can enumerate Registry values, keys, and data.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1053-005"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1053">T1053</a> </td> <td> <a href="/versions/v9/techniques/T1053/005">.005</a> </td> <td> <a href="/versions/v9/techniques/T1053">Scheduled Task/Job</a>: <a href="/versions/v9/techniques/T1053/005">Scheduled Task</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has used scheduled tasks named <code>MSST</code> and <code>\Microsoft\Windows\Autochk\Scheduled</code> to establish persistence.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1113"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1113">T1113</a> </td> <td> <a href="/versions/v9/techniques/T1113">Screen Capture</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can capture screenshots of not only the entire screen, but of each separate window open, in case they are overlapping.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1218-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1218">T1218</a> </td> <td> <a href="/versions/v9/techniques/T1218/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1218">Signed Binary Proxy Execution</a>: <a href="/versions/v9/techniques/T1218/002">Control Panel</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can register itself for execution and persistence via the Control Panel.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1218-011"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1218/011">.011</a> </td> <td> <a href="/versions/v9/techniques/T1218">Signed Binary Proxy Execution</a>: <a href="/versions/v9/techniques/T1218/011">Rundll32</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has used rundll32.exe for execution.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1518"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1518">T1518</a> </td> <td> <a href="/versions/v9/techniques/T1518">Software Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can collect information about installed software used by specific users, software executed on user login, and software executed by each system.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique" id="uses-T1518-001"> <td></td> <td></td> <td> <a href="/versions/v9/techniques/T1518/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1518/001">Security Software Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can check for the presence of network sniffers, AV, and BitDefender firewall.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1082"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1082">T1082</a> </td> <td> <a href="/versions/v9/techniques/T1082">System Information Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can gather information on the mapped drives, OS version, computer name, DEP policy, memory size, and system volume serial number.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1016"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1016">T1016</a> </td> <td> <a href="/versions/v9/techniques/T1016">System Network Configuration Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> gathers information on the IP forwarding table, MAC address, configured proxy, and network SSID.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1033"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1033">T1033</a> </td> <td> <a href="/versions/v9/techniques/T1033">System Owner/User Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> lists local users and session information.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1007"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1007">T1007</a> </td> <td> <a href="/versions/v9/techniques/T1007">System Service Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can obtain running services on the victim.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1569-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1569">T1569</a> </td> <td> <a href="/versions/v9/techniques/T1569/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1569">System Services</a>: <a href="/versions/v9/techniques/T1569/002">Service Execution</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> has used Windows services as a way to execute its malicious payload.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1124"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1124">T1124</a> </td> <td> <a href="/versions/v9/techniques/T1124">System Time Discovery</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> gathers the local system time from the victim鈥檚 machine.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1080"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1080">T1080</a> </td> <td> <a href="/versions/v9/techniques/T1080">Taint Shared Content</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can replace legitimate software or documents in the compromised network with their trojanized versions, in an attempt to propagate itself within the network.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1204-002"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1204">T1204</a> </td> <td> <a href="/versions/v9/techniques/T1204/002">.002</a> </td> <td> <a href="/versions/v9/techniques/T1204">User Execution</a>: <a href="/versions/v9/techniques/T1204/002">Malicious File</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can deliver trojanized versions of software and documents, relying on user execution.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="technique" id="uses-T1125"> <td> Enterprise </td> <td colspan="2"> <a href="/versions/v9/techniques/T1125">T1125</a> </td> <td> <a href="/versions/v9/techniques/T1125">Video Capture</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can remotely activate the victim鈥檚 webcam to capture content.<span onclick=scrollToRef('scite-1') id="scite-ref-1-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2018">^{<a href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank" data-hasqtip="0" aria-describedby="qtip-0">[1]</a>}</span><span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> <tr class="sub technique noparent" id="uses-T1497-001"> <td> Enterprise </td> <td> <a href="/versions/v9/techniques/T1497">T1497</a> </td> <td> <a href="/versions/v9/techniques/T1497/001">.001</a> </td> <td> <a href="/versions/v9/techniques/T1497">Virtualization/Sandbox Evasion</a>: <a href="/versions/v9/techniques/T1497/001">System Checks</a> </td> <td> <p><a href="/versions/v9/software/S0260">InvisiMole</a> can check for artifacts of VirtualBox, Virtual PC and VMware environment, and terminate itself if they are detected.<span onclick=scrollToRef('scite-2') id="scite-ref-2-a" class="scite-citeref-number" data-reference="ESET InvisiMole June 2020">^{<a href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank" data-hasqtip="1" aria-describedby="qtip-1">[2]</a>}</span></p> </td> </tr> </tbody> </table> <h2 class="pt-3" id="references">References</h2> <div class="row"> <div class="col"> <ol> <li> <span id="scite-1" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-1" href="https://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/" target="_blank"> Hromcov谩, Z. (2018, June 07). InvisiMole: Surprisingly equipped spyware, undercover since 2013. Retrieved July 10, 2018. </a> </span> </span> </li> </ol> </div> <div class="col"> <ol start="2.0"> <li> <span id="scite-2" class="scite-citation"> <span class="scite-citation-text"> <a rel="nofollow" class="external text" name="scite-2" href="https://www.welivesecurity.com/wp-content/uploads/2020/06/ESET_InvisiMole.pdf" target="_blank"> Hromcova, Z. and Cherpanov, A. (2020, June). INVISIMOLE: THE HIDDEN PART OF THE STORY. Retrieved July 16, 2020. </a> </span> </span> </li> </ol> </div> </div> </div> </div> </div> </div> </div> </div> </div> </div> <!--stop-indexing-for-search--> <div class="overlay search" id="search-overlay" style="display: none;"> <div class="overlay-inner"> <!-- text input for searching --> <div class="search-header"> <div class="search-input"> <input type="text" id="search-input" placeholder="search"> </div> <div class="search-icons"> <div class="search-parsing-icon spinner-border" style="display: none" id="search-parsing-icon"></div> <div class="close-search-icon" id="close-search-icon">&times;</div> </div> </div> <!-- results and controls for loading more results --> <div id="search-body" class="search-body"> <div class="results" id="search-results"> <!-- content will be appended here on search --> </div> <div id="load-more-results" class="load-more-results"> <button class="btn btn-default" id="load-more-results-button">load more results</button> </div> </div> </div> </div> </div> <footer class="footer p-3"> <div class="container-fluid"> <div class="row"> <div class="col-4 col-sm-4 col-md-3"> <div class="footer-center-responsive my-auto"> <a href="https://www.mitre.org" target="_blank" rel="noopener" aria-label="MITRE"> <img src="/versions/v9/theme/images/mitrelogowhiteontrans.gif" class="mitre-logo-wtrans"> </a> </div> </div> <div class="col-2 col-sm-2 footer-responsive-break"></div> <div class="col-6 col-sm-6 text-center"> <p> 漏 2015-2021, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. </p> <div class="row"> <div class="col text-right"> <small> <a href="/versions/v9/resources/privacy" class="footer-link">Privacy Policy</a> </small> </div> <div class="col text-center"> <small> <a href="/versions/v9/resources/terms-of-use" class="footer-link">Terms of Use</a> </small> </div> <div class="col text-left "> <small> <a href="/versions/v9/resources/changelog.html" class="footer-link" data-toggle="tooltip" data-placement="top" title="ATT&amp;CK content version 9.0&#013;Website version 3.3.1">ATT&CK v9.0</a> </small> </div> </div> </div> <div class="w-100 p-2 footer-responsive-break"></div> <div class="col"> <div class="footer-float-right-responsive-brand"> <div class="mb-1"> <a href="https://twitter.com/MITREattack" class="btn btn-primary w-100"> <!-- <i class="fa fa-twitter"></i> --> <img src="/versions/v9/theme/images/twitter.png" class="mr-1 twitter-icon"> <b>@MITREattack</b> </a> </div> <div class=""> <a href="/versions/v9/contact" class="btn btn-primary w-100"> Contact </a> </div> </div> </div> </div> </div> </div> </footer> </div> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/jquery-3.5.1.min.js"></script> <script src="/versions/v9/theme/scripts/popper.min.js"></script> <script src="/versions/v9/theme/scripts/bootstrap.bundle.min.js"></script> <script src="/versions/v9/theme/scripts/site.js"></script> <script src="/versions/v9/theme/scripts/flexsearch.es5.js"></script> <script src="/versions/v9/theme/scripts/localforage.min.js"></script> <script src="/versions/v9/theme/scripts/settings.js?7906"></script> <script src="/versions/v9/theme/scripts/search_babelized.js"></script> <!--SCRIPTS--> <script src="/versions/v9/theme/scripts/navigation.js"></script> <script src="/versions/v9/theme/scripts/bootstrap-tourist.js"></script> <script src="/versions/v9/theme/scripts/settings.js"></script> <script src="/versions/v9/theme/scripts/tour/tour-relationships.js"></script> </body> </html>