-
-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmonitor_keywords_list.txt
1 lines (1 loc) · 12.1 KB
/
monitor_keywords_list.txt
1
7zip , conti , gmer, grabff, maze , net.exe, parsec , revil ,router scan, rport , rsat ,.exe url.dll,file.io,000webhostapp.com,0ktapus,1drv.com,1drv.ms,3proxy,8base,aadinternals,acccheckconsole.exe,azcopy,actinium,action1,add-mppreference,addinutil.exe,adexplorer,adfind,adplus.exe,adrecon,advanced ip scanner,advanced port scanner,advpack.dll,aeroadmin,agent tesla,agentexecutor.exe,agrius,akira,alpemix,amadey,americium,ammyy admin,andariel,angry ip scanner,anonfiles.com,anonymfile,antique typhoon,anydesk,anyviewer,app.github.dev,appcert.exe,appinstaller.exe,applejeus,appvlp.exe,apt10,apt15,apt28,apt29,apt30,apt31,apt32,apt33,apt34,apt35,apt4 ,apt40,apt41,apt44,apt45,apt5,aqua blizzard,armitage,asg remote desktop,aspnet_compiler.exe,asyncrat,atbroker.exe,atera,atlas lion,avoslocker,azurehound,azure storage explorer,babyshark,backblaze,backstab,badpotato,badrentdrv2,balada injector,barium,bashupload,bayfiles,bcdedit,beanywhere,bedevil,best_uninstalltool,bettersafetykatz,beyondtrust,bginfo.exe,bismuth,bitbucket.io,bitbucket.org,bitlockertogo,bitsadmin,black cube,ragnar locker,blackbyte,blackcat,blackshadow,blacksuit,blank grabber,bloodhound,blue tsunami,bluenoroff,bohrium,brass typhoon,bromine,bronze silhouette,bronze starlight,browsinghistoryview,brute ratel,brute-ratel,bruteratel,btunnel.exe,bublup,bulletspassview,burpsuite,cactustorch,cadet blizzard,caffeine,cain&abel,callisto,camouflage tempest,candiru,canvas cyclone,caramel tsunami,carbon spider,carmine tsunami,catbox.moe,cdn.discordapp.com,cent browser,cerium,certoc.exe,certreq.exe,certutil,charcoal typhoon,charlotte,charming kitten,chashell,chcp ,chimborazo,chisel,choziosi loader,.exploit.in,chrome loader,chrome remote desktop,chromecookiesview,chromepass,cicada3301,cimplant,cinnamon tempest,circle typhoon,citrine sleet,clickpirate,clop ransomware,cloudflared,cloudhopper,cl_invocation.ps1,cl_loadassembly.ps1,cl_mutexverifiers.ps1,cmdkey,cmdl32,cmstp.exe,cobalt gypsy,cobaltstrike,code.exe tunnel,colorcpl.exe,commandlineeventconsumer,computerdefaults.exe,comsvcs.dll,configsecuritypolicy.exe,conhost.exe,connectwise,conptyshell,control.exe,controlx,copernicium,coregen.exe,cotton sandstorm,cozy bear,crackmapexec,createdump.exe,creddump7,crimson sandstorm,crouching yeti,crowdstrike,crushftp,cryptacquirecontexta,cryptbinarytostring,cryptbot,cryptcreatehash,cryptdecrypt,cryptderivekey,cryptdestroyhash,cryptdestroykey,cryptencrypt,cryptgenrandom,cryptgethashparam,crypthashdata,cryptprotectdata,cryptreleasecontext,cryptsetkeyparam,cryptstringtobinary,cscript,ct.sendgrid.net,cuboid sandstorm,curium,customshellhost.exe,cyberduck,cyberroot,dadsec,dagon locker,dameware,danabot,dark hotel,darkbit,darkseoul,darkshadow,darkside,datasvcutil.exe,dcrat,dcsync,deadwood,decryptfilea,dispossessor,defaultpack.exe,defender control,defender-control,denim tsunami,desk.cpl ,desktopimgdownldr.exe,dev-0139,dev-0146,dev-0193,dev-0196,datagrabber,dev-0198,dev-0206,dev-0215,dev-0228,dev-0234,dev-0237,dev-0243,dev-0322,dev-0336,dev-0343,dev-0401,dev-0500,dev-0504,dev-0586,dev-0605,dev-0796,dev-0832,dev-0950,devicecredentialdeployment.exe,devinit.exe,devtoolslauncher.exe,devtunnel.exe,dfsvc.exe,dialupass,diamond sleet,diantz.exe,diskshadow,dns-hijacking,dnscat,dnscmd,dnx.exe,dnx.exe ,docs.google.com,domotz,donpapi,dotnet.exe,dragonbridge,drive.google.com,dropbear,dropbox,dropfiles,dropmefiles,dsdbutil.exe,dsinternals,dsirf,dsquery,dtutil.exe,dubnium,dubrute,duckdns,dump64.exe,dumpcreds,dumpert,dumpminitool.exe,dwagent,pcloud,dxcap.exe,ebpf,edrsandblast,elbrus,emerald sleet,emotet,emperor dragonfly,empire,encryptfilea,energetic bear,enigma,enumsystemlocalesa,eraser,esentutl,esxcli,ethereal panda,europium,eventvwr,evil-winrm,evilcorp,evilginx,evilproxy,excel.exe,expand.exe,explorer.exe,extexport.exe,extpassword,extrac32.exe,famoussparrow,fancy bear,fgdump,filebin.net,filegrabber,fileshredder,filetransfer.io,filezilla,fin11,fin12,fin6,fin7,findstr,finger.exe,fixmeit,flax typhoon,fleetdeck,fleetdm,fltmc.exe,flushefscache,forest blizzard,forfiles.exe,formbook,fox kitten,freefilesync,fsianycpu.exe,fsutil, fex.net,gadolinium,gallium,gamaredon,genie spider,get-aadint,getasynckeystate,getdrivetypea,getkeyboardstate,getlogicaldrives,gfxdownloadwrapper,ghost blizzard,ghostemperor,gingham typhoon,gitguardian,gobuster,godzilla,gofile.io,gosecretsdump,gotoassist,gotomypc,gpscript.exe,grabchrome,grandoreiro,granite typhoon,grant-aadint,gray sandstorm, storj,greatness,gsecdump,guloader,h0lygh0st,hafnium,havoc,hawkeye,hazel sandstorm,hexane,hijackloader,hive ,holmium,hostingerapp.com,ie4uinit.exe,ieadvpack.dll,iediagcmd.exe,ieexec.exe,ieframe.dll,iepassview,ilasm.exe,imewdbld.exe,impacket,indrik spider,infdefaultinstall.exe,innosetup,installutil.exe,interlock,inveigh,invoke-aadint,invoke-obfuscation,invoke-psimage,invoke-sharefinder,invoke-smbclient,invoke-socksproxy,invoke-thehash,iobit,iobitunlocker,iodine,iridium,itarian,jade sleet,jecretz,jigsaw,joomscan,juicypotato,kaos,kaseya,ke3chang,keethief,kerberoast,kerbrute,keyhole panda,keylogger,kimsuky,knotweed,koadic,konni,krypton,kryptonite panda,labyrinth chollima,lace tempest,ladon,lansearchpro,lansweeper,laps too,lapsus$,launch-vsdevshell.ps1,lazagne,lazarus,ldapdomaindump,ldifde.exe,lemon sandstorm,leopard typhoon,level.io,leviathan,ligolo,lilac typhoon,lime-rat,linpeas,localtunnel,localxpose,lockbit,logmein,lokibot,lolbas,lolbin,loldriver,lostmypassword,lotusblossom,lsadump,lslsass,lumma,luna tempest,lyceum,magnet ram capture,mailpassview,mailsniper,makecab.exe,mallox,manage-bde.wsf,manageengine landesk,manageenginermm,manatee tempest,manganese,mango sandstorm,marbled dust,marigold sandstorm,masscan,maverick panda,mavinject,mediafire.com,medusa,meduza,mega.co.nz,megacmd,megasync,megatools,mekotio,menupass,mercury,meshagent,meshcentral,metamorfo,metasploit,metastealer,meterpreter,mftrace.exe,microburst,microsoft.listsync.db,microsoft.nodejstools.pressanykey.exe,microsoft.workflow.compiler.exe,midnight blizzard,mimikatz,mimipenguin,mint sandstorm,mirai,mobaxterm,moonstone sleet,moses staff,mozillacookiesview,mpcmdrun.exe,msaccess.exe,msbuild.exe,msconfig.exe,msdeploy.exe,msedge.exe,msedgewebview2.exe,msedge_proxy.exe,msfvenom,mshta,mshtml.dll,msiexec,msohtmed.exe,mspub.exe,msxsl.exe,muddywater,mulberry typhoon,mustard tempest,n-able,nakedpages,nbtscan,nbtstat,net localgroup,netcat,netexec,nethunt.com,netpass,netscan,netsess,netsh,netstat,netsupport,nickel,night tsunami,nirsoft,nishang,njrat,nltest,nobelium,nokoyawa,nping,nscurl ,nso group,nsocks,nsudo,ntdsutil,nwgen team,nylon typhoon,oceanlotus,octo tempest,odbcconf.exe,offlinescannershell.exe,oilrig,onedrive,onedrivestandaloneupdater.exe,onyx sleet,opal sleet,openconsole.exe,openssh,operapassview,oro0lxy,osmium,parinacota,passwordfox,paste.ee,pastebin,pastie.org,pcalua.exe,pchunter,pcwrun.exe,pcwutl.dll,pdq deploy,pdq inventory,peach sandstorm,pearl sleet,peass-ng,perfectdata software,periwinkle tempest,pester.bat,phishery,phlox tempest,phosphorus,phobos,pikabot,pingcastle,pink sandstorm,pioneerkitten,pistachio tempest,pivotnacci, put.io,putty,pktmon.exe,plaid rain,plugx,plutonium,pnputil.exe,polonium,portqry,poshc2,potassium,powerless,powerpnt.exe,powershellrunner,powersploit,powerup,powerview,presentationhost.exe,primitive bear,printbrm.exe,printspoofer,privatlab,procdump,processhacker,produkey,protocolhandler.exe,protonmail,provlaunch.exe,proxifier,proxychains, play ranso,psexec,psinfo,pslist,psnmap,pubprn.vbs,pulseway,pumpkin sandstorm,purple typhoon,purple vallhund,pwdump,pwntools,quad7,quadream,quarkspwdump,quasar,raccoon,radium,radmin,ransomhub,rasautou.exe,raspberry robin,raspberry typhoon,raw.githubusercontent.com,rclone,rcsi.exe,rdp recognizer,rdrleakdiag.exe,reconftw,red diablo,redguard,redline,refined kitten,reg save hk,regasm.exe,regedit,regeorg,regini.exe,register-cimprovider.exe,registerrawinputdevice,regsvcs.exe,regsvr32,remcom,remcos,remote manipulator system,remote.exe,remotedesktoppassview,remotepc,remoteutilities,replace.exe,requestbin.net,responder,restic,reuse team,rhadamanthys,rhysida,roadtools,romcom,rootkit,rottenpotato,rottenpotatong,routerpassview,routerscan,rpcping.exe,rsocks,rsockstun,rubeus,rubidium,ruby sleet,rundll32,runexehelper.exe,runonce.exe,runscripthelper.exe,rustdesk,rustscan,ruza flood,rvtools,ryuk,s3 browser,safetykatz,sagrid,saint bear,saintbot,sality,salmon typhoon,salt typhoon,sandworm,sangria tempest,sapphire sleet,sc.exe,scattered spider,schtasks,screenconnect,screengrabber,scriptrunner.exe,scrobj.dll,sdelete,sea turtle,seaborgium,seashell blizzard,seatbelt,secret blizzard,secretsdump,secretserversecretstealer,seedworm,sefid flood,sendspace,sessiongopher,set-aadint,set-wmiinstance,setres.exe,settingsynchost.exe,setupapi.dll,setwindowshookex,sharefinder,sharpboys,sharpchrome,sharpchromium,sharpdpapi,sharpdump,sharphound,sharpkatz,sharpoxidresolver,sharpshares,sharpsploit,sharpview,shdocvw.dll,shell32.dll,shimgvw.dll,shootback,silent chollima,silicon,silk typhoon,simplehelp,skeleton spider,slack-files.com,sliver,smbmap,smbscan,smbtouch,smbtrap,smoke sandstorm,snaffler,snake,sniffpass,socat -u ,socat file,socat stdin,socat tcp-,shz.al,socks,sodium,softethervpn,softperfect,softperfect network scanner,sorillus,sourgum,spamouflage,spandex tempest,speedtest,splashtop,splunk,spurr,sqldumper.exe,sqlmap,sqlps.exe,sqltoolsps.exe,squirrel.exe,sshdoor,star blizzard,static kitten,stealc,stordiag.exe,storm-0062,storm-0133,storm-0216,storm-0257,storm-0324,storm-0381,storm-0501,storm-0506,storm-0530,storm-0539,storm-0558,storm-0569,storm-0587,storm-0744,storm-0784,storm-0829,storm-0835,storm-0842,storm-0844,storm-0861,storm-0867,storm-0875,storm-0919,storm-0954,storm-0971,storm-0978,storm-1044,storm-1084,storm-1099,storm-1101,storm-1113,storm-1133,storm-1152,storm-1167,storm-1175,storm-1283,storm-1286,storm-1295,storm-1364,storm-1376,storm-1516,storm-1567,storm-1575,storm-1660,storm-1674,storm-1679,storm-1789,storm-1804,storm-1805,storm-1811,storm-1841,storm-1849,storm-1852,storm-2035,strawberry tempest,strontium,stunnel,subbrute,sublist3r,sunglow blizzard,superops,supremo,syncappvpublishingserver.exe,syncappvpublishingserver.vbs,syssetup.dll,systemctl ,ta456,ta471,ta505,ta543,tabcteng,tacticalrmm,tailscale,taizi flood,tapaoux,tasklist,taskmgr,tdskiller,tdsskiller,teams.exe,teamviewer,telegram,telnet,temp.periscope,temp.sh,temp.zagros,tempsend,termite,testwindowremoteagent.exe,thallium,thc-hydra,thundershell,tightvnc,tinymet,tomato tempest,tortoise shell,tracker.exe,tradertraitor,transfer.sh,transfert-my-files,trendmicro basecamp,trigona,truesocks,trufflehog,ttdinject.exe,tttracer.exe,turla,twingate,twisted spider,txportmap,uac-0020,uat4356,ufile.io,ultravnc,unc1151,unc1549,unc2053,unc2165,unc2198,unc3944,unc4736,unc4899,unc530,unc757,underground team,unlock it,unregmp2.exe,utilityfunctions.ps1,vanguard panda,vanilla tempest,vatet,veeam-get-creds,velvet chollima,pixeldrain,velvet tempest,venomous bear,verclsid.exe,vice leaker,vice society,vidar,violet typhoon,virlock,virtualbox,visio.exe,visualuiaverifynative.exe,vixen panda,vmware powercli,vncpassview,volatility,volt typhoon,vsdiagnostics.exe,vshadow.exe,vsiisexelauncher.exe,vsjitdebugger.exe,vslaunchbrowser.exe,vsls-agent.exe,vssadmin,vstest.console.exe,w32times,wadhrama,wannacry,wbadmin.exe,webbrowserpassview,weevely,wetransfer.com,wevtutil,wfc.exe,wget --post,wine tempest,winfile.exe,winget.exe,winlister,winnti,winpeas,winproj.exe,winpwn,winrm,winrar,winscp,winword.exe,wirelesskeyview,wisteria tsunami,wizard spider,wiztree,wlrmdr.exe,wmic,wmiexec,workfolders.exe,wscript.exe,wsl.exe,wsreset.exe,wstunnel,wuauclt.exe,xcopy,xenarmor,xmrig,xsd.exe,xwizard.exe,xworm,ydark,ysoserial,zerobin.net,zerocleare,zerotier,zigzag hail,zipfldr.dll,zirconium,zloader,zohoassist,quickassist,named pipe,keyboard layout,firewall rule,BrazenBamboo,\\pipe\\,scheduled task name,service name,shadowpad,VBoxManage,VirtualBox,Virtualization,Virtual Machine,Intrinsec,TA4557,typeperf,bit.ly,urlr.me,tiny.cc,tinu.be,spoo.me,lstu.fr,kutt.it,cutt.ly,buff.ly,short.io,bitly.kr,t2mio.com,shlink.io,cutit.org,clicky.me,bitly.com,yourls.org,www.bl.ink,switchy.io,awesome.re,shorturl.at,foxlyme.com,www.name.com,linksplit.io,framagit.org,rebrandly.com,kurzelinks.de,linkhuddle.com,www.shorturl.at,polrproject.org,smallseotools.com,www.livechatinc.com,CredHistView,user-agent,PDQDeployService,PDQDeployRunner