Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /user/ericscales/spe/NK_SPE_keywords.txt
- KeywordClass
- 1
- keywords
- 1 1
- p n t pc pu pb p8 p7 pg an ph or di um st ww pr lo ta cp
- 1 1
- 7 r
- 1 9
- 7 Keyword r
- 1 10
- 3 Accounts r
- 1 0
- 2 Dayals-1 1 1 r
- 1 0
- 2 JHKim4-1 1 1 r
- 1 0
- 2 KManku-1 1 1 r
- 1 0
- 2 MMcLean3-1 1 1 r
- 1 0
- 2 jhkim-1 1 1 r
- 1 0
- 2 dhenderson-1 1 1 r
- 1 0
- 2 cmonti-1 1 1 r
- 1 0
- 2 ADutta2-1 1 1 r
- 1 0
- 2 rimageservice 1 1 r
- 1 0
- 2 mdurrani 1 1 r
- 1 5
- 7 Carve r
- 1 0
- EXEs \x4D\x5A\x90\x00\x03\x00\x00\x00 1 1 r
- 1 0
- Registry Hive Header (regf) \x72\x65\x67\x66 1 1 r
- 1 0
- Registry Hive 4KB bin (hbin) \x68\x62\x69\x6e 1 1 r
- 1 0
- File Entries (FILE0) \x46\x49\x4C\x45\x30 1 1 r
- 1 0
- INDX Entries \x49\x4e\x44\x58 1 1 r
- 1 12
- 7 Day 0 r
- 1 10
- 3 NBIs r
- 1 0
- 2 93.157.14.154 1 1 r
- 1 0
- 2 165.138.120.25 1 1 r
- 1 0
- 2 209.237.95.19 1 1 r
- 1 0
- 2 213.42.82.243 1 1 r
- 1 0
- 2 124.47.73.194 1 1 r
- 1 0
- 2 62.141.29.175 1 1 r
- 1 0
- 2 65.117.146.5 1 1 r
- 1 0
- 2 187.176.34.40 1 1 r
- 1 0
- 2 101.76.99.183 1 1 r
- 1 0
- 2 211.76.87.252 1 1 r
- 1 0
- 2 install-sunny-leone-II-screensaver.exe install-sunny-leone-II-screensaver.exe 1 1 r
- 1 0
- 2 tmsn.exe tmsn.exe 1 1 r
- 1 0
- 2 netmonsvc.dll netmonsvc.dll 1 1 r
- 1 0
- 2 tmscompg.msi tmscompg.msi 1 1 r
- 1 0
- 2 NetMonSvc NetMonSvc 1 1 r
- 1 0
- 2 NetWork Moniter Services NetWork Moniter Services 1 1 r
- 1 0
- 2 cvrit000.bat cvrit000.bat 1 1 r
- 1 0
- 2 sunny-leone-II-screensaver.scr sunny-leone-II-screensaver.scr 1 1 r
- 1 0
- 2 1.JPG 1.JPG 1 1 r
- 1 0
- 2 2.JPG 2.JPG 1 1 r
- 1 0
- 2 3.JPG. 3.JPG. 1 1 r
- 1 24
- 3 NBIs r
- 1 0
- 2 217.96.33.164 1 1 r
- 1 0
- 2 203.131.222.102 1 1 r
- 1 0
- 2 88.53.215.64 1 1 r
- 1 0
- 2 212.31.102.100 1 1 r
- 1 0
- 2 58.185.154.99 1 1 r
- 1 0
- 2 200.87.126.116 1 1 r
- 1 0
- 2 www.ntcnt.ru 1 1 r
- 1 0
- 2 93.191.62.154 1 1 r
- 1 0
- 2 www.thammasatpress.com 1 1 r
- 1 0
- 2 203.150.230.72 1 1 r
- 1 0
- 2 moodle.universidadebematech.com.br 1 1 r
- 1 0
- 2 200.186.46.59 1 1 r
- 1 0
- 2 173.230.140.245 1 1 r
- 1 0
- 2 175.45.178.19 1 1 r
- 1 0
- 2 192.81.128.82 1 1 r
- 1 0
- 2 220.88.177.66 1 1 r
- 1 0
- 2 118.163.116.196 1 1 r
- 1 0
- 2 203.131.222.109 1 1 r
- 1 0
- 2 175.111.4.6 1 1 r
- 1 0
- 2 140.136.134.109 1 1 r
- 1 0
- 2 142.177.194.101 1 1 r
- 1 0
- 2 151.13.173.99 1 1 r
- 1 0
- 2 65.49.2.182 1 1 r
- 1 0
- 2 124.66.152.30 1 1 r
- 1 21
- 7 Opp Notes r
- 1 0
- 2 comon32 comon32 1 1 r
- 1 0
- 2 diskpartmgr16 diskpartmgr16 1 1 r
- 1 0
- 2 dpnsvr16 dpnsvr16 1 1 r
- 1 0
- 2 hwrcompsvc64 hwrcompsvc64 1 1 r
- 1 0
- 2 recdisc32 recdisc32 1 1 r
- 1 0
- 2 mobsynclm64 mobsynclm64 1 1 r
- 1 0
- 2 taskhosts64.exe Command 1 wmic.exe /node:"SPCONCAC1035461" /user:"spe\jhkim-1" /password:"DE$Ktop12" PROCESS CALL CREATE "\\SPCONCAC1035461\admin$\system32\taskhosts64.exe" 1 1 r
- 1 0
- 2 taskhosts64.exe Command 2 \\SPTVASG51010344\admin$\system32\taskhosts64.exe 1 1 r
- 1 0
- 2 taskhosts64.exe Command 3 wmic.exe /node:"172.22.179.57" /user:"spe\jhkim-1" /password:"DE$Ktop12" PROCESS CALL CREATE "\\172.22.179.57\admin$\system32\taskhosts64.exe" > 1701901378_11532 1 r
- 1 0
- 2 mobsynclm64.exe Command 1 \SPTVEMA50005496\admin$\system32\mobsynclm64.exe 1 1 r
- 1 0
- 2 mobsynclm64.exe Command 2 wmic.exe /node:"SPTVEMA50005496" /user:"spe\dhenderson-1" /password:"(Ba773l35)" PROCESS CALL CREATE "\\SPTVEMA50005496\admin$\system32\mobsynclm64.exe" > 1702864294_644 1 1 r
- 1 0
- 2 recdisc32.exe Command 1 wmic.exe /node:"172.18.57.200" /user:"spe\dhenderson-1" /password:"(Ba773l35)" PROCESS CALL CREATE "\\172.18.57.200\admin$\system32\recdiscm32.exe" > 1693269608_8260 1 1 r
- 1 0
- 2 hwrcompsvc64.exe Command 1 /node:"SPETWVDSKPRB19" /user:"SPE\cmonti-1" /password:"Minion#1" PROCESS CALL CREATE "\\SPETWVDSKPRB19\admin$\system32\hwrcompsvc64.exe" 1 1 r
- 1 0
- 2 hwrcompsvc64.exe Command 2 /node:"SPHEEPA50007614" /user:"SPE\cmonti-1" /password:"Minion#1" PROCESS CALL CREATE "\\SPHEEPA50007614\admin$\system32\hwrcompsvc64.exe" 1 1 r
- 1 0
- 2 dpnsvr16.exe Command 1 "SPE\cmonti-1" /password:"Minion#1" PROCESS CALL CREATE "\\SPCONMHC1030836\admin$\system32\dpnsvr16.exe" > 1691533239_8104 1 1 r
- 1 0
- 2 diskpartmgr16.exe Command 1 wmic.exe /node:"172.24.249.36" /user:"SPE\cmonti-1" /password:"Minion#1" PROCESS CALL CREATE "\\172.24.249.36\admin$\system32\diskpartmg16.exe" > 1689370800_14860 1 1 r
- 1 0
- 2 comon32.exe Command 1 /node:"SPCONSPC1035060" /user:"SPE\cmonti-1" /password:"Minion#1" PROCESS CALL CREATE "\\SPCONSPC1035060\admin$\system32\comon32.exe" 1 1 r
- 1 0
- 2 comon32.exe Command 2 /node:"172.27.41.62" /user:"spe\dhenderson-1" /password:"(Ba773l35)" PROCESS CALL CREATE "\\172.27.41.62\admin$\system32\comon32.exe" 1 1 r
- 1 0
- 2 dhenderson Password "(Ba773l35)" 1 1 r
- 1 0
- 2 jhkim-1 Password "DE$Ktop12" 1 1 r
- 1 0
- 2 cmonti-1 Password "Minion#1" 1 1 r
- 1 9
- 7 Other Malware r
- 1 0
- 2 kph.sys kph.sys 1 1 r
- 1 0
- 2 ams.exe \ams.exe 1 1 r
- 1 0
- 2 lsremora64.dll lsremora64.dll 1 1 r
- 1 0
- 2 1.log \1.log 1 1 r
- 1 0
- 2 re5.txt \re5.txt 1 1 r
- 1 0
- 2 lionhearted lionhearted 1 1 r
- 1 0
- 2 troy.dll troy.dll 1 1 r
- 1 0
- 2 tdll.dll tdll.dll 1 1 r
- 1 0
- 2 TMP1.nms TMP1.nms 1 1 r
- 1 6
- 7 Passwords r
- 1 0
- 2 Dayals-1 Password London13! 1 1 r
- 1 0
- 2 JHKim4-1 Password !Tomorrow33 1 1 r
- 1 0
- 2 KManku-1 Password M@nday77 1 1 r
- 1 0
- 2 MMcLean3-1 Password @Smiley91 1 r
- 1 0
- 2 Password from 2618dd3e5c59ca851f03df12c0cab3b8 P@ssw0rd123 1 1 r
- 1 0
- 2 jhkim-1 password DE$Ktop12 1 1 r
- 1 35
- 7 TINYFUSE Malware r
- 1 0
- 2 WinsSchMgmt Service WinsSchMgmt 1 1 r
- 1 0
- 2 Windows Schedule Management Service Windows Schedule Management Service 1 1 r
- 1 0
- 2 RasMgrp GETTICKCOUNT RasMgrp 1 1 r
- 1 0
- 2 RasSecruity RasSecruity 1 1 r
- 1 0
- 2 Remote Command 1 cmd.exe /q /c net share shared$=%SystemRoot% /GRANT:everyone,FULL 1 1 r
- 1 0
- 2 Remote Command 2 cmd.exe /q /c net share shared$=%SystemRoot% 1 1 r
- 1 0
- 2 WMI Command cmd.exe /c wmic.exe /node:"<TARGET>" /user:"<USER>" /password:"<PASSWORD>" PROCESS CALL CREATE "<malware_name>" > <gettickcount()>_<TID> 1 1 r
- 1 0
- 2 Remote Command 3 cmd.exe /q /c net share shared$ /delete 1 1 r
- 1 0
- 2 Dayals-1 Username SPE\Dayals-1 1 1 r
- 1 0
- 2 JHKim4-1 Username SPE\JHKim4-1 1 1 r
- 1 0
- 2 KManku-1 Username SPE\KManku-1 1 1 r
- 1 0
- 2 MMcLean3-1 Username SPE\MMcLean3-1 1 1 r
- 1 0
- 2 igfxtrayex.exe igfxtrayex.exe 1 1 r
- 1 0
- 2 brmgmtsvc Service brmgmtsvc 1 1 r
- 1 0
- 2 dpnsvr16.exe dpnsvr16.exe 1 1 r
- 1 0
- 2 expandmn32.exe expandmn32.exe 1 1 r
- 1 0
- 2 hwrcompsvc64.exe hwrcompsvc64.exe 1 1 r
- 1 0
- 2 mobsynclm64.exe mobsynclm64.exe 1 1 r
- 1 0
- 2 rdpshellex32.exe rdpshellex32.exe 1 1 r
- 1 0
- 2 recdiscm32.exe recdiscm32.exe 1 1 r
- 1 0
- 2 taskchg16.exe taskchg16.exe 1 1 r
- 1 0
- 2 taskhosts64.exe taskhosts64.exe 1 1 r
- 1 0
- 2 Function UpzRhu UpzRhu 1 1 r
- 1 0
- 2 Function YspAQq YspAQq 1 1 r
- 1 0
- 2 deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly 1 1 r
- 1 0
- 2 inflate 1.2.3 Copyright 1995-2005 Mark Adler inflate 1.2.3 Copyright 1995-2005 Mark Adler 1 1 r
- 1 0
- 2 fHello World! \fHello World! 1 1 r
- 1 0
- 2 Log File net_ver.dat 1 1 r
- 1 0
- 2 iissvr.exe iissvr.exe 1 1 r
- 1 0
- 2 net_ver.dat net_ver.dat 1 1 r
- 1 0
- 2 usbdrv3.sys usbdrv3.sys 1 1 r
- 1 0
- 2 Backup and Restore Management Service Backup and Restore Management Service 1 1 r
- 1 0
- 2 Malware Output ([A-Z][0-9]+)\|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\|(1|2) 1 1 r
- 1 0
- 2 index.wav index.wav 1 1 r
- 1 0
- 2 brmgmtsvc brmgmtsvc 1 1 r
- 1 2
- 7 UNIX Malware r
- 1 0
- 2 monit.sh monit.sh 1 1 r
- 1 0
- 2 svcadm disable ssh svcadm disable ssh 1 1 r
Add Comment
Please, Sign In to add comment