Tools

Name	Tags	Incidents	Techniques
9hits	CommercialDual-use	9hits Docker campaign	Proxyjacking
AgentTesla	RAT	8820 Gang targeting WebLogic
AndroxGh0st	Toolkit	AndroxGh0st usage (2024)
AnyDesk	CommercialDual-use	Peach Sandstorm Azure targeting Magnet Goblin campaign (2024) TargetCompany Abusing MSSQL Servers for Ransomware
Atomic Red Team	OffSecK8sAttacker-side
aws-ethereum-miner	CryptominerCloud
AWSealion	OffSecToolkitAttacker-side
AzureHound	OffSecToolkitAttacker-sideCloud	Peach Sandstorm Azure targeting
Babuk	Ransomware	ESXiArgs ransomware campaign
BlueShell	OffSec
BPFDoor	Malware
BUSHWALK		Ivanti Connect Secure targeting campaign
C3Bash		RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto
C3Pool		C3Pool mining via Confluence vulnerability
C3RB3R Ransomware	RansomwareMalware	Confluence targeting by C3RB3R	Vulnerability exploitation
CDK	OffSecK8s		Abusing exposed Docker socket Exploiting host mount to escape to host
Cetus	WormCryptominer	Cetus campaign
CHAINLINE		Ivanti Connect Secure targeting campaign
Chaos RAT	RAT
Cheerscrypt	Ransomware
China Chopper	Webshell	Storm-0558 phishing campaigns
Chisel	Proxy	From web app exploitation to Chisel tunneling
Cigril	Trojan	Storm-0558 phishing campaigns	DLL search order hijacking
CloudBrute	OffSecCloud
CloudFox	OffSecAttacker-sideCloud
CloudSplaining	OffSec
CLR shell		Mimic used by Trigona operators
Cobalt Strike	OffSec	Apache server Cryptojacking with Cobalt Strike Widespread TeamCity exploitation (March ‘24) Agenda Ransomware Targets ESXi and vCenter Servers
CoinStomp	Cryptominer	CoinStomp campaign
CrackMapExec	OffSec	Ivanti Connect Secure targeting campaign
CredMaster
Ddostf	DDoS
Denonia	Cryptominer	Denonia campaign	Serverless execution
DeRF	ToolkitOffSecCloud
Diamorphine rootkit	Rootkit	Qubitstrike Crypto Mining and Rootkit Campaign
DinodasRAT	RAT
DSLog		Ivanti Connect Secure targeting campaign
EagleRelay	Proxy	Peach Sandstorm Azure targeting
enum4Linux	OffSec	Ivanti Connect Secure targeting campaign
enumerate-iam	ToolkitOffSecCloud
FBot	ToolkitMalwareAttacker-side	FBot toolkit targets cloud environments
FireProx
FRAMESTING		Ivanti Connect Secure targeting campaign
frp		z0Miner targeting WebLogic servers
fscan	OffSec	From WSO2 RCE to SSH lateral movement
Gato	ToolkitCI/CD		CI/CD system enumeration
Gh0st RAT	MalwareRAT	Apache server Cryptojacking with Cobalt Strike
Gh0stCringe	Malware
GoBruteforcer	Botnet	GoBruteforcer campaign	Password bruteforcing
Godzilla	Webshell	From WSO2 RCE to SSH lateral movement From ActiveMQ to Godzilla webshell
GOHEAVY		UNC5174 ScreenConnect and F5 BIG-IP exploitation
GoTitan	Botnet	GoTitan ActiveMQ campaign
Graboid	WormCryptominer	Graboid campaign
GreenBot	ToolkitAttacker-side
Gsocket	OffSec	SilentBob cryptomining campaign Labrat GitLab campaign
HeadCrab		HeadCrab campaign
HiddenShovel	Cryptominer
Hildegard	Cryptominer	TeamTNT campaigns
Hive	Ransomware
IceFire	Ransomware	IceFire Aspera Faspex campaign
Impacket	OffSec	Ivanti Connect Secure targeting campaign
Infection Monkey	OffSecToolkit
iodine	OffSec	Ivanti Connect Secure targeting campaign
IPRoyal	CommercialDual-useProxy	Labrat GitLab campaign	Proxyjacking
Jasmin		Widespread TeamCity exploitation (March ‘24)
KeyChecker	Cloud
Kinsing		Kinsing campaign (2020)
Krasue	RAT	Krasue Thailand campaign
kube-hunter	OffSecK8s
kubescape	K8sOffSec
Kubesploit	OffSecK8s
Kubestroyer	OffSecK8s
Kunpeng	OffSec	Abcbot Huawei Cloud targeting campaign
LaZagne	OffSecMalware
Leonidas	OffSecToolkitCloud
LIGHTWIRE		Ivanti Connect Secure targeting campaign
Ligolo		Magnet Goblin campaign (2024)
linPEAS	OffSec	Use of linPEAS for cloud enumeration
Linux Exploit Suggester	OffSec
LockBit	Ransomware
Loggerminer	Cryptominer	Loggerminer campaign
Lucifer	Botnet	Lucifer Botnet targeting Hadoop	Vulnerability exploitation Misconfigured Apache Hadoop abuse
Mallox ransomware		TargetCompany Abusing MSSQL Servers for Ransomware
Masscan	OffSec	SilentBob cryptomining campaign
Mélofée	Malware
Meson CDN		Meson Network cryptojacking campaign
Metasploit	OffSec	Andariel exploiting Apache ActiveMQ From code commit to production takeover
MicroBurst	OffSec
Mimic ransomware	Ransomware	RE#TURGENCE MSSQL Server RansomOp Mimic used by Trigona operators	Password bruteforcing Vulnerability exploitation
Mimikatz		RE#TURGENCE MSSQL Server RansomOp
Mimipenguin	OffSecMalware
Mimipy	OffSec
Mimo	Cryptominer	Mimo cryptomining campaign
Mimus	Ransomware	Mimo cryptomining campaign
MiniNerbian		Magnet Goblin campaign (2024)
Mirai		Mirai campaign targeting Ivanti products
Monero miner		Lucifer Botnet targeting Hadoop
NerbianRAT		Magnet Goblin campaign (2024)
netcat		z0Miner targeting WebLogic servers Kubernetes Clusters Targeted in OpenMetadata Exploits
nevada	Ransomware
ngrok	OffSec	SilentBob cryptomining campaign ngrok cryptojacking campaign
NHAS reverse_ssh	Reverse shell	Mimo cryptomining campaign
NoaBot	BotnetCryptominer		SSH propagation
NukeSped	RAT	Andariel exploiting Apache ActiveMQ
OracleIV	DDoSBotnet	OracleIV campaign
Pacu	OffSec	SilentBob cryptomining campaign SugarCRM as initial access to AWS envs
Peer2Profit	ProxyDual-use	Mimo cryptomining campaign
Peirates	OffSecK8s	SilentBob cryptomining campaign TeamTNT campaigns
PowerZure	OffSec
proot	OffSec
ProxyLite	CommercialDual-useProxy	Labrat GitLab campaign	Proxyjacking
PsExec		Agenda Ransomware Targets ESXi and vCenter Servers
pwnRig	Cryptominer
PySoxy	OffSecProxy	Ivanti Connect Secure targeting campaign
RansomEXX	Ransomware
Red-kube	OffSecK8s
Redigo		Redigo campaign
Rekoobe	Malware	APT31 Rekoobe campaign
Remcos RAT		TargetCompany Abusing MSSQL Servers for Ransomware
Reptile	Rootkit	UNC3886 campaigns
ROADtools	OffSec	Peach Sandstorm Azure targeting
s3-account-search	OffSec
ScoutSuite	OffSec	SugarCRM as initial access to AWS envs
ScreenConnect		Magnet Goblin campaign (2024)
SecureShell		Agenda Ransomware Targets ESXi and vCenter Servers
ShellBot / PerlBot	Botnet	RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto	Misconfigured SSH abuse
Shikitega	MalwareCryptominer
Siloscape	Malware	Siloscape campaign
SkidMap	CryptominerMalware	SkidMap targeting Redis
SkyArk	OffSec
Sliver	OffSec	From PHP exploitation to AWS lateral movement From PHP vuln to Sliver execution via cron Cloudflare incident following Okta breach Sliver deployment via Confluence vulnerability
SNOWLIGHT		UNC5174 ScreenConnect and F5 BIG-IP exploitation
SNS Sender	ToolkitAttacker-side		SNS abuse for spam or phishing Smishing (SMS phishing)
SoftEther proxy	Proxy	Microsoft signing key compromise
SparkRAT		Widespread TeamCity exploitation (March ‘24)
SSH-Snake	OffSecWorm	SSH-Snake Confluence targeting campaign
Stormspotter	OffSecToolkitCloud
Stratus Red Team	OffSecK8sCloud
SUNBURST	Backdoor	Solarigate: Solarwinds supply chain attack
SUPERSHELL		UNC5174 ScreenConnect and F5 BIG-IP exploitation
Sysrv	CryptominerBotnet
TEARDROP	Dropper	Solarigate: Solarwinds supply chain attack
THINSPOOL		Ivanti Connect Secure targeting campaign
TinyShell		Commando Cat campaign
tmate	OffSec	SilentBob cryptomining campaign
TMChecker	ToolkitAttacker-side		Password bruteforcing
Trigona	Ransomware	Trigona targeting MSSQL servers Mimic used by Trigona operators	Password bruteforcing Vulnerability exploitation
TruffleHog	OffSec
Tsunami	Backdoor	SilentBob cryptomining campaign Tsunami targeting Jenkins and Weblogic
WARPWIRE		Ivanti Connect Secure targeting campaign Magnet Goblin campaign (2024)
WIREFIRE		Ivanti Connect Secure targeting campaign
XMRig	Cryptominer	SilentBob cryptomining campaign Apache server Cryptojacking with Cobalt Strike Dreambus campaign (2021) ScarletEel campaign (Feb ‘23) ScarletEel campaign (July ‘23) Denonia campaign Dreambus campaign (2023) 9hits Docker campaign Mimo cryptomining campaign Commando Cat campaign ECS Fargate cryptojacking Migo cryptominer targeting Redis Lucifer Botnet targeting Hadoop Sliver deployment via Confluence vulnerability z0Miner targeting WebLogic servers Widespread TeamCity exploitation (March ‘24) RUBYCARP: Botnet Exploiting Vulnerabilities for Crypto Cryptojacking via Azure Batch
XorDdos	BotnetDDoS
XZ Utils backdoor	Backdoor	XZ Utils backdoor incident
Zgrab	OffSec	SilentBob cryptomining campaign
ZIPLINE		Ivanti Connect Secure targeting campaign