nuclei-malware/STATUS.md

# List

* [https://github.com/Yara-Rules/rules](https://github.com/daffainfo/nuclei-malware/tree/master/Yara-Rules)

| Yara Rules | Status |
| --- | --- |
| MALW_ATMPot | 🟥 Impossible |
| MALW_ATM_HelloWorld | 🟥 Impossible |
| MALW_AZORULT | 🟥 Impossible |
| MALW_AgentTesla |  🟨 Still possible but requires a lot of effort  |
| MALW_AgentTesla_SMTP |  🟨 Still possible but requires a lot of effort  |
| MALW_AlMashreq |  🟨 Still possible but requires a lot of effort  |
| MALW_Alina | 🟩 Possible |
| MALW_Andromeda | 🟩 Possible |
| MALW_Arkei | 🟩 Possible |
| MALW_Athena |  🟨 Still possible but requires a lot of effort  |
| MALW_Atmos | 🟥 Impossible |
| MALW_BackdoorSSH | 🟥 Impossible |
| MALW_Backoff | 🟩 Possible |
| MALW_Bangat | 🟥 Impossible |
| MALW_Batel | 🟥 Impossible |
| MALW_BlackRev |  🟨 Still possible but requires a lot of effort  |
| MALW_BlackWorm | 🟩 Possible |
| MALW_Boouset | 🟥 Impossible |
| MALW_Bublik | 🟩 Possible |
| MALW_Buzus_Softpulse | 🟥 Impossible |
| MALW_CAP_HookExKeylogger |  🟨 Still possible but requires a lot of effort  |
| MALW_Chicken |  🟨 Still possible but requires a lot of effort  |
| MALW_Citadel | 🟥 Impossible |
| MALW_Cloaking | 🟥 Impossible |
| MALW_Cookies |  🟨 Still possible but requires a lot of effort  |
| MALW_Corkow | 🟥 Impossible |
| MALW_Cxpid | 🟩 Possible |
| MALW_Cythosia | 🟩 Possible |
| MALW_DDoSTf | 🟩 Possible |
| MALW_Derkziel | 🟩 Possible |
| MALW_Dexter | 🟩 Possible |
| MALW_DiamondFox | 🟩 Possible |
| MALW_DirtJumper |  🟨 Still possible but requires a lot of effort  |
| MALW_Eicar | 🟩 Possible |
| MALW_Elex | 🟥 Impossible |
| MALW_Elknot | 🟥 Impossible |
| MALW_Emotet | 🟥 Impossible |
| MALW_Empire | 🟥 Impossible |
| MALW_Enfal | 🟥 Impossible |
| MALW_Exploit_UAC_Elevators | 🟥 Impossible |
| MALW_Ezcob | 🟩 Possible |
| MALW_F0xy | 🟥 Impossible |
| MALW_FALLCHILL | 🟥 Impossible |
| MALW_FUDCrypt | 🟩 Possible |
| MALW_FakeM | 🟥 Impossible |
| MALW_Fareit | 🟥 Impossible |
| MALW_Favorite | 🟥 Impossible |
| MALW_Furtim | 🟥 Impossible |
| MALW_Gafgyt | 🟩 Possible |
| MALW_Genome | 🟩 Possible |
| MALW_Glasses | 🟩 Possible |
| MALW_Gozi | 🟩 Possible |
| MALW_Grozlex | 🟩 Possible |
| MALW_Hajime | 🟥 Impossible |
| MALW_Hsdfihdf_banking |  🟨 Still possible but requires a lot of effort  |
| MALW_Httpsd_ELF | 🟥 Impossible |
| MALW_IMuler | 🟥 Impossible |
| MALW_IcedID | 🟥 Impossible |
| MALW_Iexpl0ree | 🟥 Impossible |
| MALW_Install11 | 🟩 Possible |
| MALW_Intel_Virtualization | 🟩 Possible |
| MALW_IotReaper | 🟩 Possible |
| MALW_Jolob_Backdoor | 🟩 Possible |
| MALW_KINS |  🟨 Still possible but requires a lot of effort  |
| MALW_Kelihos | 🟩 Possible |
| MALW_KeyBase | 🟥 Impossible |
| MALW_Korlia | 🟥 Impossible |
| MALW_Korplug | 🟥 Impossible |
| MALW_Kovter | 🟩 Possible |
| MALW_Kraken | 🟥 Impossible |
| MALW_Kwampirs | 🟩 Possible |
| MALW_LURK0 | 🟥 Impossible |
| MALW_Lateral_Movement | 🟩 Possible |
| MALW_Lenovo_Superfish | 🟥 Impossible |
| MALW_LinuxBew | 🟩 Possible |
| MALW_LinuxHelios | 🟩 Possible |
| MALW_LinuxMoose | 🟥 Impossible |
| MALW_LostDoor | 🟩 Possible |
| MALW_LuaBot | 🟩 Possible |
| MALW_LuckyCat | 🟥 Impossible |
| MALW_MSILStealer | 🟩 Possible |
| MALW_MacControl | 🟥 Impossible |
| MALW_MacGyver | 🟩 Possible |
| MALW_Madness | 🟩 Possible |
| MALW_Magento_backend |  🟨 Still possible but requires a lot of effort  |
| MALW_Magento_frontend |  🟨 Still possible but requires a lot of effort  |
| MALW_Magento_suspicious | 🟥 Impossible |
| MALW_Mailers | 🟥 Impossible |
| MALW_MedusaHTTP_2019 |  🟨 Still possible but requires a lot of effort  |
| MALW_Miancha | 🟥 Impossible |
| MALW_MiniAsp3_mem |  🟨 Still possible but requires a lot of effort  |
| MALW_Mirai | 🟥 Impossible |
| MALW_Mirai_Okiru_ELF | 🟥 Impossible |
| MALW_Mirai_Satori_ELF | 🟥 Impossible |
| MALW_Miscelanea | 🟥 Impossible |
| MALW_Miscelanea_Linux |  🟨 Still possible but requires a lot of effort  |
| MALW_Monero_Miner_installer | 🟩 Possible |
| MALW_NSFree | 🟩 Possible |
| MALW_Naikon |  🟨 Still possible but requires a lot of effort  |
| MALW_Naspyupdate |  🟨 Still possible but requires a lot of effort  |
| MALW_NetTraveler |  🟨 Still possible but requires a lot of effort  |
| MALW_NionSpy | 🟥 Impossible |
| MALW_Notepad | 🟩 Possible |
| MALW_OSX_Leverage | 🟩 Possible |
| MALW_Odinaff | 🟥 Impossible |
| MALW_Olyx | 🟩 Possible |
| MALW_PE_sections | 🟥 Impossible |
| MALW_PittyTiger |  🟨 Still possible but requires a lot of effort  |
| MALW_PolishBankRat | 🟥 Impossible |
| MALW_Ponmocup | 🟥 Impossible |
| MALW_Pony | 🟩 Possible |
| MALW_Predator | 🟥 Impossible |
| MALW_PubSab | 🟩 Possible |
| MALW_PurpleWave | 🟥 Impossible |
| MALW_PyPI | 🟩 Possible |
| MALW_Pyinstaller | 🟥 Impossible |
| MALW_Pyinstaller_OSX | 🟩 Possible |
| MALW_Quarian | 🟥 Impossible |
| MALW_Rebirth_Vulcan_ELF | 🟥 Impossible |
| MALW_Regsubdat | 🟥 Impossible |
| MALW_Rockloader | 🟥 Impossible |
| MALW_Rooter | 🟥 Impossible |
| MALW_Rovnix | 🟥 Impossible |
| MALW_Safenet | 🟩 Possible |
| MALW_Sakurel | 🟩 Possible |
| MALW_Sayad | 🟩 Possible |
| MALW_Scarhikn | 🟥 Impossible |
| MALW_Sendsafe |  🟨 Still possible but requires a lot of effort  |
| MALW_Shamoon | 🟥 Impossible |
| MALW_Shifu | 🟥 Impossible |
| MALW_Skeleton | 🟥 Impossible |
| MALW_Spora | 🟩 Possible |
| MALW_Sqlite | 🟩 Possible |
| MALW_Stealer | 🟩 Possible |
| MALW_Surtr | 🟥 Impossible |
| MALW_T5000 | 🟩 Possible |
| MALW_TRITON_HATMAN | 🟥 Impossible |
| MALW_TRITON_ICS_FRAMEWORK | 🟥 Impossible |
| MALW_Tedroo | 🟩 Possible |
| MALW_Tinba | 🟥 Impossible |
| MALW_TinyShell_Backdoor_gen | 🟥 Impossible |
| MALW_Torte_ELF | 🟥 Impossible |
| MALW_TreasureHunt | 🟩 Possible |
| MALW_TrickBot | 🟩 Possible |
| MALW_Trumpbot | 🟩 Possible |
| MALW_Upatre | 🟥 Impossible |
| MALW_Urausy | 🟩 Possible |
| MALW_Vidgrab | 🟥 Impossible |
| MALW_Virut_FileInfector_UNK_VERSION | 🟥 Impossible |
| MALW_Volgmer | 🟥 Impossible |
| MALW_Wabot | 🟩 Possible |
| MALW_Warp | 🟩 Possible |
| MALW_Wimmie | 🟥 Impossible |
| MALW_XHide | 🟩 Possible |
| MALW_XMRIG_Miner | 🟩 Possible |
| MALW_XOR_DDos | 🟩 Possible |
| MALW_Yayih | 🟩 Possible |
| MALW_Yordanyan_ActiveAgent |  🟨 Still possible but requires a lot of effort  |
| MALW_Zegost | 🟩 Possible |
| MALW_Zeus | 🟥 Impossible |
| MALW_adwind_RAT | 🟥 Impossible |
| MALW_hancitor |  🟨 Still possible but requires a lot of effort  |
| MALW_kirbi_mimikatz | 🟥 Impossible |
| MALW_kpot |  🟨 Still possible but requires a lot of effort  |
| MALW_marap |  🟨 Still possible but requires a lot of effort  |
| MALW_shifu_shiz |  🟨 Still possible but requires a lot of effort  |
| MALW_sitrof_fortis_scar |  🟨 Still possible but requires a lot of effort  |
| MALW_viotto_keylogger | 🟥 Impossible |
| MALW_xDedic_marketplace | 🟥 Impossible |
| RANSOM_.CRYPTXXX.yar | 🟩 Possible |
| RANSOM_777.yar | 🟩 Possible |
| RANSOM_Alpha.yar | 🟩 Possible |
| RANSOM_BadRabbit.yar | 🟥 Impossible |
| RANSOM_Cerber.yar | 🟥 Impossible |
| RANSOM_Comodosec.yar | 🟨 Still possible but requires a lot of effort |
| RANSOM_Crypren.yar | 🟥 Impossible |
| RANSOM_CryptoNar.yar | 🟥 Impossible |
| RANSOM_Cryptolocker.yar | 🟨 Still possible but requires a lot of effort |
| RANSOM_DMALocker.yar | 🟩 Possible |
| RANSOM_DoublePulsar_Petya.yar | 🟩 Possible |
| RANSOM_Erebus.yar | 🟩 Possible |
| RANSOM_GPGQwerty.yar | 🟩 Possible |
| RANSOM_GoldenEye.yar | 🟥 Impossible |
| RANSOM_Locky.yar | 🟩 Possible |
| RANSOM_MS17-010_Wannacrypt.yar | 🟥 Impossible |
| RANSOM_Maze.yar | 🟥 Impossible |
| RANSOM_PetrWrap.yar | 🟥 Impossible |
| RANSOM_Petya.yar | 🟥 Impossible |
| RANSOM_Petya_MS17_010.yar | 🟥 Impossible |
| RANSOM_Pico.yar | 🟥 Impossible |
| RANSOM_Revix.yar | 🟥 Impossible |
| RANSOM_SamSam.yar | 🟥 Impossible |
| RANSOM_Satana.yar | 🟩 Possible |
| RANSOM_Shiva.yar | 🟥 Impossible |
| RANSOM_Sigma.yar | 🟩 Possible |
| RANSOM_Snake.yar | 🟩 Possible |
| RANSOM_Stampado.yar | 🟥 Impossible |
| RANSOM_TeslaCrypt.yar | 🟩 Possible |
| RANSOM_Tox.yar | 🟩 Possible |
| RANSOM_acroware.yar | 🟥 Impossible |
| RANSOM_jeff_dev.yar | 🟥 Impossible |
| RANSOM_locdoor.yar | 🟥 Impossible |
| RANSOM_screenlocker_5h311_1nj3c706.yar | 🟥 Impossible |
| RANSOM_shrug2.yar | 🟥 Impossible |
| RANSOM_termite.yar | 🟥 Impossible |
| RAT_Adwind.yar | 🟥 Impossible |
| RAT_Adzok.yar | 🟩 Possible |
| RAT_Asyncrat.yar | 🟥 Impossible |
| RAT_BlackShades.yar | 🟥 Impossible |
| RAT_Bolonyokte.yar | 🟥 Impossible |
| RAT_Bozok.yar | 🟩 Possible |
| RAT_Cerberus.yar | 🟩 Possible |
| RAT_Crimson.yar | 🟩 Possible |
| RAT_CrossRAT.yar | 🟥 Impossible |
| RAT_CyberGate.yar | 🟩 Possible |
| RAT_DarkComet.yar | 🟥 Impossible |
| RAT_FlyingKitten.yar | 🟥 Impossible |
| RAT_Gh0st.yar | 🟥 Impossible |
| RAT_Gholee.yar | 🟩 Possible |
| RAT_Glass.yar | 🟩 Possible |
| RAT_Havex.yar | 🟥 Impossible |
| RAT_Hizor.yar | 🟥 Impossible |
| RAT_Indetectables.yar | 🟥 Impossible |
| RAT_Inocnation.yar | 🟥 Impossible |
| RAT_Meterpreter_Reverse_Tcp.yar | 🟥 Impossible |
| RAT_Nanocore.yar | 🟥 Impossible |
| RAT_NetwiredRC.yar | 🟥 Impossible |
| RAT_Njrat.yar | 🟥 Impossible |
| RAT_Orcus.yar | 🟥 Impossible |
| RAT_PlugX.yar | 🟥 Impossible |
| RAT_PoetRATDoc.yar | 🟩 Possible |
| RAT_PoetRATPython.yar | 🟥 Impossible |
| RAT_PoisonIvy.yar | 🟥 Impossible |
| RAT_Ratdecoders.yar | 🟩 Possible |
| RAT_Sakula.yar | 🟥 Impossible |
| RAT_ShadowTech.yar | 🟩 Possible |
| RAT_Shim.yar | 🟩 Possible |
| RAT_Terminator.yar | 🟩 Possible |
| RAT_Xtreme.yar | 🟥 Impossible |
| RAT_ZoxPNG.yar | 🟩 Possible |
| RAT_jRAT.yar | 🟩 Possible |
| RAT_xRAT.yar | 🟩 Possible |
| RAT_xRAT20.yar | 🟥 Impossible |

* [https://github.com/airbnb/binaryalert/tree/master/rules/public](https://github.com/daffainfo/nuclei-malware/tree/master/BinaryAlert)

| Yara Rules | Status |
| --- | --- |
| malware_macos_apt_sofacy_xagent.yara | 🟥 Impossible |
| malware_macos_bella.yara | 🟩 Possible |
| malware_macos_macspy.yara | 🟥 Impossible |
| malware_macos_marten4n6_evilosx.yara | 🟨 Still possible but requires a lot of effort |
| malware_macos_neoneggplant_eggshell.yara | 🟨 Still possible but requires a lot of effort |
| malware_macos_proton_rat_generic.yara | 🟥 Impossible |
| malware_multi_pupy_rat.yara | 🟨 Still possible but requires a lot of effort |
| malware_multi_vesche_basicrat.yara | 🟩 Possible |
| malware_windows_apt_red_leaves_generic.yara | 🟨 Still possible but requires a lot of effort |
| malware_windows_pony_stealer.yara | 🟩 Possible |
| malware_windows_remcos_rat.yara | 🟨 Still possible but requires a lot of effort |
| malware_windows_t3ntman_crunchrat.yara | 🟩 Possible |
| malware_windows_xrat_quasarrat.yara | 🟨 Still possible but requires a lot of effort |
| ransomware_windows_HDDCryptorA.yara | 🟨 Still possible but requires a lot of effort |
| ransomware_windows_cerber_evasion.yara | 🟩 Possible |
| ransomware_windows_cryptolocker.yara | 🟨 Still possible but requires a lot of effort |
| ransomware_windows_hydracrypt.yara | 🟩 Possible |
| ransomware_windows_lazarus_wannacry.yara | 🟥 Impossible |
| ransomware_windows_petya_variant_1.yara | 🟩 Possible |
| ransomware_windows_petya_variant_2.yara | 🟨 Still possible but requires a lot of effort |
| ransomware_windows_petya_variant_3.yara | 🟩 Possible |
| ransomware_windows_petya_variant_bitcoin.yara | 🟩 Possible |
| ransomware_windows_powerware_locky.yara | 🟩 Possible |
| ransomware_windows_wannacry.yara | 🟩 Possible |
| ransomware_windows_zcrypt.yara | 🟩 Possible |
feat: added BinaryAlert and restructure the repo 2023-08-07 17:32:42 +00:00			`# List`

			`* [https://github.com/Yara-Rules/rules](https://github.com/daffainfo/nuclei-malware/tree/master/Yara-Rules)`

			`\| Yara Rules \| Status \|`
			`\| --- \| --- \|`
			`\| MALW_ATMPot \| 🟥 Impossible \|`
			`\| MALW_ATM_HelloWorld \| 🟥 Impossible \|`
			`\| MALW_AZORULT \| 🟥 Impossible \|`
			`\| MALW_AgentTesla \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_AgentTesla_SMTP \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_AlMashreq \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Alina \| 🟩 Possible \|`
			`\| MALW_Andromeda \| 🟩 Possible \|`
			`\| MALW_Arkei \| 🟩 Possible \|`
			`\| MALW_Athena \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Atmos \| 🟥 Impossible \|`
			`\| MALW_BackdoorSSH \| 🟥 Impossible \|`
			`\| MALW_Backoff \| 🟩 Possible \|`
			`\| MALW_Bangat \| 🟥 Impossible \|`
			`\| MALW_Batel \| 🟥 Impossible \|`
			`\| MALW_BlackRev \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_BlackWorm \| 🟩 Possible \|`
			`\| MALW_Boouset \| 🟥 Impossible \|`
			`\| MALW_Bublik \| 🟩 Possible \|`
			`\| MALW_Buzus_Softpulse \| 🟥 Impossible \|`
			`\| MALW_CAP_HookExKeylogger \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Chicken \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Citadel \| 🟥 Impossible \|`
			`\| MALW_Cloaking \| 🟥 Impossible \|`
			`\| MALW_Cookies \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Corkow \| 🟥 Impossible \|`
			`\| MALW_Cxpid \| 🟩 Possible \|`
			`\| MALW_Cythosia \| 🟩 Possible \|`
			`\| MALW_DDoSTf \| 🟩 Possible \|`
			`\| MALW_Derkziel \| 🟩 Possible \|`
			`\| MALW_Dexter \| 🟩 Possible \|`
			`\| MALW_DiamondFox \| 🟩 Possible \|`
			`\| MALW_DirtJumper \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Eicar \| 🟩 Possible \|`
			`\| MALW_Elex \| 🟥 Impossible \|`
			`\| MALW_Elknot \| 🟥 Impossible \|`
			`\| MALW_Emotet \| 🟥 Impossible \|`
			`\| MALW_Empire \| 🟥 Impossible \|`
			`\| MALW_Enfal \| 🟥 Impossible \|`
			`\| MALW_Exploit_UAC_Elevators \| 🟥 Impossible \|`
			`\| MALW_Ezcob \| 🟩 Possible \|`
			`\| MALW_F0xy \| 🟥 Impossible \|`
			`\| MALW_FALLCHILL \| 🟥 Impossible \|`
			`\| MALW_FUDCrypt \| 🟩 Possible \|`
			`\| MALW_FakeM \| 🟥 Impossible \|`
			`\| MALW_Fareit \| 🟥 Impossible \|`
			`\| MALW_Favorite \| 🟥 Impossible \|`
			`\| MALW_Furtim \| 🟥 Impossible \|`
			`\| MALW_Gafgyt \| 🟩 Possible \|`
			`\| MALW_Genome \| 🟩 Possible \|`
			`\| MALW_Glasses \| 🟩 Possible \|`
			`\| MALW_Gozi \| 🟩 Possible \|`
			`\| MALW_Grozlex \| 🟩 Possible \|`
			`\| MALW_Hajime \| 🟥 Impossible \|`
			`\| MALW_Hsdfihdf_banking \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Httpsd_ELF \| 🟥 Impossible \|`
			`\| MALW_IMuler \| 🟥 Impossible \|`
			`\| MALW_IcedID \| 🟥 Impossible \|`
			`\| MALW_Iexpl0ree \| 🟥 Impossible \|`
			`\| MALW_Install11 \| 🟩 Possible \|`
			`\| MALW_Intel_Virtualization \| 🟩 Possible \|`
			`\| MALW_IotReaper \| 🟩 Possible \|`
			`\| MALW_Jolob_Backdoor \| 🟩 Possible \|`
			`\| MALW_KINS \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Kelihos \| 🟩 Possible \|`
			`\| MALW_KeyBase \| 🟥 Impossible \|`
			`\| MALW_Korlia \| 🟥 Impossible \|`
			`\| MALW_Korplug \| 🟥 Impossible \|`
			`\| MALW_Kovter \| 🟩 Possible \|`
			`\| MALW_Kraken \| 🟥 Impossible \|`
			`\| MALW_Kwampirs \| 🟩 Possible \|`
			`\| MALW_LURK0 \| 🟥 Impossible \|`
			`\| MALW_Lateral_Movement \| 🟩 Possible \|`
			`\| MALW_Lenovo_Superfish \| 🟥 Impossible \|`
			`\| MALW_LinuxBew \| 🟩 Possible \|`
			`\| MALW_LinuxHelios \| 🟩 Possible \|`
			`\| MALW_LinuxMoose \| 🟥 Impossible \|`
			`\| MALW_LostDoor \| 🟩 Possible \|`
			`\| MALW_LuaBot \| 🟩 Possible \|`
			`\| MALW_LuckyCat \| 🟥 Impossible \|`
			`\| MALW_MSILStealer \| 🟩 Possible \|`
			`\| MALW_MacControl \| 🟥 Impossible \|`
			`\| MALW_MacGyver \| 🟩 Possible \|`
			`\| MALW_Madness \| 🟩 Possible \|`
			`\| MALW_Magento_backend \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Magento_frontend \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Magento_suspicious \| 🟥 Impossible \|`
			`\| MALW_Mailers \| 🟥 Impossible \|`
			`\| MALW_MedusaHTTP_2019 \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Miancha \| 🟥 Impossible \|`
			`\| MALW_MiniAsp3_mem \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Mirai \| 🟥 Impossible \|`
			`\| MALW_Mirai_Okiru_ELF \| 🟥 Impossible \|`
			`\| MALW_Mirai_Satori_ELF \| 🟥 Impossible \|`
			`\| MALW_Miscelanea \| 🟥 Impossible \|`
			`\| MALW_Miscelanea_Linux \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Monero_Miner_installer \| 🟩 Possible \|`
			`\| MALW_NSFree \| 🟩 Possible \|`
			`\| MALW_Naikon \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Naspyupdate \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_NetTraveler \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_NionSpy \| 🟥 Impossible \|`
			`\| MALW_Notepad \| 🟩 Possible \|`
			`\| MALW_OSX_Leverage \| 🟩 Possible \|`
			`\| MALW_Odinaff \| 🟥 Impossible \|`
			`\| MALW_Olyx \| 🟩 Possible \|`
			`\| MALW_PE_sections \| 🟥 Impossible \|`
			`\| MALW_PittyTiger \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_PolishBankRat \| 🟥 Impossible \|`
			`\| MALW_Ponmocup \| 🟥 Impossible \|`
			`\| MALW_Pony \| 🟩 Possible \|`
			`\| MALW_Predator \| 🟥 Impossible \|`
			`\| MALW_PubSab \| 🟩 Possible \|`
			`\| MALW_PurpleWave \| 🟥 Impossible \|`
			`\| MALW_PyPI \| 🟩 Possible \|`
			`\| MALW_Pyinstaller \| 🟥 Impossible \|`
			`\| MALW_Pyinstaller_OSX \| 🟩 Possible \|`
			`\| MALW_Quarian \| 🟥 Impossible \|`
			`\| MALW_Rebirth_Vulcan_ELF \| 🟥 Impossible \|`
			`\| MALW_Regsubdat \| 🟥 Impossible \|`
			`\| MALW_Rockloader \| 🟥 Impossible \|`
			`\| MALW_Rooter \| 🟥 Impossible \|`
			`\| MALW_Rovnix \| 🟥 Impossible \|`
			`\| MALW_Safenet \| 🟩 Possible \|`
			`\| MALW_Sakurel \| 🟩 Possible \|`
			`\| MALW_Sayad \| 🟩 Possible \|`
			`\| MALW_Scarhikn \| 🟥 Impossible \|`
			`\| MALW_Sendsafe \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Shamoon \| 🟥 Impossible \|`
			`\| MALW_Shifu \| 🟥 Impossible \|`
			`\| MALW_Skeleton \| 🟥 Impossible \|`
			`\| MALW_Spora \| 🟩 Possible \|`
			`\| MALW_Sqlite \| 🟩 Possible \|`
			`\| MALW_Stealer \| 🟩 Possible \|`
			`\| MALW_Surtr \| 🟥 Impossible \|`
			`\| MALW_T5000 \| 🟩 Possible \|`
			`\| MALW_TRITON_HATMAN \| 🟥 Impossible \|`
			`\| MALW_TRITON_ICS_FRAMEWORK \| 🟥 Impossible \|`
			`\| MALW_Tedroo \| 🟩 Possible \|`
			`\| MALW_Tinba \| 🟥 Impossible \|`
			`\| MALW_TinyShell_Backdoor_gen \| 🟥 Impossible \|`
			`\| MALW_Torte_ELF \| 🟥 Impossible \|`
			`\| MALW_TreasureHunt \| 🟩 Possible \|`
			`\| MALW_TrickBot \| 🟩 Possible \|`
			`\| MALW_Trumpbot \| 🟩 Possible \|`
			`\| MALW_Upatre \| 🟥 Impossible \|`
			`\| MALW_Urausy \| 🟩 Possible \|`
			`\| MALW_Vidgrab \| 🟥 Impossible \|`
			`\| MALW_Virut_FileInfector_UNK_VERSION \| 🟥 Impossible \|`
			`\| MALW_Volgmer \| 🟥 Impossible \|`
			`\| MALW_Wabot \| 🟩 Possible \|`
			`\| MALW_Warp \| 🟩 Possible \|`
			`\| MALW_Wimmie \| 🟥 Impossible \|`
			`\| MALW_XHide \| 🟩 Possible \|`
			`\| MALW_XMRIG_Miner \| 🟩 Possible \|`
			`\| MALW_XOR_DDos \| 🟩 Possible \|`
			`\| MALW_Yayih \| 🟩 Possible \|`
			`\| MALW_Yordanyan_ActiveAgent \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_Zegost \| 🟩 Possible \|`
			`\| MALW_Zeus \| 🟥 Impossible \|`
			`\| MALW_adwind_RAT \| 🟥 Impossible \|`
			`\| MALW_hancitor \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_kirbi_mimikatz \| 🟥 Impossible \|`
			`\| MALW_kpot \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_marap \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_shifu_shiz \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_sitrof_fortis_scar \| 🟨 Still possible but requires a lot of effort \|`
			`\| MALW_viotto_keylogger \| 🟥 Impossible \|`
			`\| MALW_xDedic_marketplace \| 🟥 Impossible \|`
			`\| RANSOM_.CRYPTXXX.yar \| 🟩 Possible \|`
			`\| RANSOM_777.yar \| 🟩 Possible \|`
			`\| RANSOM_Alpha.yar \| 🟩 Possible \|`
			`\| RANSOM_BadRabbit.yar \| 🟥 Impossible \|`
			`\| RANSOM_Cerber.yar \| 🟥 Impossible \|`
			`\| RANSOM_Comodosec.yar \| 🟨 Still possible but requires a lot of effort \|`
			`\| RANSOM_Crypren.yar \| 🟥 Impossible \|`
			`\| RANSOM_CryptoNar.yar \| 🟥 Impossible \|`
			`\| RANSOM_Cryptolocker.yar \| 🟨 Still possible but requires a lot of effort \|`
			`\| RANSOM_DMALocker.yar \| 🟩 Possible \|`
			`\| RANSOM_DoublePulsar_Petya.yar \| 🟩 Possible \|`
			`\| RANSOM_Erebus.yar \| 🟩 Possible \|`
			`\| RANSOM_GPGQwerty.yar \| 🟩 Possible \|`
			`\| RANSOM_GoldenEye.yar \| 🟥 Impossible \|`
			`\| RANSOM_Locky.yar \| 🟩 Possible \|`
			`\| RANSOM_MS17-010_Wannacrypt.yar \| 🟥 Impossible \|`
			`\| RANSOM_Maze.yar \| 🟥 Impossible \|`
			`\| RANSOM_PetrWrap.yar \| 🟥 Impossible \|`
			`\| RANSOM_Petya.yar \| 🟥 Impossible \|`
			`\| RANSOM_Petya_MS17_010.yar \| 🟥 Impossible \|`
			`\| RANSOM_Pico.yar \| 🟥 Impossible \|`
			`\| RANSOM_Revix.yar \| 🟥 Impossible \|`
			`\| RANSOM_SamSam.yar \| 🟥 Impossible \|`
			`\| RANSOM_Satana.yar \| 🟩 Possible \|`
			`\| RANSOM_Shiva.yar \| 🟥 Impossible \|`
			`\| RANSOM_Sigma.yar \| 🟩 Possible \|`
			`\| RANSOM_Snake.yar \| 🟩 Possible \|`
			`\| RANSOM_Stampado.yar \| 🟥 Impossible \|`
			`\| RANSOM_TeslaCrypt.yar \| 🟩 Possible \|`
			`\| RANSOM_Tox.yar \| 🟩 Possible \|`
			`\| RANSOM_acroware.yar \| 🟥 Impossible \|`
			`\| RANSOM_jeff_dev.yar \| 🟥 Impossible \|`
			`\| RANSOM_locdoor.yar \| 🟥 Impossible \|`
			`\| RANSOM_screenlocker_5h311_1nj3c706.yar \| 🟥 Impossible \|`
			`\| RANSOM_shrug2.yar \| 🟥 Impossible \|`
			`\| RANSOM_termite.yar \| 🟥 Impossible \|`
			`\| RAT_Adwind.yar \| 🟥 Impossible \|`
			`\| RAT_Adzok.yar \| 🟩 Possible \|`
			`\| RAT_Asyncrat.yar \| 🟥 Impossible \|`
			`\| RAT_BlackShades.yar \| 🟥 Impossible \|`
			`\| RAT_Bolonyokte.yar \| 🟥 Impossible \|`
			`\| RAT_Bozok.yar \| 🟩 Possible \|`
			`\| RAT_Cerberus.yar \| 🟩 Possible \|`
			`\| RAT_Crimson.yar \| 🟩 Possible \|`
			`\| RAT_CrossRAT.yar \| 🟥 Impossible \|`
			`\| RAT_CyberGate.yar \| 🟩 Possible \|`
			`\| RAT_DarkComet.yar \| 🟥 Impossible \|`
			`\| RAT_FlyingKitten.yar \| 🟥 Impossible \|`
			`\| RAT_Gh0st.yar \| 🟥 Impossible \|`
			`\| RAT_Gholee.yar \| 🟩 Possible \|`
			`\| RAT_Glass.yar \| 🟩 Possible \|`
			`\| RAT_Havex.yar \| 🟥 Impossible \|`
			`\| RAT_Hizor.yar \| 🟥 Impossible \|`
			`\| RAT_Indetectables.yar \| 🟥 Impossible \|`
			`\| RAT_Inocnation.yar \| 🟥 Impossible \|`
			`\| RAT_Meterpreter_Reverse_Tcp.yar \| 🟥 Impossible \|`
			`\| RAT_Nanocore.yar \| 🟥 Impossible \|`
			`\| RAT_NetwiredRC.yar \| 🟥 Impossible \|`
			`\| RAT_Njrat.yar \| 🟥 Impossible \|`
			`\| RAT_Orcus.yar \| 🟥 Impossible \|`
			`\| RAT_PlugX.yar \| 🟥 Impossible \|`
			`\| RAT_PoetRATDoc.yar \| 🟩 Possible \|`
			`\| RAT_PoetRATPython.yar \| 🟥 Impossible \|`
			`\| RAT_PoisonIvy.yar \| 🟥 Impossible \|`
			`\| RAT_Ratdecoders.yar \| 🟩 Possible \|`
			`\| RAT_Sakula.yar \| 🟥 Impossible \|`
			`\| RAT_ShadowTech.yar \| 🟩 Possible \|`
			`\| RAT_Shim.yar \| 🟩 Possible \|`
			`\| RAT_Terminator.yar \| 🟩 Possible \|`
			`\| RAT_Xtreme.yar \| 🟥 Impossible \|`
			`\| RAT_ZoxPNG.yar \| 🟩 Possible \|`
			`\| RAT_jRAT.yar \| 🟩 Possible \|`
			`\| RAT_xRAT.yar \| 🟩 Possible \|`
			`\| RAT_xRAT20.yar \| 🟥 Impossible \|`

			`* [https://github.com/airbnb/binaryalert/tree/master/rules/public](https://github.com/daffainfo/nuclei-malware/tree/master/BinaryAlert)`

			`\| Yara Rules \| Status \|`
			`\| --- \| --- \|`
			`\| malware_macos_apt_sofacy_xagent.yara \| 🟥 Impossible \|`
			`\| malware_macos_bella.yara \| 🟩 Possible \|`
			`\| malware_macos_macspy.yara \| 🟥 Impossible \|`
			`\| malware_macos_marten4n6_evilosx.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| malware_macos_neoneggplant_eggshell.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| malware_macos_proton_rat_generic.yara \| 🟥 Impossible \|`
			`\| malware_multi_pupy_rat.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| malware_multi_vesche_basicrat.yara \| 🟩 Possible \|`
			`\| malware_windows_apt_red_leaves_generic.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| malware_windows_pony_stealer.yara \| 🟩 Possible \|`
			`\| malware_windows_remcos_rat.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| malware_windows_t3ntman_crunchrat.yara \| 🟩 Possible \|`
			`\| malware_windows_xrat_quasarrat.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| ransomware_windows_HDDCryptorA.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| ransomware_windows_cerber_evasion.yara \| 🟩 Possible \|`
			`\| ransomware_windows_cryptolocker.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| ransomware_windows_hydracrypt.yara \| 🟩 Possible \|`
			`\| ransomware_windows_lazarus_wannacry.yara \| 🟥 Impossible \|`
			`\| ransomware_windows_petya_variant_1.yara \| 🟩 Possible \|`
			`\| ransomware_windows_petya_variant_2.yara \| 🟨 Still possible but requires a lot of effort \|`
			`\| ransomware_windows_petya_variant_3.yara \| 🟩 Possible \|`
			`\| ransomware_windows_petya_variant_bitcoin.yara \| 🟩 Possible \|`
			`\| ransomware_windows_powerware_locky.yara \| 🟩 Possible \|`
			`\| ransomware_windows_wannacry.yara \| 🟩 Possible \|`
			`\| ransomware_windows_zcrypt.yara \| 🟩 Possible \|`