-
-
Notifications
You must be signed in to change notification settings - Fork 56
/
Copy pathgreyware_tool_keyword_network_detection.csv
We can't make this file beautiful and searchable because it's too large.
1924 lines (1924 loc) · 780 KB
/
greyware_tool_keyword_network_detection.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
"keyword","metadata_keyword_regex","metadata_keyword_type","metadata_tool","metadata_description","metadata_tool_techniques","metadata_tool_tactics","metadata_malwares_name","metadata_groups_name","metadata_category","metadata_link","metadata_enable_endpoint_detection","metadata_enable_proxy_detection","metadata_tags","metadata_comment","metadata_severity_score","metadata_popularity_score","metadata_github_stars","metadata_github_forks","metadata_github_updated_at","metadata_github_created_at"
"*0bin - encrypted pastebin*",".{0,1000}0bin\s\-\sencrypted\spastebin.{0,1000}","greyware_tool_keyword","0bin.net","Accessing a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Collection","https://0bin.net","1","1","#PastebinLike","N/A","5","10","N/A","N/A","N/A","N/A"
"*A client side encrypted PasteBin*",".{0,1000}A\sclient\sside\sencrypted\sPasteBin.{0,1000}","greyware_tool_keyword","0bin.net","Accessing a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Collection","https://0bin.net","1","1","#content #PastebinLike","N/A","5","10","N/A","N/A","N/A","N/A"
"* gost/cmd/gost*",".{0,1000}\sgost\/cmd\/gost.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","Dispossessor - EMBER BEAR","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","4400","530","2024-12-02T17:52:44Z","2020-02-12T14:58:08Z"
"*https://0bin.net/paste/*+*",".{0,1000}https\:\/\/0bin\.net\/paste\/.{0,1000}\+.{0,1000}","greyware_tool_keyword","0bin.net","Accessing a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Collection","https://0bin.net","1","1","#PastebinLike","N/A","5","10","N/A","N/A","N/A","N/A"
"* rtun-server-windows-amd64.exe*",".{0,1000}\srtun\-server\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"* rtun-windows-amd64.exe*",".{0,1000}\srtun\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"* upload*.systemmonitor.eu.com*/command/agentprocessor*",".{0,1000}\supload.{0,1000}\.systemmonitor\.eu\.com.{0,1000}\/command\/agentprocessor.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*&browser=tor&api=false*",".{0,1000}\&browser\=tor\&api\=false.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*./nmap*",".{0,1000}\.\/nmap.{0,1000}","greyware_tool_keyword","nmap","A very common tool. Network host vuln and port detector.","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap","1","1","#linux","greyware tool - risks of False positive !","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*._tcp.argotunnel.com*",".{0,1000}\._tcp\.argotunnel\.com.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*.a.pinggy.online*",".{0,1000}\.a\.pinggy\.online.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://0bin.net/paste/create*",".{0,1000}https\:\/\/0bin\.net\/paste\/create.{0,1000}","greyware_tool_keyword","0bin.net","Creating a paste on 0bin.net","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://0bin.net","1","1","#PastebinLike","N/A","9","10","N/A","N/A","N/A","N/A"
"*.api.splashtop.com*",".{0,1000}\.api\.splashtop\.com.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.apitest.barracudamsp.com*",".{0,1000}\.apitest\.barracudamsp\.com.{0,1000}","greyware_tool_keyword","BarracudaRMM","Deliver remote support services - formely AVG","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.barracudamsp.com/products/rmm/barracuda-rmm","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.asse.devtunnels.ms*",".{0,1000}\.asse\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*.aweray.net*",".{0,1000}\.aweray\.net.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.beyondtrustcloud.com/session_complete*",".{0,1000}\.beyondtrustcloud\.com\/session_complete.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.comodo.com/static/frontend/static-pages/enroll-wizard/token*",".{0,1000}\.comodo\.com\/static\/frontend\/static\-pages\/enroll\-wizard\/token.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.console.gotoassist.com*",".{0,1000}\.console\.gotoassist\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.d.requestbin.net*",".{0,1000}\.d\.requestbin\.net.{0,1000}","greyware_tool_keyword","requestbin.net","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://requestbin.net","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*.dev1.fleetdeck.io*",".{0,1000}\.dev1\.fleetdeck\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*.dnslog.cn:*",".{0,1000}\.dnslog\.cn\:.{0,1000}","greyware_tool_keyword","dnslog.cn","allows users to create a unique URL to collect and inspect HTTP requests. It is commonly used for debugging webhooks - it can also be abused by attackers for verifying the reachability and effectiveness of their payloads","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","http://dnslog.cn","1","1","N/A","Out of band interaction domains","10","10","N/A","N/A","N/A","N/A"
"*.exe --IPCport 5939 --Module 1*",".{0,1000}\.exe\s\-\-IPCport\s5939\s\-\-Module\s1.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit - BERSERK BEAR - MUSTANG PANDA - TeamSpy Crew - BianLian - Scattered Spider* - Trigona - Yanluowang - FIN7 - LOTUS PANDA","RMM","https://www.teamviewer.com/","1","1","N/A","https://github.com/SigmaHQ/sigma/pull/4759","10","10","N/A","N/A","N/A","N/A"
"*.exec*.interact.sh*",".{0,1000}\.exec.{0,1000}\.interact\.sh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C4","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3478","370","2024-12-02T01:45:18Z","2021-01-29T14:31:51Z"
"*.free.pinggy.online*",".{0,1000}\.free\.pinggy\.online.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://1ty.me/*",".{0,1000}https\:\/\/1ty\.me\/.{0,1000}","greyware_tool_keyword","1ty.me","temporary notes service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","N/A","Collection","https://1ty.me","1","1","#PastebinLike","downloading or uploading data","10","10","N/A","N/A","N/A","N/A"
"*.in.zrok.io*",".{0,1000}\.in\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*.l.tunwg.com*",".{0,1000}\.l\.tunwg\.com.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*.localltunnel.me*",".{0,1000}\.localltunnel\.me.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","19267","1344","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*https://1ty.me/?mode=ajax&cmd=create_note*",".{0,1000}https\:\/\/1ty\.me\/\?mode\=ajax\&cmd\=create_note.{0,1000}","greyware_tool_keyword","1ty.me","temporary notes service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://1ty.me","1","1","#PastebinLike","creating note","10","10","N/A","N/A","N/A","N/A"
"*.mspa.n-able.com*",".{0,1000}\.mspa\.n\-able\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*4shared.com/*upload*",".{0,1000}4shared\.com\/.{0,1000}upload.{0,1000}","greyware_tool_keyword","4shared.com","Uploading on 4shared.com","T1105 - T1567 - T1071","TA0010 ","N/A","Turla","Data Exfiltration","4shared.com","1","1","#filehostingservice","N/A","9","8","N/A","N/A","N/A","N/A"
"*https://www.4shared.com/get/*",".{0,1000}https\:\/\/www\.4shared\.com\/get\/.{0,1000}","greyware_tool_keyword","4shared.com","Downloading a file from 4shared.com","T1105 - T1071 - T1125","TA0009","N/A","Turla","Collection","4shared.com","1","1","#filehostingservice","N/A","6","5","N/A","N/A","N/A","N/A"
"*.ngrok.me*",".{0,1000}\.ngrok\.me.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - Unit 29155 - Common Raven - FoxKitten - Gamaredon - Dispossessor","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24197","4273","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*.rel.tunnels.api.visualstudio.com*",".{0,1000}\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","0","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.relay.splashtop.com*",".{0,1000}\.relay\.splashtop\.com.{0,1000}","greyware_tool_keyword","Splashtop","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","Black Basta - LockBit - AvosLocker - BianLian - Scattered Spider* - Hive - Quantum - Conti - Trigona - RansomHub - Cactus","RMM","https://hybrid-analysis.com/sample/18c10b0235bd341e065ac5c53ca04b68eaeacd98a120e043fb4883628baf644e/6267eb693836e7217b1a3c72","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remotepc.com*",".{0,1000}\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remotepc.com*",".{0,1000}\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","network","10","10","N/A","N/A","N/A","N/A"
"*.remoteutilities.com*",".{0,1000}\.remoteutilities\.com.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.remoteview.logmein.com*",".{0,1000}\.remoteview\.logmein\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.router.teamviewer.com*",".{0,1000}\.router\.teamviewer\.com.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit - BERSERK BEAR - MUSTANG PANDA - TeamSpy Crew - BianLian - Scattered Spider* - Trigona - Yanluowang - FIN7 - LOTUS PANDA","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*.servicedesk.atera.com/GetAgent*",".{0,1000}\.servicedesk\.atera\.com\/GetAgent.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta - Dispossessor","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.share.zrok.io*",".{0,1000}\.share\.zrok\.io.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*.srv.browser.lol*",".{0,1000}\.srv\.browser\.lol.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*adiskreader.disks.raw*",".{0,1000}adiskreader\.disks\.raw.{0,1000}","greyware_tool_keyword","adiskreader","Async Python library to parse local and remote disk images","T1020 - T1048 - T1074 - T1560.001","TA0005 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/skelsec/adiskreader","1","1","N/A","N/A","4","1","76","7","2024-09-05T14:46:56Z","2023-12-18T11:54:31Z"
"*adiskreader.disks.vhdx*",".{0,1000}adiskreader\.disks\.vhdx.{0,1000}","greyware_tool_keyword","adiskreader","Async Python library to parse local and remote disk images","T1020 - T1048 - T1074 - T1560.001","TA0005 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://github.com/skelsec/adiskreader","1","1","N/A","N/A","4","1","76","7","2024-09-05T14:46:56Z","2023-12-18T11:54:31Z"
"*.tunnel.pyjam.as*",".{0,1000}\.tunnel\.pyjam\.as.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.tunnelto.dev*",".{0,1000}\.tunnelto\.dev.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*https://anonfiles.com/*/*",".{0,1000}https\:\/\/anonfiles\.com\/.{0,1000}\/.{0,1000}","greyware_tool_keyword","anonfiles.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","BlackCat - BitLocker - AvosLocker - Hive - Royal - LockBit - Vice Society - Conti - RansomHub","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*.v2.argotunnel.com*",".{0,1000}\.v2\.argotunnel\.com.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*.xeox.com*",".{0,1000}\.xeox\.com.{0,1000}","greyware_tool_keyword","xeox","Easily access and manage Windows devices remotely within XEOX - RMM abused by threat actors","T1021 - T1078 - T1219 - T1105 - T1046","TA0011 - TA0010 - TA0003 - TA0005","N/A","Dispossessor","RMM","https://xeox.com/remote-access/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.zohoassist.com.cn*",".{0,1000}\.zohoassist\.com\.cn.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.zohoassist.jp*",".{0,1000}\.zohoassist\.jp.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*.zrok.quigley.com*",".{0,1000}\.zrok\.quigley\.com.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*https://api.anonfiles.com/upload*",".{0,1000}https\:\/\/api\.anonfiles\.com\/upload.{0,1000}","greyware_tool_keyword","anonfiles.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","BlackCat - BitLocker - AvosLocker - Hive - Royal - LockBit - Vice Society - Conti - RansomHub","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*/3proxy-*.deb*",".{0,1000}\/3proxy\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/3proxy-*.rpm*",".{0,1000}\/3proxy\-.{0,1000}\.rpm.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/3proxy-*.zip*",".{0,1000}\/3proxy\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/3proxy.exe*",".{0,1000}\/3proxy\.exe.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/3proxy.git*",".{0,1000}\/3proxy\.git.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/3proxy.log*",".{0,1000}\/3proxy\.log.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*/a.pinggy.io*",".{0,1000}\/a\.pinggy\.io.{0,1000}","greyware_tool_keyword","pinggy","Create HTTP/TCP or TLS tunnels to your Mac/PC. Even if it is sitting behind firewalls and NATs.","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://pinggy.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/AADInternals.git*",".{0,1000}\/AADInternals\.git.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29 - COZY BEAR","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/action1_agent(My_Organization).msi*",".{0,1000}\/action1_agent\(My_Organization\)\.msi.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","product name","10","10","N/A","N/A","N/A","N/A"
"*/AD_Miner.git*",".{0,1000}\/AD_Miner\.git.{0,1000}","greyware_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1482 - T1069 - T1087","TA0007 ","N/A","EMBER BEAR","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","N/A","N/A","6","10","1181","117","2024-11-27T08:50:12Z","2023-09-26T12:36:59Z"
"*/AD_Miner/releases/*",".{0,1000}\/AD_Miner\/releases\/.{0,1000}","greyware_tool_keyword","AD_Miner","AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses","T1482 - T1069 - T1087","TA0007 ","N/A","EMBER BEAR","Discovery","https://github.com/Mazars-Tech/AD_Miner","1","1","N/A","N/A","6","10","1181","117","2024-11-27T08:50:12Z","2023-09-26T12:36:59Z"
"*/AD-common-queries.git*",".{0,1000}\/AD\-common\-queries\.git.{0,1000}","greyware_tool_keyword","AD-common-queries","Collection of common ADSI queries for Domain Account enumeration","T1087 - T1087.002 - T1018 - T1069 - T1069.002 - T1069.003 - T1133 - T1139","TA0007 - TA0009","N/A","N/A","Discovery","https://github.com/swarleysez/AD-common-queries","1","1","N/A","N/A","8","1","6","3","2020-05-24T03:23:09Z","2020-03-10T19:43:51Z"
"*/AdFind.zip*",".{0,1000}\/AdFind\.zip.{0,1000}","greyware_tool_keyword","adfind","adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers are abusing it to gather valuable information about the network environment","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://www.virustotal.com/gui/file/484dd00e85c033fbfd506b956ac0acd29b30f239755ed753a2788a842425b384/behavior","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ADGet.exe*",".{0,1000}\\ADGet\.exe.{0,1000}","greyware_tool_keyword","adget","gather valuable informations about the AD environment","T1018 - T1027 - T1046 - T1057 - T1069 - T1087 - T1098 - T1482","TA0001 - TA0002 - TA0003 - TA0007 - TA0011","N/A","N/A","Discovery","https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ADRecon*",".{0,1000}\/ADRecon.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability Scanner","https://github.com/sense-of-security/ADRecon","1","1","N/A","N/A","10","10","1730","285","2020-06-15T05:23:14Z","2017-11-29T23:01:53Z"
"*/ADRecon.ps1*",".{0,1000}\/ADRecon\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","8","716","102","2024-10-15T03:41:29Z","2018-12-15T13:00:09Z"
"*/Advanced_Port_Scanner_*.exe*",".{0,1000}\/Advanced_Port_Scanner_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","Dispossessor - LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider* - INDRIK SPIDER - Medusa Locker","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Ahk2Exe.exe*",".{0,1000}\/Ahk2Exe\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe.git*",".{0,1000}\/Ahk2Exe\.git.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe.zip*",".{0,1000}\/Ahk2Exe\.zip.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/Ahk2Exe1.*.zip*",".{0,1000}\/Ahk2Exe1\..{0,1000}\.zip.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/ahk-install.exe*",".{0,1000}\/ahk\-install\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/ahk-v2.exe*",".{0,1000}\/ahk\-v2\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*https://apaste.info/p/new*",".{0,1000}https\:\/\/apaste\.info\/p\/new.{0,1000}","greyware_tool_keyword","apaste.info","Creating a paste on apaste.info/","T1213 - T1190","TA0001 - TA0009 - TA0010","N/A","N/A","Data Exfiltration","https://apaste.info/","1","1","#PastebinLike","N/A","9","10","N/A","N/A","N/A","N/A"
"*/Alpemix.zip*",".{0,1000}\/Alpemix\.zip.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/amalshaji/portr-admin/*",".{0,1000}\/amalshaji\/portr\-admin\/.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/amidaware/rmmagent/releases/download/*",".{0,1000}\/amidaware\/rmmagent\/releases\/download\/.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/Amperage.exe*",".{0,1000}\/Amperage\.exe.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","391","27","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*/AmperageKit.git*",".{0,1000}\/AmperageKit\.git.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","391","27","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*/AmperageKit/releases/*",".{0,1000}\/AmperageKit\/releases\/.{0,1000}","greyware_tool_keyword","AmperageKit","enabling Recall in Windows 11 version 24H2 on unsupported devices","T1005 - T1113 - T1056.001 - T1003","TA0009 - TA0010 - TA0006 - TA0007","N/A","N/A","Sniffing & Spoofing","https://github.com/thebookisclosed/AmperageKit","1","1","N/A","N/A","8","4","391","27","2024-06-21T16:37:12Z","2024-05-30T23:00:45Z"
"*/Anydesk.exe",".{0,1000}\/Anydesk\.exe","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt - Dispossessor","RMM","https://anydesk.com/","1","1","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*/anyplace-control/data2/*.exe*",".{0,1000}\/anyplace\-control\/data2\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/AnyViewerSetup.exe*",".{0,1000}\/AnyViewerSetup\.exe.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Apemix.exe*",".{0,1000}\/Apemix\.exe.{0,1000}","greyware_tool_keyword","Alpemix","connect to your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.alpemix.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/api/latest/fleet/mdm/bootstrap?token=*",".{0,1000}\/api\/latest\/fleet\/mdm\/bootstrap\?token\=.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/api/v1/fleet/mdm/sso/callback*",".{0,1000}\/api\/v1\/fleet\/mdm\/sso\/callback.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/Assistance rapide Installer.exe*",".{0,1000}\/Assistance\srapide\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","LokiBot","Black Basta","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Assistenza rapida Installer.exe*",".{0,1000}\/Assistenza\srapida\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","LokiBot","Black Basta","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/atnow.exe*",".{0,1000}\/atnow\.exe.{0,1000}","greyware_tool_keyword","atnow","AtNow is a command-line utility that schedules programs and commands to run in the near future - abused by TA","T1053 - T1059","TA0002 ","N/A","APT18 - APT29 - APT32 - Cobalt - RTM","Persistence","https://www.nirsoft.net/utils/atnow.html","1","1","N/A","N/A","7","7","N/A","N/A","N/A","N/A"
"*/atnow.zip*",".{0,1000}\/atnow\.zip.{0,1000}","greyware_tool_keyword","atnow","AtNow is a command-line utility that schedules programs and commands to run in the near future - abused by TA","T1053 - T1059","TA0002 ","N/A","APT18 - APT29 - APT32 - Cobalt - RTM","Persistence","https://www.nirsoft.net/utils/atnow.html","1","1","N/A","N/A","7","7","N/A","N/A","N/A","N/A"
"*/AttendedUDP.zip*",".{0,1000}\/AttendedUDP\.zip.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Microsoft Azure Storage Explorer.app*",".{0,1000}\/Microsoft\sAzure\sStorage\sExplorer\.app.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","Rhysida","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/AutoHotkey.exe*",".{0,1000}\/AutoHotkey\.exe.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey.git*",".{0,1000}\/AutoHotkey\.git.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey/releases/download/*",".{0,1000}\/AutoHotkey\/releases\/download\/.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey_*.zip*",".{0,1000}\/AutoHotkey_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/AutoHotkey_1*_setup.exe*",".{0,1000}\/AutoHotkey_1.{0,1000}_setup\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/AutoHotkey_2*_setup.exe*",".{0,1000}\/AutoHotkey_2.{0,1000}_setup\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/AutoHotkey64.exe*",".{0,1000}\/AutoHotkey64\.exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/AutoHotkey64.exe*",".{0,1000}\/AutoHotkey64\.exe.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*/Aweray_Remote_*.exe*",".{0,1000}\/Aweray_Remote_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Aweray_Remote_*.zip*",".{0,1000}\/Aweray_Remote_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Microsoft Azure Storage Explorer.zip*",".{0,1000}\/Microsoft\sAzure\sStorage\sExplorer\.zip.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","Rhysida","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/bin/gs-netcat*",".{0,1000}\/bin\/gs\-netcat.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","#linux","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/bin/x64/connectd.exe*",".{0,1000}\/bin\/x64\/connectd\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","#linux","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/BitLockerToGo.exe*",".{0,1000}\/BitLockerToGo\.exe.{0,1000}","greyware_tool_keyword","BitLockerToGo","BitLocker To Go is legitimate Windows utility used for managing BitLocker encryption - abused by Malware like LummaSteale to manipulate registry keys - search for cryptocurrency wallets and credentials and exfiltrate sensitive data","T1218 - T1055 - T1112 - T1056 - T1555","TA0005 - TA0007 - TA0009","Lumma Stealer","N/A","Defense Evasion","https://securelist.com/fake-captcha-delivers-lumma-amadey/114312/","0","1","N/A","high FP - hunting only","3","8","N/A","N/A","N/A","N/A"
"*/bomgar-rep.exe*",".{0,1000}\/bomgar\-rep\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bomgar-scc-*.exe*",".{0,1000}\/bomgar\-scc\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/bomgar-scc.exe*",".{0,1000}\/bomgar\-scc\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/boringproxy.git*",".{0,1000}\/boringproxy\.git.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/boringproxy-client.service*",".{0,1000}\/boringproxy\-client\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*/boringproxy-server.service*",".{0,1000}\/boringproxy\-server\.service.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*StorageExplorer-linux-x64.tar.gz*",".{0,1000}StorageExplorer\-linux\-x64\.tar\.gz.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","Rhysida","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*StorageExplorer-windows-x64.exe*",".{0,1000}StorageExplorer\-windows\-x64\.exe.{0,1000}","greyware_tool_keyword","Azure Storage Explorer","legitimate microsoft software - threat actors have been abusing Azure Storage Explorer for Data Exfiltration","T1030 - T1048 - T1078.004 - T1105 - T1567.001","TA0010","N/A","Rhysida","Data Exfiltration","https://azure.microsoft.com/en-us/products/storage/storage-explorer","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*https://bashupload.com*",".{0,1000}https\:\/\/bashupload\.com.{0,1000}","greyware_tool_keyword","bashupload.com","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","N/A","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://bayfiles.com/*",".{0,1000}https\:\/\/bayfiles\.com\/.{0,1000}","greyware_tool_keyword","bayfiles","hosting site abused by attackers - blocked site in a lot of countries","T1567 - T1071 - T1020 - T1005","TA0010 - TA0009","N/A","CyClops","Collection","N/A","1","1","#filehostingservice","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://bitbucket.org/*/downloads/*.bat*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*/cloudflared.git*",".{0,1000}\/cloudflared\.git.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*/cloudflared-linux-*.deb*",".{0,1000}\/cloudflared\-linux\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*/cloudflared-linux-*.rpm*",".{0,1000}\/cloudflared\-linux\-.{0,1000}\.rpm.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*/cmd/tailscaled*",".{0,1000}\/cmd\/tailscaled.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*https://bitbucket.org/*/downloads/*.dll*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*/config/apps/http/servers/sirtunnel/routes*",".{0,1000}\/config\/apps\/http\/servers\/sirtunnel\/routes.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1364","114","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*/connectd.aarch64-win.exe*",".{0,1000}\/connectd\.aarch64\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/connectd.x86_64-win.exe*",".{0,1000}\/connectd\.x86_64\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/crowbar.git*",".{0,1000}\/crowbar\.git.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_darwin_386.zip*",".{0,1000}\/crowbar_1\.0\.0_darwin_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_darwin_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_darwin_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_freebsd_386.zip*",".{0,1000}\/crowbar_1\.0\.0_freebsd_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_freebsd_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_freebsd_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_freebsd_arm.zip*",".{0,1000}\/crowbar_1\.0\.0_freebsd_arm\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_linux_386.tar.gz*",".{0,1000}\/crowbar_1\.0\.0_linux_386\.tar\.gz.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_linux_amd64.tar.gz*",".{0,1000}\/crowbar_1\.0\.0_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_linux_arm.tar.gz*",".{0,1000}\/crowbar_1\.0\.0_linux_arm\.tar\.gz.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_openbsd_386.zip*",".{0,1000}\/crowbar_1\.0\.0_openbsd_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_openbsd_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_openbsd_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_windows_386.zip*",".{0,1000}\/crowbar_1\.0\.0_windows_386\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/crowbar_1.0.0_windows_amd64.zip*",".{0,1000}\/crowbar_1\.0\.0_windows_amd64\.zip.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*/damewareagent.exe*",".{0,1000}\/damewareagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://bitbucket.org/*/downloads/*.dll*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*https://bitbucket.org/*/downloads/*.exe*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*https://bitbucket.org/*/downloads/*.ps1*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*https://bitbucket.org/*/downloads/*.rar*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.rar.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*https://bitbucket.org/*/downloads/*.zip*",".{0,1000}https\:\/\/bitbucket\.org\/.{0,1000}\/downloads\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","bitbucket.org","legitimate hosting platform abused by malwares like lummastealer","T1213 - T1102","TA0009","Lumma Stealer","N/A","Collection","N/A","0","1","#filehostingservice","N/A","5","7","N/A","N/A","N/A","N/A"
"*/btunnel.exe*",".{0,1000}\/btunnel\.exe.{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*api.btunnel.in*",".{0,1000}api\.btunnel\.in.{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*/download/pcunlocker*",".{0,1000}\/download\/pcunlocker.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/downloads/ultravnc.html*",".{0,1000}\/downloads\/ultravnc\.html.{0,1000}","greyware_tool_keyword","UltraVNC","UltraVNC remote access software usage","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Dispossessor - Gamaredon Group - APT39","RMM","https://uvnc.com/downloads/ultravnc.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/dropbear.git*",".{0,1000}\/dropbear\.git.{0,1000}","greyware_tool_keyword","dropbear","A smallish SSH server and client","T1021.004 - T1570","TA0003","N/A","COZY BEAR","Persistence","https://github.com/mkj/dropbear","1","1","N/A","N/A","8","10","1754","403","2024-12-04T16:13:34Z","2013-03-19T11:15:36Z"
"*/dropbear/releases/*",".{0,1000}\/dropbear\/releases\/.{0,1000}","greyware_tool_keyword","dropbear","A smallish SSH server and client","T1021.004 - T1570","TA0003","N/A","COZY BEAR","Persistence","https://github.com/mkj/dropbear","1","1","N/A","N/A","8","10","1754","403","2024-12-04T16:13:34Z","2013-03-19T11:15:36Z"
"*/dropbear-sshj.git*",".{0,1000}\/dropbear\-sshj\.git.{0,1000}","greyware_tool_keyword","SSH-J.com","This is Dropbear SSH server modified to be used as a public SSH jump & port forwarding service","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://bitbucket.org/ValdikSS/dropbear-sshj/src/master/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/DuckDNS.7z*",".{0,1000}\/DuckDNS\.7z.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/DuckDNS.git*",".{0,1000}\/DuckDNS\.git.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/DuckDNS.zip""*",".{0,1000}\/DuckDNS\.zip\"".{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/duckdns/duck.log*",".{0,1000}\/duckdns\/duck\.log.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/duckdns/duck.sh*",".{0,1000}\/duckdns\/duck\.sh.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/duckdns-powershell.git*",".{0,1000}\/duckdns\-powershell\.git.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*/DWMRC_St_64.msi*",".{0,1000}\/DWMRC_St_64\.msi.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/DWRCC.exe*",".{0,1000}\/DWRCC\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/DWRCCMD.exe*",".{0,1000}\/DWRCCMD\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*/DWRCS.exe*",".{0,1000}\/DWRCS\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/dameware-mini-remote-control","1","1","N/A","Dameware Mini Remote Control","10","10","N/A","N/A","N/A","N/A"
"*bored-tunnel-client_Windows_x86_64.*",".{0,1000}bored\-tunnel\-client_Windows_x86_64\..{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*http://tcp.btunnel.in*",".{0,1000}http\:\/\/tcp\.btunnel\.in.{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*/Eraser 6.0.10.2620.exe*",".{0,1000}\/Eraser\s6\.0\.10\.2620\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.0.8.2273.exe*",".{0,1000}\/Eraser\s6\.0\.8\.2273\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.0.9.2343.exe*",".{0,1000}\/Eraser\s6\.0\.9\.2343\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/Eraser 6.2.0.2994.exe*",".{0,1000}\/Eraser\s6\.2\.0\.2994\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/EraserSetup.exe*",".{0,1000}\/EraserSetup\.exe.{0,1000}","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/ehorus_agent_installer-*",".{0,1000}\/ehorus_agent_installer\-.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*https://*.btunnel.co.in*",".{0,1000}https\:\/\/.{0,1000}\.btunnel\.co\.in.{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*/expose/database/expose.db*",".{0,1000}\/expose\/database\/expose\.db.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4261","266","2024-09-25T09:30:30Z","2020-04-14T19:18:38Z"
"*/expose/raw/master/builds/expose*",".{0,1000}\/expose\/raw\/master\/builds\/expose.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4261","266","2024-09-25T09:30:30Z","2020-04-14T19:18:38Z"
"*https://*.btunnel.co.in*",".{0,1000}https\:\/\/.{0,1000}\.btunnel\.co\.in.{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*https://www.btunnel.in/downloads*",".{0,1000}https\:\/\/www\.btunnel\.in\/downloads.{0,1000}","greyware_tool_keyword","btunnel","Btunnel is a publicly accessible reverse proxy","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://www.btunnel.in","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*https://burrow.io/tunnels*",".{0,1000}https\:\/\/burrow\.io\/tunnels.{0,1000}","greyware_tool_keyword","burrow","Expose localhost to the internet using a public URL","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://burrow.io","1","1","N/A","N/A","9","8","N/A","N/A","N/A","N/A"
"*/fleet_v*_linux.tar.gz*",".{0,1000}\/fleet_v.{0,1000}_linux\.tar\.gz.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/fleetd.crx*",".{0,1000}\/fleetd\.crx.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/fleetdm/fleet/releases/download/*",".{0,1000}\/fleetdm\/fleet\/releases\/download\/.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/fleetdm/fleet/releases/latest*",".{0,1000}\/fleetdm\/fleet\/releases\/latest.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*https://files.catbox.moe/*","https:\/\/files\.catbox\.moe\/[^\s\n]+","greyware_tool_keyword","catbox.moe","The cutest free file host you've ever seen - abused by threat actors","T1560.001 - T1190 - T1102 - T1027.002","TA0001 - TA0005 - TA0042","N/A","N/A","Collection","https://files[.]catbox.moe","1","1","#filehostingservice","N/A","9","10","N/A","N/A","N/A","N/A"
"*/dataplicity-agent.git*",".{0,1000}\/dataplicity\-agent\.git.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*/dataplicity-agent/releases/download*",".{0,1000}\/dataplicity\-agent\/releases\/download.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*api.dataplicity.com*",".{0,1000}api\.dataplicity\.com.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*bit.ly/2alyerp*",".{0,1000}bit\.ly\/2alyerp.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*https://www.dataplicity.com/*.py*",".{0,1000}https\:\/\/www\.dataplicity\.com\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*m2m.dataplicity.com*",".{0,1000}m2m\.dataplicity\.com.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*wildfoundry/dataplicity-agent*",".{0,1000}wildfoundry\/dataplicity\-agent.{0,1000}","greyware_tool_keyword","Dataplicity","enables connecting local systems to dataplicity cloud for remotely accessing them over the internet.","T1090 - T1102 - T1043 - T1071","TA0010 - TA0005 - TA0011","N/A","N/A","Data Exfiltration","https://github.com/wildfoundry/dataplicity-agent","1","1","N/A","N/A","9","2","166","32","2024-06-10T20:17:43Z","2016-07-27T14:23:01Z"
"*https://media.discordapp.net/attachments/*.bat*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.exe*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.hta*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.iso*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.jar*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.msi*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.py*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.vbs*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*https://media.discordapp.net/attachments/*.zip*",".{0,1000}https\:\/\/media\.discordapp\.net\/attachments\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","discord","Downloading discord executables and archives attachments","T1189","TA0001 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","6","9","N/A","N/A","N/A","N/A"
"*disk2vhd.exe*",".{0,1000}disk2vhd\.exe.{0,1000}","greyware_tool_keyword","Disk2vhd","convert physical disks into Virtual Hard Disk (VHD) files -attackers can leverage it for Collection","T1560.002 - T1012 - T1560.003","TA0005 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A"
"*Disk2vhd.zip*",".{0,1000}Disk2vhd\.zip.{0,1000}","greyware_tool_keyword","Disk2vhd","convert physical disks into Virtual Hard Disk (VHD) files -attackers can leverage it for Collection","T1560.002 - T1012 - T1560.003","TA0005 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A"
"*disk2vhd64.exe*",".{0,1000}disk2vhd64\.exe.{0,1000}","greyware_tool_keyword","Disk2vhd","convert physical disks into Virtual Hard Disk (VHD) files -attackers can leverage it for Collection","T1560.002 - T1012 - T1560.003","TA0005 - TA0009","N/A","N/A","Collection","N/A","1","1","N/A","N/A","8","4","N/A","N/A","N/A","N/A"
"*https://content.dropboxapi.com/2/files/upload*",".{0,1000}https\:\/\/content\.dropboxapi\.com\/2\/files\/upload.{0,1000}","greyware_tool_keyword","dropbox","uploading file to dropbox with the API","T1105 - T1071.001 - T1567.002","TA0011 - TA0009 - TA0010","N/A","BlackCat - Scattered Spider* - Operation BugDrop - COZY BEAR - Turla - LockBit - Pandora","Data Exfiltration","https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/blob/main/Functions/DropBox-Upload.md","1","1","#filehostingservice","N/A","7","10","1139","133","2024-06-16T04:10:39Z","2022-05-10T04:12:53Z"
"*https://dropmefiles.com/*",".{0,1000}https\:\/\/dropmefiles\.com\/.{0,1000}","greyware_tool_keyword","dropmefiles.com","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Mallox - Dispossessor - BitLocker - Black Basta - Hive - Royal - LockBit - Vice Society","Collection","https://github.com/Casualtek/Ransomchats/blob/4a25ac6ad165a4e600aeb72718c3ad41e8f6ce3a/Mallox/20230427.json#L286C25-L286C48","1","1","#filehostingservice","downloading files url","8","5","438","41","2024-11-19T15:40:42Z","2023-05-02T16:17:48Z"
"*https://dropmefiles.com/s3/upload/*",".{0,1000}https\:\/\/dropmefiles\.com\/s3\/upload\/.{0,1000}","greyware_tool_keyword","dropmefiles.com","temporary file hosting service - abused by attackers to share informations with their victims","T1105 - T1071","TA0010 - TA0009","N/A","Mallox - Dispossessor - BitLocker - Black Basta - Hive - Royal - LockBit - Vice Society","Data Exfiltration","https://github.com/Casualtek/Ransomchats/blob/4a25ac6ad165a4e600aeb72718c3ad41e8f6ce3a/Mallox/20230427.json#L286C25-L286C48","1","1","#filehostingservice","uploading files url","10","5","438","41","2024-11-19T15:40:42Z","2023-05-02T16:17:48Z"
"*https://easyupload.io/action.php*",".{0,1000}https\:\/\/easyupload\.io\/action\.php.{0,1000}","greyware_tool_keyword","easyupload.io","hosting platform abused by attackers","T1105 - T1071.001 - T1567.002 - T1041","TA0010 - TA0005","N/A","Akira","Data Exfiltration","N/A","1","1","#filehostingservice","uploading url","8","6","N/A","N/A","N/A","N/A"
"*https://easyupload.io/cdn-cgi/rum*",".{0,1000}https\:\/\/easyupload\.io\/cdn\-cgi\/rum.{0,1000}","greyware_tool_keyword","easyupload.io","hosting platform abused by attackers","T1105 - T1071.001 - T1567.002 - T1041","TA0010 - TA0005","N/A","Akira","Data Exfiltration","N/A","1","1","#filehostingservice","uploading url","8","6","N/A","N/A","N/A","N/A"
"*https://*.fex.net/download/*",".{0,1000}https\:\/\/.{0,1000}\.fex\.net\/download\/.{0,1000}","greyware_tool_keyword","fex.net","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Collection","https://fex.net","1","1","#filehostingservice","downloading a file","10","10","N/A","N/A","N/A","N/A"
"*https://*.fex.net/upload/*",".{0,1000}https\:\/\/.{0,1000}\.fex\.net\/upload\/.{0,1000}","greyware_tool_keyword","fex.net","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://fex.net","1","1","#filehostingservice","uploading a file","10","10","N/A","N/A","N/A","N/A"
"*https://api.fex.net/api/v1/anonymous/file*",".{0,1000}https\:\/\/api\.fex\.net\/api\/v1\/anonymous\/file.{0,1000}","greyware_tool_keyword","fex.net","hosting service abused by attackers","T1583.003 - T1071 - T1102","TA0010 - TA0005 - TA0009","N/A","N/A","Data Exfiltration","https://fex.net","1","1","#filehostingservice","uploading a file","10","10","N/A","N/A","N/A","N/A"
"*/download/fiddler/fiddler-everywhere-windows*",".{0,1000}\/download\/fiddler\/fiddler\-everywhere\-windows.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/Fiddler Everywhere *.*.*.exe*",".{0,1000}\/Fiddler\sEverywhere\s.{0,1000}\..{0,1000}\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*\Fiddler Everywhere *.*.*.exe*",".{0,1000}\\Fiddler\sEverywhere\s.{0,1000}\..{0,1000}\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*https://www.telerik.com/download/fiddler/*",".{0,1000}https\:\/\/www\.telerik\.com\/download\/fiddler\/.{0,1000}","greyware_tool_keyword","fiddler","fiddler - capture https requests","T1056 - T1040 - T1557","TA0009 - TA00010","N/A","N/A","Collection","https://www.telerik.com/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*https://file.io/*",".{0,1000}https\:\/\/file\.io\/.{0,1000}","greyware_tool_keyword","file.io","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","BlackCat - Akira - AvosLocker - Hive - Ragnar Locker - Royal - LockBit - Vice Society - Conti","Collection","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*https://file.io/?title=*",".{0,1000}https\:\/\/file\.io\/\?title\=.{0,1000}","greyware_tool_keyword","file.io","Interesting observation on the file-sharing platform preferences derived from the negotiations chats with LockBit victims","T1567 - T1022 - T1074 - T1105","TA0011 - TA0009 - TA0010 - TA0008","N/A","BlackCat - Akira - AvosLocker - Hive - Ragnar Locker - Royal - LockBit - Vice Society - Conti","Data Exfiltration","https://twitter.com/mthcht/status/1660953897622544384","1","1","#filehostingservice","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*filetransfer.io/upload/*",".{0,1000}filetransfer\.io\/upload\/.{0,1000}","greyware_tool_keyword","filetransfer.io","uploading to filetransfer.io","T1105 - T1021 - T1560.003 - T1071.001 - T1071.002","TA0010 - TA0009","N/A","N/A","Data Exfiltration","https://filetransfer.io","1","1","#filehostingservice","N/A","10","10","N/A","N/A","N/A","N/A"
"*/FileZilla_*_sponsored-setup.exe*",".{0,1000}\/FileZilla_.{0,1000}_sponsored\-setup\.exe.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Dispossessor - Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider* - Unit 29155","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*/FileZilla_Server_*.deb*",".{0,1000}\/FileZilla_Server_.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Dispossessor - Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider* - Unit 29155","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*download.filezilla-project.org*",".{0,1000}download\.filezilla\-project\.org.{0,1000}","greyware_tool_keyword","FileZilla","FileZilla admintool used by threat actors for persistence and data exfiltration","T1505 - T1041","TA0003 - TA0009 -TA0010","N/A","Dispossessor - Akira - Karakurt - AvosLocker - LockBit - Nokoyawa - Diavol - Scattered Spider* - Unit 29155","Data Exfiltration","https://filezilla-project.org/","1","1","N/A","PUA risk of legitimate usage","5","7","N/A","N/A","N/A","N/A"
"*/FreeFileSync.exe*",".{0,1000}\/FreeFileSync\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync.tar.gz*",".{0,1000}\/FreeFileSync\.tar\.gz.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync_*.tar.gz*",".{0,1000}\/FreeFileSync_.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync_*_Windows_Setup.exe*",".{0,1000}\/FreeFileSync_.{0,1000}_Windows_Setup\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSync_x64.exe*",".{0,1000}\/FreeFileSync_x64\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/FreeFileSyncPortable_*.exe*",".{0,1000}\/FreeFileSyncPortable_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*/RealTimeSync.exe*",".{0,1000}\/RealTimeSync\.exe.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","N/A","N/A","9","10","N/A","N/A","N/A","N/A"
"*api.freefilesync.org*",".{0,1000}api\.freefilesync\.org.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","#filehostingservice","N/A","9","10","N/A","N/A","N/A","N/A"
"*https://api.freefilesync.org/new_installation*",".{0,1000}https\:\/\/api\.freefilesync\.org\/new_installation.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","#filehostingservice","N/A","9","10","N/A","N/A","N/A","N/A"
"*https://freefilesync.org/donate*",".{0,1000}https\:\/\/freefilesync\.org\/donate.{0,1000}","greyware_tool_keyword","freefilesync","freefilesync is a backup and file synchronization program abused by attacker for data exfiltration","T1567.002 - T1020 - T1039","TA0010 ","N/A","LockBit","Data Exfiltration","https://freefilesync.org/download.php","1","1","#filehostingservice","N/A","9","10","N/A","N/A","N/A","N/A"
"*/frp.git*",".{0,1000}\/frp\.git.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_darwin_amd64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_darwin_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_darwin_arm64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_darwin_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_freebsd_amd64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_freebsd_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_amd64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_arm.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_arm\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_arm64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mips.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mips\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mips64.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mips64\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mips64le.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mips64le\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frp_0.*.*_linux_mipsle.tar.gz*",".{0,1000}\/frp_0\..{0,1000}\..{0,1000}_linux_mipsle\.tar\.gz.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frpc.exe*",".{0,1000}\/frpc\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/frps.exe*",".{0,1000}\/frps\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*fatedier/frp*",".{0,1000}fatedier\/frp.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*frpc_windows_amd64.exe*",".{0,1000}frpc_windows_amd64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*frpc_windows_arm64.exe*",".{0,1000}frpc_windows_arm64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*frps_windows_amd64.exe*",".{0,1000}frps_windows_amd64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*frps_windows_arm64.exe*",".{0,1000}frps_windows_arm64\.exe.{0,1000}","greyware_tool_keyword","frp","A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.","T1572 - T1090 - T1599","TA0010 - TA0040","N/A","N/A","Data Exfiltration","https://github.com/fatedier/frp","1","1","N/A","N/A","10","10","87327","13437","2024-12-02T03:56:52Z","2015-12-21T15:24:59Z"
"*/github.com*.exe?raw=true*",".{0,1000}\/github\.com.{0,1000}\.exe\?raw\=true.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/archive/refs/tags/*.zip*",".{0,1000}\/github\.com\/.{0,1000}\/archive\/refs\/tags\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.7z*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.7z.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.apk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.apk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.app*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.app.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.as*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.as.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.asc*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.asc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.asp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.asp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bash*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bash.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","#linux","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bat*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.beacon*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.beacon.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bin*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bin.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.bpl*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.bpl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.c*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.c.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cer*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cer.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/go-gost/core/*",".{0,1000}\/go\-gost\/core\/.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","Dispossessor - EMBER BEAR","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","4400","530","2024-12-02T17:52:44Z","2020-02-12T14:58:08Z"
"*/go-http-tunnel.git.git*",".{0,1000}\/go\-http\-tunnel\.git\.git.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3247","308","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/go-http-tunnel/cmd/*",".{0,1000}\/go\-http\-tunnel\/cmd\/.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3247","308","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/go-localtunnel.git*",".{0,1000}\/go\-localtunnel\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","168","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*/github.com/*/raw/main/*.cmd*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/gost.tar.gz*",".{0,1000}\/gost\.tar\.gz.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","Dispossessor - EMBER BEAR","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","4400","530","2024-12-02T17:52:44Z","2020-02-12T14:58:08Z"
"*/gost/raw/master/install.sh*",".{0,1000}\/gost\/raw\/master\/install\.sh.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","Dispossessor - EMBER BEAR","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","4400","530","2024-12-02T17:52:44Z","2020-02-12T14:58:08Z"
"*/gost/releases/download/*.tar.gz*",".{0,1000}\/gost\/releases\/download\/.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gost","GO Simple Tunnel - a simple tunnel written in golang","T1572","TA0011 - TA0003","N/A","Dispossessor - EMBER BEAR","C2","https://github.com/go-gost/gost","1","1","N/A","N/A","10","10","4400","530","2024-12-02T17:52:44Z","2020-02-12T14:58:08Z"
"*/gotunnelme.git*",".{0,1000}\/gotunnelme\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/NoahShen/gotunnelme","1","1","N/A","N/A","10","10","168","45","2018-01-06T04:41:15Z","2013-10-18T02:46:51Z"
"*/gsocket-*.tar.gz*",".{0,1000}\/gsocket\-.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket.git*",".{0,1000}\/gsocket\.git.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket/releases/latest*",".{0,1000}\/gsocket\/releases\/latest.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*_all.deb*",".{0,1000}\/gsocket_.{0,1000}_all\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*_x86_64.deb*",".{0,1000}\/gsocket_.{0,1000}_x86_64\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*aarch64.deb*",".{0,1000}\/gsocket_.{0,1000}aarch64\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*arm.deb*",".{0,1000}\/gsocket_.{0,1000}arm\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*armv6.deb*",".{0,1000}\/gsocket_.{0,1000}armv6\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*armv7l.deb*",".{0,1000}\/gsocket_.{0,1000}armv7l\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*i686.deb*",".{0,1000}\/gsocket_.{0,1000}i686\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*mips32.deb*",".{0,1000}\/gsocket_.{0,1000}mips32\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*mips64.deb*",".{0,1000}\/gsocket_.{0,1000}mips64\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_*mipsel.deb*",".{0,1000}\/gsocket_.{0,1000}mipsel\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_dso.so.*",".{0,1000}\/gsocket_dso\.so\..{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket_latest_all.deb*",".{0,1000}\/gsocket_latest_all\.deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket-build*",".{0,1000}\/gsocket\-build.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket-deb*",".{0,1000}\/gsocket\-deb.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket-pkg/*",".{0,1000}\/gsocket\-pkg\/.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket-src*",".{0,1000}\/gsocket\-src.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gsocket-tor*",".{0,1000}\/gsocket\-tor.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gs-portforward.service*",".{0,1000}\/gs\-portforward\.service.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gs-root-shell.service*",".{0,1000}\/gs\-root\-shell\.service.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/gt-win-x86_64.exe*",".{0,1000}\/gt\-win\-x86_64\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","123","34","2024-10-30T00:37:47Z","2021-11-29T03:09:56Z"
"*/host-7.2.2.0.msi*",".{0,1000}\/host\-7\.2\.2\.0\.msi.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.com*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.com.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/hypertunnel.git*",".{0,1000}\/hypertunnel\.git.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","242","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*/hypertunnel-tcp-relay*.tar.gz*",".{0,1000}\/hypertunnel\-tcp\-relay.{0,1000}\.tar\.gz.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","242","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*/hypertunnel-tcp-relay*.zip*",".{0,1000}\/hypertunnel\-tcp\-relay.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","242","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*/install-fleetctl.sh*",".{0,1000}\/install\-fleetctl\.sh.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/interactsh/*",".{0,1000}\/interactsh\/.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C5","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3478","370","2024-12-02T01:45:18Z","2021-01-29T14:31:51Z"
"*/interactsh-client*",".{0,1000}\/interactsh\-client.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C6","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3478","370","2024-12-02T01:45:18Z","2021-01-29T14:31:51Z"
"*/interactsh-collaborator*",".{0,1000}\/interactsh\-collaborator.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C15","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3478","370","2024-12-02T01:45:18Z","2021-01-29T14:31:51Z"
"*/interactsh-server*",".{0,1000}\/interactsh\-server.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C8","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3478","370","2024-12-02T01:45:18Z","2021-01-29T14:31:51Z"
"*/Invoke-Maldaptive.git*",".{0,1000}\/Invoke\-Maldaptive\.git.{0,1000}","greyware_tool_keyword","Invoke-Maldaptive","MaLDAPtive is a framework for LDAP SearchFilter parsing - obfuscation - deobfuscation and detection.","T1027","TA0005 - TA0007","N/A","N/A","Discovery","https://github.com/MaLDAPtive/Invoke-Maldaptive","1","1","N/A","N/A","7","3","222","23","2024-08-07T21:12:45Z","2024-08-07T20:43:52Z"
"*/IObitUnlocker.exe*",".{0,1000}\/IObitUnlocker\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","1","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*/ipscan.exe*",".{0,1000}\/ipscan\.exe.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos - BERSERK BEAR","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4213","731","2024-11-23T19:03:47Z","2011-06-28T20:58:48Z"
"*/ipscan.git*",".{0,1000}\/ipscan\.git.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos - BERSERK BEAR","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4213","731","2024-11-23T19:03:47Z","2011-06-28T20:58:48Z"
"*/jprq.git*",".{0,1000}\/jprq\.git.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/jprq-darwin-arm64*",".{0,1000}\/jprq\-darwin\-arm64.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/jprq-linux-386*",".{0,1000}\/jprq\-linux\-386.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/jprq-linux-arm64*",".{0,1000}\/jprq\-linux\-arm64.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/jprq-windows-386.exe*",".{0,1000}\/jprq\-windows\-386\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*/jprq-windows-amd64.exe*",".{0,1000}\/jprq\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","jprq","expose TCP protocols such as HTTP - SSH etc. Any server!","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/azimjohn/jprq","1","1","N/A","N/A","10","10","1037","148","2024-11-01T08:39:24Z","2020-04-18T10:12:42Z"
"*https://portal.ehorus.com/#/agents/*",".{0,1000}https\:\/\/portal\.ehorus\.com\/\#\/agents\/.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*hub.ehorus.com",".{0,1000}hub\.ehorus\.com","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cpp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cpp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*switch.ehorus.com*",".{0,1000}switch\.ehorus\.com.{0,1000}","greyware_tool_keyword","EHORUS RMM","Pandora RC (formerly called eHorus) is a computer management system for MS Windows - Linux and MacOS that allows access to registered computers wherever they are from a browser without direct connectivity to their devices from the outside. (server based on VNC)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Blacksuit - Royal","RMM","https://pandorafms.com/en/remote-control/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/lansearch.exe*",".{0,1000}\/lansearch\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","Dispossessor - LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider* - INDRIK SPIDER - Medusa Locker","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/LansweeperSetup_*.exe*",".{0,1000}\/LansweeperSetup_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Lansweeper","Lansweeper discovers and inventories IT assets - gathering system - software and user data - abused by attackers","T1016 - T1082","TA0007","N/A","EvilCorp*","Discovery","https://www.lansweeper.com/","1","1","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*/latest/download/tunwg*",".{0,1000}\/latest\/download\/tunwg.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*/level-windows-amd64.exe*",".{0,1000}\/level\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/level-windows-arm64.exe*",".{0,1000}\/level\-windows\-arm64\.exe.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/LMI_Rescue.exe*",".{0,1000}\/LMI_Rescue\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/LMIRTechConsole.exe*",".{0,1000}\/LMIRTechConsole\.exe.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.crt*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.crt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.cs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.cs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.csh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.csh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.dat*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.dll*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.docm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.docm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/localtunnel.git*",".{0,1000}\/localtunnel\.git.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","19267","1344","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*/github.com/*/raw/main/*.dos*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.dos.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/localtunnel.js*",".{0,1000}\/localtunnel\.js.{0,1000}","greyware_tool_keyword","localtunnel","localtunnel exposes your localhost to the world","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/localtunnel/localtunnel","1","1","N/A","N/A","10","10","19267","1344","2024-03-20T17:04:54Z","2012-06-18T02:33:30Z"
"*/github.com/*/raw/main/*.exe*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.go*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.go.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.gz*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.gz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/lsa-whisperer-*.zip*",".{0,1000}\/lsa\-whisperer\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","lsa-whisperer","Tools for interacting with authentication packages using their individual message protocols","T1556.002 - T1003.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/EvanMcBroom/lsa-whisperer","1","1","N/A","N/A","6","3","299","27","2024-12-01T00:13:32Z","2022-08-04T14:35:45Z"
"*/lsa-whisperer.git*",".{0,1000}\/lsa\-whisperer\.git.{0,1000}","greyware_tool_keyword","lsa-whisperer","Tools for interacting with authentication packages using their individual message protocols","T1556.002 - T1003.001","TA0006 - TA0005","N/A","N/A","Credential Access","https://github.com/EvanMcBroom/lsa-whisperer","1","1","N/A","N/A","6","3","299","27","2024-12-01T00:13:32Z","2022-08-04T14:35:45Z"
"*/github.com/*/raw/main/*.hta*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.iso*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.jar*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.js*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.js.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.lnk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.lnk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.log*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.log.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.mac*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.mac.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.mam*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.mam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.msi*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.msp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.msp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.nexe*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.nexe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.nim*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.nim.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.otm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.otm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/MeshAgent.git*",".{0,1000}\/MeshAgent\.git.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshAgent","1","1","N/A","N/A","10","3","235","90","2024-11-26T20:49:56Z","2017-10-12T21:26:52Z"
"*/MeshCentral.git*",".{0,1000}\/MeshCentral\.git.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","4349","581","2024-12-07T14:41:24Z","2017-08-28T16:21:11Z"
"*/meshinstall.sh*",".{0,1000}\/meshinstall\.sh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","4349","581","2024-12-07T14:41:24Z","2017-08-28T16:21:11Z"
"*/meshinstall-bsd-rcd.sh*",".{0,1000}\/meshinstall\-bsd\-rcd\.sh.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","4349","581","2024-12-07T14:41:24Z","2017-08-28T16:21:11Z"
"*/github.com/*/raw/main/*.out*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.out.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ova*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ova.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/MITMPluginLogViewer*",".{0,1000}\/MITMPluginLogViewer.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/MITMServerHijacking*",".{0,1000}\/MITMServerHijacking.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/github.com/*/raw/main/*.pem*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pem.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/mzcv-x64.zip*",".{0,1000}\/mzcv\-x64\.zip.{0,1000}","greyware_tool_keyword","MozillaCookiesView","nirsoft utility that displays the details of all cookies stored inside the cookies file (cookies.txt or cookies.sqlite) - abused by threat actors","T1070 - T1552.001 - T1125 - T1005","TA0009 - TA0005","N/A","MuddyWater","Credential Access","https://www.nirsoft.net/utils/mzcv.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/nats-rmm.conf*",".{0,1000}\/nats\-rmm\.conf.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/github.com/*/raw/main/*.pfx*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pfx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pl*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.plx*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.plx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.ppk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ppk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/netscan.exe*",".{0,1000}\/netscan\.exe.{0,1000}","greyware_tool_keyword","netscan","SoftPerfect Network Scanner abused by threat actor","T1040 - T1046 - T1018","TA0007 - TA0010 - TA0001","N/A","Cobalt Group","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","network exploitation tool","6","10","N/A","N/A","N/A","N/A"
"*/netscan.exe*",".{0,1000}\/netscan\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon - Cobalt Group - FIN7 - Anunak","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan_linux.tar.gz*",".{0,1000}\/netscan_linux\.tar\.gz.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon - Cobalt Group - FIN7 - Anunak","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan_macos.dmg*",".{0,1000}\/netscan_macos\.dmg.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon - Cobalt Group - FIN7 - Anunak","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan_setup.exe*",".{0,1000}\/netscan_setup\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon - Cobalt Group - FIN7 - Anunak","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netscan64.exe*",".{0,1000}\/netscan64\.exe.{0,1000}","greyware_tool_keyword","softperfect networkscanner","SoftPerfect Network Scanner can ping computers scan ports discover shared folders and retrieve practically any information about network devices via WMI SNMP HTTP SSH and PowerShell","T1046 - T1065 - T1135 ","TA0007 ","N/A","Dispossessor - BlackSuit - Royal - Black Basta - Akira - LockBit - BianLian - Conti - BlackCat - Dagon Locker - Nokoyawa - Trigona - Hive - BlackByte - RansomHub - Cactus - Fog - Medusa - Avaddon - Cobalt Group - FIN7 - Anunak","Discovery","https://www.softperfect.com/products/networkscanner/","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/netshrun.c*",".{0,1000}\/netshrun\.c.{0,1000}","greyware_tool_keyword","NetshRun","Netsh.exe relies on extensions taken from Registry which means it may be used as a persistence and you go one step further extending netsh with a DLL allowing you to do whatever you want","T1546.008 - T1112 - T1037 - T1055 - T1218.001","TA0003 - TA0002 - TA0008","N/A","N/A","Exploitation tool","https://github.com/gtworek/PSBits/blob/master/NetShRun","1","1","N/A","N/A","N/A","10","3240","531","2024-11-20T18:26:27Z","2019-06-29T13:22:36Z"
"*/ngrok.git*",".{0,1000}\/ngrok\.git.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - Unit 29155 - Common Raven - FoxKitten - Gamaredon - Dispossessor","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24197","4273","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrok.go*",".{0,1000}\/ngrok\.go.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - Unit 29155 - Common Raven - FoxKitten - Gamaredon - Dispossessor","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24197","4273","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/ngrokd.go*",".{0,1000}\/ngrokd\.go.{0,1000}","greyware_tool_keyword","ngrok","ngrok - abused by attackers for C2 usage","T1090 - T1095 - T1008 - T1102 - T1572 - T1567 - T1568.002","TA0011 - TA0010 - TA0005","N/A","Akira - BlackCat - Karakurt - Scattered Spider* - LockBit - Fox Kitten - LazyScripter - Unit 29155 - Common Raven - FoxKitten - Gamaredon - Dispossessor","C2","https://github.com/inconshreveable/ngrok","1","1","N/A","N/A","10","10","24197","4273","2024-04-26T18:11:18Z","2013-03-20T09:37:43Z"
"*/github.com/*/raw/main/*.ps1*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/NimScan.exe*",".{0,1000}\/NimScan\.exe.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","386","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*/NimScan.git*",".{0,1000}\/NimScan\.git.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","386","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*/NimScan.nim*",".{0,1000}\/NimScan\.nim.{0,1000}","greyware_tool_keyword","NimScan","Really fast port scanner (With filtered option - Windows support only)","T1046","TA0007","N/A","N/A","Discovery","https://github.com/elddy/NimScan","1","1","N/A","N/A","8","4","386","37","2022-02-10T13:23:02Z","2020-08-12T14:20:46Z"
"*/github.com/*/raw/main/*.psm1*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.psm1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/nircmd.exe*",".{0,1000}\/nircmd\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmd.zip*",".{0,1000}\/nircmd\.zip.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmdc.exe*",".{0,1000}\/nircmdc\.exe.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nircmd-x64.zip*",".{0,1000}\/nircmd\-x64\.zip.{0,1000}","greyware_tool_keyword","nircmd","Nirsoft tool - NirCmd is a small command-line utility that allows you to do some useful tasks without displaying any user interface","T1059 - T1036","TA0005 - TA0002 - TA0003","N/A","N/A","Defense Evasion","https://www.nirsoft.net/utils/nircmd.html","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Nmap/folder/check15*",".{0,1000}\/Nmap\/folder\/check15.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/Nmap/folder/check16*",".{0,1000}\/Nmap\/folder\/check16.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/Nmap/folder/check17*",".{0,1000}\/Nmap\/folder\/check17.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/nmaplowercheck15*",".{0,1000}\/nmaplowercheck15.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://nmap.org/book/nse-usage.html","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","N/A","N/A","N/A","N/A"
"*/nmaplowercheck16*",".{0,1000}\/nmaplowercheck16.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/nmaplowercheck17*",".{0,1000}\/nmaplowercheck17.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/nmap-scada*",".{0,1000}\/nmap\-scada.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/NmapUpperCheck15*",".{0,1000}\/NmapUpperCheck15.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/NmapUpperCheck16*",".{0,1000}\/NmapUpperCheck16.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/NmapUpperCheck17*",".{0,1000}\/NmapUpperCheck17.{0,1000}","greyware_tool_keyword","nmap","Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Discovery","https://github.com/nmap/nmap/blob/635675b1430a89e950f71112d3bfc74feee4b19a/nselib/http.lua#L2600","1","1","N/A","will appear on your server access logs if you are scanned by nmap","8","10","10302","2421","2024-12-06T21:45:06Z","2012-03-09T14:47:43Z"
"*/nmap-vulners*",".{0,1000}\/nmap\-vulners.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/nse-install.git*",".{0,1000}\/nse\-install\.git.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*/nspowershell.exe*",".{0,1000}\/nspowershell\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta - Moskalvzapoe","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/nssadmui.exe*",".{0,1000}\/nssadmui\.exe.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta - Moskalvzapoe","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pub*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pub.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/OfflineSamTool.exe*",".{0,1000}\/OfflineSamTool\.exe.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/oset.exe*",".{0,1000}\/oset\.exe.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/oset.zip*",".{0,1000}\/oset\.zip.{0,1000}","greyware_tool_keyword","oset","Offline SAM Editor Tool to access and edit SAM databases from offline OS disk","T1078 - T1003.002 - T1547.001","TA0003 - TA0006 - TA0007 - TA0005","N/A","N/A","Credential Access","https://x.com/0gtweet/status/1817859483445461406","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.py*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/PAExec.cpp*",".{0,1000}\/PAExec\.cpp.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","543","176","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/paexec.exe",".{0,1000}\/paexec\.exe","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","543","176","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/PAExec.git*",".{0,1000}\/PAExec\.git.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","543","176","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*/pagekite.py*",".{0,1000}\/pagekite\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.3.21.py*",".{0,1000}\/pagekite\-0\.3\.21\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.4.6a.py*",".{0,1000}\/pagekite\-0\.4\.6a\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.5.6d.py*",".{0,1000}\/pagekite\-0\.5\.6d\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-0.5.8a.py*",".{0,1000}\/pagekite\-0\.5\.8a\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pagekite-gtk.py*",".{0,1000}\/pagekite\-gtk\.py.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/PCHunter.exe*",".{0,1000}\/PCHunter\.exe.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network and startup configurations. It is designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/PCHunter_free.zip*",".{0,1000}\/PCHunter_free\.zip.{0,1000}","greyware_tool_keyword","PCHunter","PCHunter is a toolkit offering deep access to kernel setting - processes - network and startup configurations. It is designed to detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Conti - 8BASE - TargetCompany - Hive - Qilin","Defense Evasion","https://www.majorgeeks.com/files/details/pc_hunter.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/PCMonitorManager.exe*",".{0,1000}\/PCMonitorManager\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/PCMonitorSrv.exe*",".{0,1000}\/PCMonitorSrv\.exe.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcmontask.exe*",".{0,1000}\/pcmontask\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcmrdp-client.dll*",".{0,1000}\/pcmrdp\-client\.dll.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcunlocker.iso*",".{0,1000}\/pcunlocker\.iso.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pcunlocker_trial.zip*",".{0,1000}\/pcunlocker_trial\.zip.{0,1000}","greyware_tool_keyword","pcunlocker","Reset and unlock forgotten Windows login password","T1078","TA0005 - TA0006 - TA0009","N/A","N/A","Credential Access","https://www.pcunlocker.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pyc*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pyc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.pyo*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.pyo.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.rar*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.rar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.raw*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.raw.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/pgrok.exe*",".{0,1000}\/pgrok\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","1","N/A","N/A","10","10","281","55","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*/pgrok.git*",".{0,1000}\/pgrok\.git.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3218","107","2024-12-01T15:58:30Z","2023-03-08T12:43:55Z"
"*/pgrokd.exe*",".{0,1000}\/pgrokd\.exe.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/jerson/pgrok","1","1","N/A","N/A","10","10","281","55","2022-05-30T14:53:46Z","2019-07-31T13:23:51Z"
"*/pgrokd_*.zip*",".{0,1000}\/pgrokd_.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","pgrok","Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pgrok/pgrok","1","1","N/A","N/A","10","10","3218","107","2024-12-01T15:58:30Z","2023-03-08T12:43:55Z"
"*/github.com/*/raw/main/*.reg*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.reg.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.rgs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.rgs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/pingcastle.git*",".{0,1000}\/pingcastle\.git.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability Scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2366","292","2024-09-25T19:16:13Z","2018-08-31T17:42:48Z"
"*/PingCastle.zip*",".{0,1000}\/PingCastle\.zip.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability Scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2366","292","2024-09-25T19:16:13Z","2018-08-31T17:42:48Z"
"*/pingcastle/releases/download/*",".{0,1000}\/pingcastle\/releases\/download\/.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability Scanner","https://github.com/netwrix/pingcastle","1","1","N/A","N/A","10","10","2366","292","2024-09-25T19:16:13Z","2018-08-31T17:42:48Z"
"*/github.com/*/raw/main/*.RGS*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.RGS.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.run*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.run.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/PortQry.exe*",".{0,1000}\/PortQry\.exe.{0,1000}","greyware_tool_keyword","PortQry","Microsoft port scanning tool abused by threat actors","T1046 - T1016 - T1049","TA0007","N/A","APT15","Discovery","https://www.microsoft.com/en-us/download/details.aspx?id=17148","1","1","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*/PortQryV2.exe*",".{0,1000}\/PortQryV2\.exe.{0,1000}","greyware_tool_keyword","PortQry","Microsoft port scanning tool abused by threat actors","T1046 - T1016 - T1049","TA0007","N/A","APT15","Discovery","https://www.microsoft.com/en-us/download/details.aspx?id=17148","1","1","N/A","N/A","6","7","N/A","N/A","N/A","N/A"
"*/portr.exe*",".{0,1000}\/portr\.exe.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr.git*",".{0,1000}\/portr\.git.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr/releases*",".{0,1000}\/portr\/releases.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_*_Darwin_arm64.zip*",".{0,1000}\/portr_.{0,1000}_Darwin_arm64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_*_Darwin_x86_64.zip*",".{0,1000}\/portr_.{0,1000}_Darwin_x86_64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_*_Linux_arm64.zip*",".{0,1000}\/portr_.{0,1000}_Linux_arm64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_*_Linux_x86_64.zip*",".{0,1000}\/portr_.{0,1000}_Linux_x86_64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_*_Windows_arm64.zip*",".{0,1000}\/portr_.{0,1000}_Windows_arm64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_*_Windows_x86_64.zip*",".{0,1000}\/portr_.{0,1000}_Windows_x86_64\.zip.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/portr_admin/*.py*",".{0,1000}\/portr_admin\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*/github.com/*/raw/main/*.scpt*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.scpt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/privoxy.exe*",".{0,1000}\/privoxy\.exe.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58506","16396","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/Procdump.zip*",".{0,1000}\/Procdump\.zip.{0,1000}","greyware_tool_keyword","Procdump","dump lsass process with procdump","T1003.001","TA0006","N/A","LockBit - Kimsuky - Conti - Quantum - PYSA - NetWalker - 8BASE - APT1 - APT15 - APT20 - APT27 - APT28 - Antlion - FIN13 - GOBLIN PANDA - Lazarus Group - PowerPool - PARINACOTA - Scattered Spider - BERSERK BEAR - Dispossessor","Credential Access","https://learn.microsoft.com/en-us/sysinternals/downloads/procdump","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/processhacker-*-bin.zip*",".{0,1000}\/processhacker\-.{0,1000}\-bin\.zip.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/processhacker/files/latest/download*",".{0,1000}\/processhacker\/files\/latest\/download.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*/ProduKey.exe*",".{0,1000}\/ProduKey\.exe.{0,1000}","greyware_tool_keyword","produkey","ProduKey is a small utility that displays the ProductID and the CD-Key of Microsoft Office (Microsoft Office 2003. Microsoft Office 2007). Windows (Including Windows 8/7/Vista). Exchange Server. and SQL Server installed on your computer. You can view this information for your current running operating system. or for another operating system/computer - by using command-line options. This utility can be useful if you lost the product key of your Windows/Office. and you want to reinstall it on your computer.","T1003.001 - T1003.002 - T1012 - T1057 - T1518","TA0006 - TA0007 - TA0009","N/A","Evilnum","Credential Access","https://www.nirsoft.net/utils/product_cd_key_viewer.html","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/Proxifier.exe*",".{0,1000}\/Proxifier\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/ProxifierPE.zip*",".{0,1000}\/ProxifierPE\.zip.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/ProxifierSetup.exe*",".{0,1000}\/ProxifierSetup\.exe.{0,1000}","greyware_tool_keyword","Proxifier","allows to proxy connections for programs","T1090 - T1071 - T1078.003","TA0005","N/A","Scattered Spider* - Proxifier","Defense Evasion","https://www.proxifier.com/download/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/ps2exe.ps1*",".{0,1000}\/ps2exe\.ps1.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","212","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*/pslist.exe*",".{0,1000}\/pslist\.exe.{0,1000}","greyware_tool_keyword","pslist","Microsoft sysinternal comandline tool to list running process abused by threat actors","T1057 - T1012 - T1106","TA0007","N/A","APT10 - APT15 - APT33 - APT34 - Sandworm - APT35 - CHRYSENE - menuPass - GhostEmperor - Magnallium - Elfin","Discovery","https://learn.microsoft.com/pt-br/sysinternals/downloads/pslist","1","1","N/A","N/A","3","9","N/A","N/A","N/A","N/A"
"*/pslist64.exe*",".{0,1000}\/pslist64\.exe.{0,1000}","greyware_tool_keyword","pslist","Microsoft sysinternal comandline tool to list running process abused by threat actors","T1057 - T1012 - T1106","TA0007","N/A","APT10 - APT15 - APT33 - APT34 - Sandworm - APT35 - CHRYSENE - menuPass - GhostEmperor - Magnallium - Elfin","Discovery","https://learn.microsoft.com/pt-br/sysinternals/downloads/pslist","1","1","N/A","N/A","3","9","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.script*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.script.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/pulseway_x64.deb*",".{0,1000}\/pulseway_x64\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Pulseway_x64.msi*",".{0,1000}\/Pulseway_x64\.msi.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/pulseway_x86.deb*",".{0,1000}\/pulseway_x86\.deb.{0,1000}","greyware_tool_keyword","Pulseway","Pulseway - remote monitoring and management tool designed for IT administrators to monitor and manage their IT systems and infrastructure remotely - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.pulseway.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/py2exe/*",".{0,1000}\/py2exe\/.{0,1000}","greyware_tool_keyword","py2exe","py2exe allows you to convert Python scripts into standalone executable files for Windows othen used by attacker","T1027.002 - T1045 - T1059.001 - T1587.001","TA0005 - TA0042","Operation Wocao","N/A","Resource Development","https://github.com/py2exe/py2exe","1","1","N/A","greyware_tools high risks of false positives","N/A","9","882","101","2024-11-12T19:44:34Z","2019-03-11T13:16:35Z"
"*/github.com/*/raw/main/*.sct*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.sct.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.sh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.sh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/pyjam.as/tunnel*",".{0,1000}\/pyjam\.as\/tunnel.{0,1000}","greyware_tool_keyword","tunnel","SSL-terminated ephemeral HTTP tunnels to your local machine","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://gitlab.com/pyjam.as/tunnel","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/PyPagekite.git*",".{0,1000}\/PyPagekite\.git.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/PyPagekite/tarball/*",".{0,1000}\/PyPagekite\/tarball\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/PyPagekite/zipball/*",".{0,1000}\/PyPagekite\/zipball\/.{0,1000}","greyware_tool_keyword","PyPagekite","This is pagekite.py a fast and reliable tool to make localhost servers visible to the public Internet.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/pagekite/PyPagekite","1","1","N/A","N/A","10","10","725","123","2024-08-13T23:59:19Z","2010-10-23T00:03:37Z"
"*/pyshark.git*",".{0,1000}\/pyshark\.git.{0,1000}","greyware_tool_keyword","pyshark","Python wrapper for tshark allowing python packet parsing using wireshark dissectors","T1040 - T1213 - T1105 - T1572","TA0009 - TA0007","N/A","N/A","Discovery","https://github.com/KimiNewt/pyshark","1","1","N/A","N/A","6","10","2266","427","2024-12-04T15:41:20Z","2013-12-28T14:38:22Z"
"*/github.com/*/raw/main/*.ssh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ssh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.sys*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.sys.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/Quasar.git*",".{0,1000}\/Quasar\.git.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy - Earth Berberoka - APT33 - APT32 - Operation C-Major - QUILTED TIGER - Molerats","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8827","2490","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*/Quasar.v*.zip*",".{0,1000}\/Quasar\.v.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy - Earth Berberoka - APT33 - APT32 - Operation C-Major - QUILTED TIGER - Molerats","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8827","2490","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*/Quasar/releases*",".{0,1000}\/Quasar\/releases.{0,1000}","greyware_tool_keyword","Quasar","Open-Source Remote Administration Tool for Windows. Quasar is a fast and light-weight remote administration tool coded in C#.","T1548.002 - T1547.001 - T1059.003 - T1555 - T1005 - T1573.001 - T1564.001 - T1564.003 - T1105 - T1056.001 - T1112 - T1095 - T1571 - T1090 - T1021.001 - T1053.005 - T1553.002 - T1082 - T1614 - T1016 - T1033 - T1552.001 - T1125","TA0002 - TA0003 - TA0005 - TA0006 - TA0008 - TA0009 - TA0011 - TA0040","N/A","Patchwork - LazyScripter - Gorgon Group - menuPass - BackdoorDiplomacy - Earth Berberoka - APT33 - APT32 - Operation C-Major - QUILTED TIGER - Molerats","RMM","https://github.com/quasar/Quasar","1","1","N/A","N/A","N/A","10","8827","2490","2024-02-29T06:37:37Z","2014-07-08T12:27:59Z"
"*/Quick Assist Installer.exe*",".{0,1000}\/Quick\sAssist\sInstaller\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","LokiBot","Black Basta","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Quick%20Assist%20Installer.exe*",".{0,1000}\/Quick\%20Assist\%20Installer\.exe.{0,1000}","greyware_tool_keyword","QuickAssist","Sharing remote desktop with Microsoft Quick assit","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","LokiBot","Black Basta","RMM","https://apps.microsoft.com/detail/9p7bp5vnwkx5","1","1","N/A","Quick assist could be preinstalled in some Windows versions","10","10","N/A","N/A","N/A","N/A"
"*/Radmin.exe*",".{0,1000}\/Radmin\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Radmin_Server_*.msi*",".{0,1000}\/Radmin_Server_.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Radmin_Viewer_*.msi*",".{0,1000}\/Radmin_Viewer_.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/Radmin_VPN_1.*.exe*",".{0,1000}\/Radmin_VPN_1\..{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rathole.exe",".{0,1000}\/rathole\.exe","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole.git*",".{0,1000}\/rathole\.git.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole/src/*",".{0,1000}\/rathole\/src\/.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-aarch64-*",".{0,1000}\/rathole\-aarch64\-.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-arm*",".{0,1000}\/rathole\-arm.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-main/*",".{0,1000}\/rathole\-main\/.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-mipsel-*",".{0,1000}\/rathole\-mipsel\-.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/rathole-x86_64*",".{0,1000}\/rathole\-x86_64.{0,1000}","greyware_tool_keyword","rathole"," expose the service on the device behind the NAT to the Internet, via a server with a public IP.","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/rapiz1/rathole","1","1","N/A","N/A","10","10","9883","495","2024-07-06T20:09:48Z","2021-12-14T05:03:07Z"
"*/raw/main/gsocket/*",".{0,1000}\/raw\/main\/gsocket\/.{0,1000}","greyware_tool_keyword","gsocket","The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/hackerschoice/gsocket","1","1","N/A","N/A","10","10","1549","132","2024-12-05T00:41:10Z","2020-09-18T16:14:22Z"
"*/github.com/*/raw/main/*.teamserver*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.teamserver.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.temp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.temp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.tgz*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.tmp*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.tmp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.vb*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.vb.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.vbs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/rdpscan.git*",".{0,1000}\/rdpscan\.git.{0,1000}","greyware_tool_keyword","rdpscan","A quick scanner for the CVE-2019-0708 ""BlueKeep"" vulnerability","T1210 - T1046","TA0001 - TA0008","N/A","Dispossessor","Discovery","https://github.com/robertdavidgraham/rdpscan","1","1","N/A","N/A","6","9","898","242","2019-06-22T21:48:45Z","2019-05-23T22:50:12Z"
"*/rdpscan-macos.zip*",".{0,1000}\/rdpscan\-macos\.zip.{0,1000}","greyware_tool_keyword","rdpscan","A quick scanner for the CVE-2019-0708 ""BlueKeep"" vulnerability","T1210 - T1046","TA0001 - TA0008","N/A","Dispossessor","Discovery","https://github.com/robertdavidgraham/rdpscan","1","1","N/A","N/A","6","9","898","242","2019-06-22T21:48:45Z","2019-05-23T22:50:12Z"
"*/rdpscan-windows.zip*",".{0,1000}\/rdpscan\-windows\.zip.{0,1000}","greyware_tool_keyword","rdpscan","A quick scanner for the CVE-2019-0708 ""BlueKeep"" vulnerability","T1210 - T1046","TA0001 - TA0008","N/A","Dispossessor","Discovery","https://github.com/robertdavidgraham/rdpscan","1","1","N/A","N/A","6","9","898","242","2019-06-22T21:48:45Z","2019-05-23T22:50:12Z"
"*/RDPWInst.exe*",".{0,1000}\/RDPWInst\.exe.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14820","3848","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/RDPWInst-v*.msi*",".{0,1000}\/RDPWInst\-v.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14820","3848","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/rdpwrap.dll*",".{0,1000}\/rdpwrap\.dll.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14820","3848","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/rdpwrap.git*",".{0,1000}\/rdpwrap\.git.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14820","3848","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/RDPWrap-v*.zip*",".{0,1000}\/RDPWrap\-v.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","rdpwrap","RDP Wrapper Library used by malwares","T1021","TA0008","N/A","N/A","Lateral Movement","https://github.com/stascorp/rdpwrap","1","1","N/A","N/A","10","10","14820","3848","2024-06-18T15:08:33Z","2014-10-22T23:18:28Z"
"*/github.com/*/raw/main/*.vbscript*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.vbscript.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/RedTeaming-Tactics-and-Techniques.git*",".{0,1000}\/RedTeaming\-Tactics\-and\-Techniques\.git.{0,1000}","greyware_tool_keyword","ired.team","Red Teaming Tactics and Techniques","T1593.003","TA0043","N/A","N/A","Reconnaissance","https://github.com/mantvydasb/RedTeaming-Tactics-and-Techniques","1","1","N/A","N/A","7","10","4080","1064","2024-08-22T07:17:31Z","2019-03-02T13:33:33Z"
"*/github.com/*/raw/main/*.ws*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.ws.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.wsf*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.wsf.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/release/gt-win-x86_64.exe*",".{0,1000}\/release\/gt\-win\-x86_64\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","123","34","2024-10-30T00:37:47Z","2021-11-29T03:09:56Z"
"*/release/sshx-server*",".{0,1000}\/release\/sshx\-server.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","6021","192","2024-11-11T15:42:34Z","2022-02-12T23:29:33Z"
"*/releases/download/Ahk2Exe*",".{0,1000}\/releases\/download\/Ahk2Exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*/RemCom.exe*",".{0,1000}\/RemCom\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","APT33 - TA558 - The Gorgon Group - Common Raven - APT-C-36 - Operation Comando ","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","340","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*/RemCom.git*",".{0,1000}\/RemCom\.git.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","APT33 - TA558 - The Gorgon Group - Common Raven - APT-C-36 - Operation Comando ","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","340","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*/RemComSvc.exe*",".{0,1000}\/RemComSvc\.exe.{0,1000}","greyware_tool_keyword","RemCom","Remote Command Executor: A OSS replacement for PsExec and RunAs","T1077 - T1059 - T1021 - T1569.002","TA0002 - TA0005 - TA0008","N/A","APT33 - TA558 - The Gorgon Group - Common Raven - APT-C-36 - Operation Comando ","Lateral Movement","https://github.com/kavika13/RemCom","1","1","N/A","N/A","10","4","340","94","2017-10-30T04:48:38Z","2011-11-09T11:00:09Z"
"*/Remote.It-Installer-*",".{0,1000}\/Remote\.It\-Installer\-.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/RemoteControlSetup.exe*",".{0,1000}\/RemoteControlSetup\.exe.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemoteDesktop.exe*",".{0,1000}\/RemoteDesktop\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remoteit.exe*",".{0,1000}\/remoteit\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/remoteit.x86-win.exe*",".{0,1000}\/remoteit\.x86\-win\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/remoteit/connectd/releases*",".{0,1000}\/remoteit\/connectd\/releases.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*/remoteit/desktop*",".{0,1000}\/remoteit\/desktop.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/remoteit-desktop.exe*",".{0,1000}\/remoteit\-desktop\.exe.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/desktop","1","1","N/A","N/A","10","10","42","11","2024-11-26T19:36:31Z","2019-01-12T00:59:20Z"
"*/remotemoe.git*",".{0,1000}\/remotemoe\.git.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","278","31","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*/remotepc.deb*",".{0,1000}\/remotepc\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepc.deb*",".{0,1000}\/remotepc\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.exe*",".{0,1000}\/RemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.exe*",".{0,1000}\/RemotePC\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.lnk*",".{0,1000}\/RemotePC\.lnk.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePC.tmp*",".{0,1000}\/RemotePC\.tmp.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepc-attended.deb*",".{0,1000}\/remotepc\-attended\.deb.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePCAttended.dmg*",".{0,1000}\/RemotePCAttended\.dmg.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepclauncher.exe*",".{0,1000}\/remotepclauncher\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePCSuite.dmg*",".{0,1000}\/RemotePCSuite\.dmg.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/remotepcuiu.exe*",".{0,1000}\/remotepcuiu\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RemotePCViewer.msi*",".{0,1000}\/RemotePCViewer\.msi.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.wsh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.wsh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.X86*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.X86.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.X86_64*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.X86_64.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.xlam*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.xlam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.xlm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.xlm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/reverse-tunnel.git*",".{0,1000}\/reverse\-tunnel\.git.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/reverse-tunnel/agent/cmd*",".{0,1000}\/reverse\-tunnel\/agent\/cmd.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/reverse-tunnel/server/service*",".{0,1000}\/reverse\-tunnel\/server\/service.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/RevoUninProSetup.exe*",".{0,1000}\/RevoUninProSetup\.exe.{0,1000}","greyware_tool_keyword","RevoUninstaller","legitimate tool abused by the Dispossessor ransomware group","T1562.001 - T1112 - T1059 - T1036","TA0005 - TA0040","N/A","Dispossessor","Defense Evasion","https://vx-underground.org/Archive/Dispossessor%20Leaks","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rfusclient.exe*",".{0,1000}\/rfusclient\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rmm/api/tacticalrmm/*",".{0,1000}\/rmm\/api\/tacticalrmm\/.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/rmm-installer.ps1*",".{0,1000}\/rmm\-installer\.ps1.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/RpcDND_Console.exe*",".{0,1000}\/RpcDND_Console\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rpcdownloader.exe*",".{0,1000}\/rpcdownloader\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RPCFireWallRule.exe*",".{0,1000}\/RPCFireWallRule\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rpcperfviewer.exe*",".{0,1000}\/rpcperfviewer\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/RPCProxyLatency.exe*",".{0,1000}\/RPCProxyLatency\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rserver3.exe*",".{0,1000}\/rserver3\.exe.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rsocks.git*",".{0,1000}\/rsocks\.git.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","81","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rsocks/releases/download/*",".{0,1000}\/rsocks\/releases\/download\/.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","81","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rsocks_linux_amd64*",".{0,1000}\/rsocks_linux_amd64.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","81","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rsocks_windows_386.exe*",".{0,1000}\/rsocks_windows_386\.exe.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","81","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*/rtun-freebsd-amd64*",".{0,1000}\/rtun\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-linux-amd64*",".{0,1000}\/rtun\-linux\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-linux-arm64*",".{0,1000}\/rtun\-linux\-arm64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-mac-amd64*",".{0,1000}\/rtun\-mac\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-freebsd-amd64*",".{0,1000}\/rtun\-server\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-linux-amd64*",".{0,1000}\/rtun\-server\-linux\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-linux-arm64*",".{0,1000}\/rtun\-server\-linux\-arm64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-mac-amd64*",".{0,1000}\/rtun\-server\-mac\-amd64.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-server-windows-amd64.exe*",".{0,1000}\/rtun\-server\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/rtun-windows-amd64.exe*",".{0,1000}\/rtun\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*/RustDesk.exe*",".{0,1000}\/RustDesk\.exe.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","77219","10497","2024-12-07T14:34:54Z","2020-09-28T15:36:08Z"
"*/rustdesk.git*",".{0,1000}\/rustdesk\.git.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","77219","10497","2024-12-07T14:34:54Z","2020-09-28T15:36:08Z"
"*/rustdesk/rustdesk/releases/*",".{0,1000}\/rustdesk\/rustdesk\/releases\/.{0,1000}","greyware_tool_keyword","RustDesk","Rustdesk open suorce remote control software abused by scammers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","Akira - Scattered Spider*","RMM","https://github.com/rustdesk/rustdesk","1","1","N/A","N/A","10","10","77219","10497","2024-12-07T14:34:54Z","2020-09-28T15:36:08Z"
"*/rutserv.exe*",".{0,1000}\/rutserv\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/rutview.exe*",".{0,1000}\/rutview\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/sdelete.exe*",".{0,1000}\/sdelete\.exe.{0,1000}","greyware_tool_keyword","sdelete","SDelete is an application that securely deletes data in a way that makes it unrecoverable.- abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Sandworm - Cobalt Group - FIN5 - Silence - BOSS SPIDER","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/SDelete.zip*",".{0,1000}\/SDelete\.zip.{0,1000}","greyware_tool_keyword","sdelete","SDelete is an application that securely deletes data in a way that makes it unrecoverable.- abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Sandworm - Cobalt Group - FIN5 - Silence - BOSS SPIDER","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/sdelete64.exe*",".{0,1000}\/sdelete64\.exe.{0,1000}","greyware_tool_keyword","sdelete","SDelete is an application that securely deletes data in a way that makes it unrecoverable.- abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Sandworm - Cobalt Group - FIN5 - Silence - BOSS SPIDER","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/sdelete64a.exe*",".{0,1000}\/sdelete64a\.exe.{0,1000}","greyware_tool_keyword","sdelete","delete one or more files and/or directories, or to cleanse the free space on a logical disk - abused by attackers","T1485 - T1070.004","TA0005 - TA0040 ","N/A","APT29 - Sandworm - Cobalt Group - FIN5 - Silence - BOSS SPIDER","Defense Evasion","https://learn.microsoft.com/en-us/sysinternals/downloads/sdelete","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.xlsm*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.xlsm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/main/*.zip*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/main\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.7z*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.7z.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/SetACL.exe*",".{0,1000}\/SetACL\.exe.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/SetACL64..exe*",".{0,1000}\/SetACL64\.\.exe.{0,1000}","greyware_tool_keyword","SetACL","Manage Windows permissions from the command line","T1069 - T1222","TA0002 - TA0004 - TA0005","N/A","N/A","Defense Evasion","https://helgeklein.com/download/","1","1","N/A","N/A","6","10","N/A","N/A","N/A","N/A"
"*/set-proxy.ps1*",".{0,1000}\/set\-proxy\.ps1.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/Shadowsocks-*.zip*",".{0,1000}\/Shadowsocks\-.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58506","16396","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/Shadowsocks.zip*",".{0,1000}\/Shadowsocks\.zip.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58506","16396","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/shadowsocks-rust.default*",".{0,1000}\/shadowsocks\-rust\.default.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.git*",".{0,1000}\/shadowsocks\-rust\.git.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.init*",".{0,1000}\/shadowsocks\-rust\.init.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/shadowsocks-rust.service*",".{0,1000}\/shadowsocks\-rust\.service.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/shadowsocks-service*",".{0,1000}\/shadowsocks\-service.{0,1000}","greyware_tool_keyword","shadowsocks","Rust port - shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-rust","1","1","N/A","N/A","10","10","8751","1194","2024-12-07T22:26:08Z","2014-10-15T11:02:36Z"
"*/shadowsocks-windows.git*",".{0,1000}\/shadowsocks\-windows\.git.{0,1000}","greyware_tool_keyword","shadowsocks","shadowsocks is a fast tunnel proxy that helps you bypass firewalls","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/shadowsocks/shadowsocks-windows","1","1","N/A","N/A","10","10","58506","16396","2024-08-20T09:02:57Z","2013-01-14T07:54:16Z"
"*/github.com/*/raw/refs/heads/*.apk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.apk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.bat*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.cmd*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.com*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.com.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.cpl*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.cpl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/simplehelper64.exe*",".{0,1000}\/simplehelper64\.exe.{0,1000}","greyware_tool_keyword","SimpleHelp","SimpleHelp is an RMM tool that has been exploited by attackers to gain unauthorized remote access ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackCat","RMM","simple-help.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/SirTunnel.git*",".{0,1000}\/SirTunnel\.git.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1364","114","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*/sirtunnel.py*",".{0,1000}\/sirtunnel\.py.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1364","114","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*/sish.git*",".{0,1000}\/sish\.git.{0,1000}","greyware_tool_keyword","sish","HTTP(S)/WS(S)/TCP Tunnels to localhost using only SSH.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/antoniomika/sish","1","1","N/A","N/A","10","10","4047","311","2024-11-28T13:21:01Z","2019-02-15T15:36:23Z"
"*/github.com/*/raw/refs/heads/*.dll*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/SolarWinds-Dameware-DRS-St.exe*",".{0,1000}\/SolarWinds\-Dameware\-DRS\-St\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Mini Remote Control tool ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","Dameware Remote Support","10","10","N/A","N/A","N/A","N/A"
"*/sources.list.d/tailscale.list*",".{0,1000}\/sources\.list\.d\/tailscale\.list.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/github.com/*/raw/refs/heads/*.exe*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/sshtunnel.git*",".{0,1000}\/sshtunnel\.git.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1234","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel.py*",".{0,1000}\/sshtunnel\.py.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1234","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel/tarball/*",".{0,1000}\/sshtunnel\/tarball\/.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1234","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshtunnel/zipball/*",".{0,1000}\/sshtunnel\/zipball\/.{0,1000}","greyware_tool_keyword","sshtunnel","SSH tunnels to remote server","T1572 - T1219","TA0005 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://github.com/pahaz/sshtunnel","1","1","N/A","N/A","10","10","1234","184","2024-03-10T15:20:42Z","2014-06-11T21:14:05Z"
"*/sshuttle.git*",".{0,1000}\/sshuttle\.git.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*/sshuttle.py*",".{0,1000}\/sshuttle\.py.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*/sshuttle/tarball*",".{0,1000}\/sshuttle\/tarball.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*/sshuttle/zipball*",".{0,1000}\/sshuttle\/zipball.{0,1000}","greyware_tool_keyword","sshuttle","Transparent proxy server that works as a poor man's VPN. Forwards over ssh","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://github.com/sshuttle/sshuttle","1","1","N/A","N/A","10","10","11836","732","2024-12-03T20:16:35Z","2014-09-15T04:51:13Z"
"*/sshx-server/*",".{0,1000}\/sshx\-server\/.{0,1000}","greyware_tool_keyword","sshx","Fast collaborative live terminal sharing over the web","T1021.004 - T1041 - T1059 - T1071.001","TA0002 - TA0009 - TA0011 - TA0010","N/A","N/A","C2","https://github.com/ekzhang/sshx","1","1","N/A","N/A","10","10","6021","192","2024-11-11T15:42:34Z","2022-02-12T23:29:33Z"
"*/stunnel-latest.tar.gz*",".{0,1000}\/stunnel\-latest\.tar\.gz.{0,1000}","greyware_tool_keyword","stunnel","Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs","T1573 - T1071 - T1090","TA0010 - TA0011 - TA0003","N/A","APT37 - APT38 - Kimsuky","C2","https://www.stunnel.org/index.html","1","1","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*/stunnel-latest-android.zip*",".{0,1000}\/stunnel\-latest\-android\.zip.{0,1000}","greyware_tool_keyword","stunnel","Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs","T1573 - T1071 - T1090","TA0010 - TA0011 - TA0003","N/A","APT37 - APT38 - Kimsuky","C2","https://www.stunnel.org/index.html","1","1","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*/stunnel-latest-win64-installer.exe*",".{0,1000}\/stunnel\-latest\-win64\-installer\.exe.{0,1000}","greyware_tool_keyword","stunnel","Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs","T1573 - T1071 - T1090","TA0010 - TA0011 - TA0003","N/A","APT37 - APT38 - Kimsuky","C2","https://www.stunnel.org/index.html","1","1","N/A","N/A","7","8","N/A","N/A","N/A","N/A"
"*/suo5.git*",".{0,1000}\/suo5\.git.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5/releases/*",".{0,1000}\/suo5\/releases\/.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-darwin-amd64*",".{0,1000}\/suo5\-darwin\-amd64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-darwin-arm64*",".{0,1000}\/suo5\-darwin\-arm64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-gui-darwin.app.zip*",".{0,1000}\/suo5\-gui\-darwin\.app\.zip.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-gui-linux*",".{0,1000}\/suo5\-gui\-linux.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-gui-windows.exe*",".{0,1000}\/suo5\-gui\-windows\.exe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-linux-amd64*",".{0,1000}\/suo5\-linux\-amd64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-linux-arm64*",".{0,1000}\/suo5\-linux\-arm64.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/suo5-windows-amd64.exe*",".{0,1000}\/suo5\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*/Supremo.exe*",".{0,1000}\/Supremo\.exe.{0,1000}","greyware_tool_keyword","Supremo","Supremo - Remote access software","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta","RMM","https://www.supremocontrol.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.hta*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.iso*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.jar*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.lnk*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.lnk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/tacticalagent-v*-*.exe*",".{0,1000}\/tacticalagent\-v.{0,1000}\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalagent-v*-linux-arm.exe*",".{0,1000}\/tacticalagent\-v.{0,1000}\-linux\-arm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalagent-v*-windows-amd64.exe*",".{0,1000}\/tacticalagent\-v.{0,1000}\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalrmm.exe*",".{0,1000}\/tacticalrmm\.exe.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalrmm.git*",".{0,1000}\/tacticalrmm\.git.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalrmm/master/install.sh*",".{0,1000}\/tacticalrmm\/master\/install\.sh.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalrmm/releases/latest*",".{0,1000}\/tacticalrmm\/releases\/latest.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tacticalrmm-web.git*",".{0,1000}\/tacticalrmm\-web\.git.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/tailscale.exe*",".{0,1000}\/tailscale\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscale/client/*",".{0,1000}\/tailscale\/client\/.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscale:unstable*",".{0,1000}\/tailscale\:unstable.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscale_*_*.deb*",".{0,1000}\/tailscale_.{0,1000}_.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscale_*_*.tgz*",".{0,1000}\/tailscale_.{0,1000}_.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscaled.defaults*",".{0,1000}\/tailscaled\.defaults.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscaled.go*",".{0,1000}\/tailscaled\.go.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscaled.sock*",".{0,1000}\/tailscaled\.sock.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscale-setup-*-*.msi*",".{0,1000}\/tailscale\-setup\-.{0,1000}\-.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tailscale-setup-*.exe*",".{0,1000}\/tailscale\-setup\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/TDSSKiller.exe*",".{0,1000}\/TDSSKiller\.exe.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/tdsskiller.zip*",".{0,1000}\/tdsskiller\.zip.{0,1000}","greyware_tool_keyword","TDSKiller","TDSKiller detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","LockBit - Avaddon","Defense Evasion","https://www.majorgeeks.com/files/details/kaspersky_tdsskiller.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*/test_tailscale.sh*",".{0,1000}\/test_tailscale\.sh.{0,1000}","greyware_tool_keyword","tailscale","Tailscale connects your team's devices and development environments for easy access to remote resources.","T1021 - T1573 ","TA0005 - TA0001 - TA0010 ","N/A","Scattered Spider*","Defense Evasion","https://github.com/tailscale/tailscale","1","1","N/A","N/A","9","10","19721","1550","2024-12-06T21:22:02Z","2020-01-31T22:00:03Z"
"*/tightvnc-*.msi*",".{0,1000}\/tightvnc\-.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","tightvnc","TightVNC is a free and Open Source remote desktop software that lets you access and control a computer over the network - often abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.tightvnc.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tkc_agent_dre.deb*",".{0,1000}\/tkc_agent_dre\.deb.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/tmate-ssh-server.*",".{0,1000}\/tmate\-ssh\-server\..{0,1000}","greyware_tool_keyword","tmate","Instant terminal sharing","T1071 - T1105 - T1573 - T1021","TA0010 - TA0011 - TA0008 - TA0002","N/A","WatchDog","C2","https://github.com/tmate-io/tmate-ssh-server","1","1","N/A","N/A","10","10","630","147","2024-06-21T11:52:24Z","2013-06-09T23:58:55Z"
"*/tmate-ssh-server.git*",".{0,1000}\/tmate\-ssh\-server\.git.{0,1000}","greyware_tool_keyword","tmate","Instant terminal sharing","T1071 - T1105 - T1573 - T1021","TA0010 - TA0011 - TA0008 - TA0002","N/A","WatchDog","C2","https://github.com/tmate-io/tmate-ssh-server","1","1","N/A","N/A","10","10","630","147","2024-06-21T11:52:24Z","2013-06-09T23:58:55Z"
"*/tmate-ssh-server/releases/*",".{0,1000}\/tmate\-ssh\-server\/releases\/.{0,1000}","greyware_tool_keyword","tmate","Instant terminal sharing","T1071 - T1105 - T1573 - T1021","TA0010 - TA0011 - TA0008 - TA0002","N/A","WatchDog","C2","https://github.com/tmate-io/tmate-ssh-server","1","1","N/A","N/A","10","10","630","147","2024-06-21T11:52:24Z","2013-06-09T23:58:55Z"
"*/github.com/*/raw/refs/heads/*.msi*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.pif*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.pif.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.ps1*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.py*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.py.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.reg*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.reg.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.scr*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.scr.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.sh*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.sh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.vbs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.vbs*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.vbs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/github.com/*/raw/refs/heads/*.zip*",".{0,1000}\/github\.com\/.{0,1000}\/raw\/refs\/heads\/.{0,1000}\.zip.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/tunneld.service*",".{0,1000}\/tunneld\.service.{0,1000}","greyware_tool_keyword","go-http-tunnel","Fast and secure tunnels over HTTP/2","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/mmatczuk/go-http-tunnel","1","1","N/A","N/A","10","10","3247","308","2024-04-19T12:25:30Z","2016-10-12T12:59:38Z"
"*/tunneller.git*",".{0,1000}\/tunneller\.git.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller/releases/*",".{0,1000}\/tunneller\/releases\/.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-amd64*",".{0,1000}\/tunneller\-darwin\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-darwin-i386*",".{0,1000}\/tunneller\-darwin\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-amd64*",".{0,1000}\/tunneller\-freebsd\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-freebsd-i386*",".{0,1000}\/tunneller\-freebsd\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-amd64*",".{0,1000}\/tunneller\-linux\-amd64.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunneller-linux-i386*",".{0,1000}\/tunneller\-linux\-i386.{0,1000}","greyware_tool_keyword","tunneller","Tunneller allows you to expose services which are running on localhost or on your local network to the public internet.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/skx/tunneller","1","1","N/A","N/A","10","10","478","41","2024-08-13T07:36:22Z","2019-04-21T11:05:11Z"
"*/tunnelmole-client.git*",".{0,1000}\/tunnelmole\-client\.git.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1288","80","2024-11-26T09:03:11Z","2023-02-08T08:27:57Z"
"*/tunnelmole-service*",".{0,1000}\/tunnelmole\-service.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1288","80","2024-11-26T09:03:11Z","2023-02-08T08:27:57Z"
"*/tunnelmole-service.git*",".{0,1000}\/tunnelmole\-service\.git.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1288","80","2024-11-26T09:03:11Z","2023-02-08T08:27:57Z"
"*/tunnelto.git*",".{0,1000}\/tunnelto\.git.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto/releases/latest*",".{0,1000}\/tunnelto\/releases\/latest.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto_server*",".{0,1000}\/tunnelto_server.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunnelto_server/*",".{0,1000}\/tunnelto_server\/.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/tunwg.exe*",".{0,1000}\/tunwg\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*/tunwg.git*",".{0,1000}\/tunwg\.git.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*/tunwg@latest*",".{0,1000}\/tunwg\@latest.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*/tunwg-arm64.exe*",".{0,1000}\/tunwg\-arm64\.exe.{0,1000}","greyware_tool_keyword","tunwg","End to end encrypted secure tunnel to local servers","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ntnj/tunwg","1","1","N/A","N/A","10","10","226","9","2024-09-18T15:03:45Z","2023-01-16T17:51:13Z"
"*/unlocker-setup.exe*",".{0,1000}\/unlocker\-setup\.exe.{0,1000}","greyware_tool_keyword","IObitUnlocker","unlocking locked files on Windows systems","T1222 - T1070 - T1485","TA0005 - TA0040","N/A","PLAY","Defense Evasion","https://www.iobit.com/en/iobit-unlocker.php#","1","1","N/A","often used legitimatly - admin tool","5","9","N/A","N/A","N/A","N/A"
"*codeload.github.com/*",".{0,1000}codeload\.github\.com\/.{0,1000}","greyware_tool_keyword","github","Github executables download initiated - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*objects.githubusercontent.com/github-production-release-asset-*",".{0,1000}objects\.githubusercontent\.com\/github\-production\-release\-asset\-.{0,1000}","greyware_tool_keyword","github","Github executables download initiated - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.7z*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.7z.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/uvs_v415eng.zip*",".{0,1000}\/uvs_v415eng\.zip.{0,1000}","greyware_tool_keyword","Universal Virus Sniffer","Universal Virus Sniffer detect and remove malware - including rootkits but is also abused by attackers to disable antivirus","T1562 - T1055 - T1070","TA0005 - TA0004","N/A","Phobos","Defense Evasion","https://www.majorgeeks.com/files/details/universal_virus_sniffer.html","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.apk*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.apk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/vbs2exe.exe*",".{0,1000}\/vbs2exe\.exe.{0,1000}","greyware_tool_keyword","redpill","Assist reverse tcp shells in post-exploration tasks","T1082 - T1016 - T1049 - T1057 - T1489 - T1070 - T1562 - T1563 - T1119 - T1518 - T1602 - T1530 - T1113 - T1125 - T1105 - T1133 - T1056 - T1114 - T1539 - T1552 - T1214 - T1110 - T1040 - T1436 - T1068 - T1088 - T1564 - T1112 - T1547 - T1574 - T1204 - T1215 - T1046 - T1557 - T1136 - T1059 - T1127 - T1555 - T1548 - T1115 - T1003","TA0007 - TA0003 - TA0005 - TA0009 - TA0002 - TA0006 - TA0004 - TA0010 - TA0011","N/A","N/A","Exploitation tool","https://github.com/r00t-3xp10it/redpill","1","1","N/A","N/A","10","3","212","52","2024-03-19T15:03:16Z","2021-02-20T23:59:07Z"
"*/viewerhostkeypopup.exe*",".{0,1000}\/viewerhostkeypopup\.exe.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC RMM tool - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.remotedesktop.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.app*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.app.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.as*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.as.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.asc*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.asc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/VPDAgent.exe*",".{0,1000}\/VPDAgent\.exe.{0,1000}","greyware_tool_keyword","RemoteUtilities","RemoteUtilities Remote Access softwares","T1021 - T1083 - T1113 - T1218.007 - T1105 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","RagnarLocker - MuddyWater - UAC-0050","RMM","https://www.remoteutilities.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/VSAX_x64.msi*",".{0,1000}\/VSAX_x64\.msi.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/vsxrc-clip.exe*",".{0,1000}\/vsxrc\-clip\.exe.{0,1000}","greyware_tool_keyword","kaseya VSA","Kaseya VSA (Virtual System Administrator) is a cloud-based IT management and remote monitoring software designed for managed service providers (MSPs) and IT departments -it is abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.kaseya.com/products/vsa/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/webhook.site.git*",".{0,1000}\/webhook\.site\.git.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","N/A","10","10","5512","428","2024-10-16T08:45:00Z","2016-03-21T08:45:42Z"
"*/webvulnscan1*.exe*",".{0,1000}\/webvulnscan1.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Acunetix Web Vulnerability Scanner","Vulnerability Scanner abused by threat actors","T1190 - T1046 - T1210 - T1213","TA0001 - TA0008 - TA0009","N/A","Clever Kitten - EMBER BEAR","Vulnerability Scanner","https://www.acunetix.com/vulnerability-scanner/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/webvulnscan2*.exe*",".{0,1000}\/webvulnscan2.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Acunetix Web Vulnerability Scanner","Vulnerability Scanner abused by threat actors","T1190 - T1046 - T1210 - T1213","TA0001 - TA0008 - TA0009","N/A","Clever Kitten - EMBER BEAR","Vulnerability Scanner","https://www.acunetix.com/vulnerability-scanner/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*/webvulnscan3*.exe*",".{0,1000}\/webvulnscan3.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","Acunetix Web Vulnerability Scanner","Vulnerability Scanner abused by threat actors","T1190 - T1046 - T1210 - T1213","TA0001 - TA0008 - TA0009","N/A","Clever Kitten - EMBER BEAR","Vulnerability Scanner","https://www.acunetix.com/vulnerability-scanner/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.asp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.asp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bash*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bash.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","#linux","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/Win7Taskbar.dll*",".{0,1000}\/Win7Taskbar\.dll.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta - Moskalvzapoe","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bat*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/Wireguard.zip*",".{0,1000}\/Wireguard\.zip.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wireguard-amd64-*.msi*",".{0,1000}\/wireguard\-amd64\-.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wireguard-installer.exe*",".{0,1000}\/wireguard\-installer\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wireguard-installer.rar*",".{0,1000}\/wireguard\-installer\.rar.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wireproxy.conf*",".{0,1000}\/wireproxy\.conf.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wireproxy.git*",".{0,1000}\/wireproxy\.git.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wireproxy.service*",".{0,1000}\/wireproxy\.service.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wireproxy/releases/*",".{0,1000}\/wireproxy\/releases\/.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wireproxy_darwin*",".{0,1000}\/wireproxy_darwin.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wireproxy_linux_*",".{0,1000}\/wireproxy_linux_.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wireproxy_windows*",".{0,1000}\/wireproxy_windows.{0,1000}","greyware_tool_keyword","wireproxy","Wireguard client that exposes itself as a socks5 proxy","T1572 - T1090 - T1071.004","TA0011 - TA0005","N/A","N/A","C2","https://github.com/pufferffish/wireproxy","1","1","N/A","N/A","10","10","4572","272","2024-09-03T20:21:40Z","2022-03-11T12:32:10Z"
"*/wiretap.Dockerfile*",".{0,1000}\/wiretap\.Dockerfile.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap.exe*",".{0,1000}\/wiretap\.exe.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap.git*",".{0,1000}\/wiretap\.git.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap/releases/download/*",".{0,1000}\/wiretap\/releases\/download\/.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_386.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_386\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_amd64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_arm64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_linux_armv6.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_linux_armv6\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_386.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_386\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_amd64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_amd64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_arm64.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_arm64\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*/wiretap_*_windows_armv6.tar.gz*",".{0,1000}\/wiretap_.{0,1000}_windows_armv6\.tar\.gz.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*raw.githubusercontent.com*.beacon*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.beacon.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bin*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bin.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.bpl*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.bpl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/x86_64-pc-windows-msvc/release/gt.exe*",".{0,1000}\/x86_64\-pc\-windows\-msvc\/release\/gt\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","123","34","2024-10-30T00:37:47Z","2021-11-29T03:09:56Z"
"*/x86_64-pc-windows-msvc/release/gt.exe*",".{0,1000}\/x86_64\-pc\-windows\-msvc\/release\/gt\.exe.{0,1000}","greyware_tool_keyword","gt","Fast WebSocket(s)/HTTP(s)/TCP relay proxy for making tunnels to localhost.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/ao-space/gt","1","1","N/A","N/A","10","10","123","34","2024-10-30T00:37:47Z","2021-11-29T03:09:56Z"
"*/xmrig-*-gcc-win64.zip*",".{0,1000}\/xmrig\-.{0,1000}\-gcc\-win64\.zip.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8852","3477","2024-11-08T06:03:49Z","2017-04-15T05:57:53Z"
"*/xmrig.exe*",".{0,1000}\/xmrig\.exe.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8852","3477","2024-11-08T06:03:49Z","2017-04-15T05:57:53Z"
"*/xmrig.git*",".{0,1000}\/xmrig\.git.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8852","3477","2024-11-08T06:03:49Z","2017-04-15T05:57:53Z"
"*/yak_darwin_amd64.zip*",".{0,1000}\/yak_darwin_amd64\.zip.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/yak_linux_amd64.zip*",".{0,1000}\/yak_linux_amd64\.zip.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/yak_windows_amd64.zip*",".{0,1000}\/yak_windows_amd64\.zip.{0,1000}","greyware_tool_keyword","yakit","security platform with fuzzers - webshell and MITM (chinese burp)","T1557 - T1557.003 - T1569.002","TA0001 - TA0040","N/A","N/A","Sniffing & Spoofing","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","7","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/ZA_Connect.exe*",".{0,1000}\/ZA_Connect\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZAAudioClient.exe*",".{0,1000}\/ZAAudioClient\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZAFileTransfer.exe*",".{0,1000}\/ZAFileTransfer\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/ZAService.exe*",".{0,1000}\/ZAService\.exe.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/zrok.exe*",".{0,1000}\/zrok\.exe.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*/zrok.git*",".{0,1000}\/zrok\.git.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*/zrok.zip*",".{0,1000}\/zrok\.zip.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*/zrok-amd64_darwin_amd64*",".{0,1000}\/zrok\-amd64_darwin_amd64.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*/zrok-arm64_darwin_arm64*",".{0,1000}\/zrok\-arm64_darwin_arm64.{0,1000}","greyware_tool_keyword","zrok","zrok allows users to share tunnels for HTTP TCP and UDP network resources. zrok additionally allows users to easily and rapidly share files - web content and custom resources in a peer-to-peer manner.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/openziti/zrok","1","1","N/A","N/A","10","10","2747","109","2024-12-06T20:00:36Z","2022-07-18T19:14:51Z"
"*:8040/SetupWizard.aspx*",".{0,1000}\:8040\/SetupWizard\.aspx.{0,1000}","greyware_tool_keyword","ScreenConnect","ConnectWise Control formerly known as Screenconnect is a remote desktop software application.","T1021.001 - T1133","TA0008 - TA0009 - TA0010 - TA0011","N/A","Black Basta - BlackCat - LockBit - Scattered Spider* - Hive - Trigona - Medusa - Yanluowang - GOLD SOUTHFIELD - MuddyWater ","RMM","https://screenconnect.connectwise.com/download","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*:8070/tomcat/code/suo5.jsp*",".{0,1000}\:8070\/tomcat\/code\/suo5\.jsp.{0,1000}","greyware_tool_keyword","suo5","http proxy tunneling tool","T1071 - T1073 - T1075 - T1105 - T1571","TA0008 - TA0011","N/A","N/A","C2","https://github.com/zema1/suo5","1","1","N/A","N/A","10","10","2184","202","2024-11-07T07:46:56Z","2022-11-22T11:45:26Z"
"*:9001/proxy/mdmserver1/account*",".{0,1000}\:9001\/proxy\/mdmserver1\/account.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*@email.webhook.site*",".{0,1000}\@email\.webhook\.site.{0,1000}","greyware_tool_keyword","webhook.site","test HTTP webhooks with this handy tool that displays requests instantly - abused by attacker for payload callback confirmation","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/webhooksite/webhook.site","1","1","N/A","N/A","10","10","5512","428","2024-10-16T08:45:00Z","2016-03-21T08:45:42Z"
"*\action1_agent(My_Organization).msi*",".{0,1000}\\action1_agent\(My_Organization\)\.msi.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","product name","10","10","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\Procmon.exe*",".{0,1000}\\AppData\\Local\\Temp\\Procmon\.exe.{0,1000}","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Discovery","N/A","1","1","N/A","greyware tool - risks of False positive !","4","7","N/A","N/A","N/A","N/A"
"*\AppData\Local\Temp\Procmon64.exe*",".{0,1000}\\AppData\\Local\\Temp\\Procmon64\.exe.{0,1000}","greyware_tool_keyword","procmon","Procmon used in user temp folder","T1059.001 - T1036 - T1569.002","TA0002 - TA0006","N/A","N/A","Discovery","N/A","1","1","N/A","greyware tool - risks of False positive !","4","7","N/A","N/A","N/A","N/A"
"*\AppData\Roaming\Telegram Desktop\tdata*",".{0,1000}\\AppData\\Roaming\\Telegram\sDesktop\\tdata.{0,1000}","greyware_tool_keyword","telegram","telegram API usage -given the increasing adoption of Telegram by malware for command and control (C2) operations. it's essential to monitor and restrict its usage within corporate networks and on company devices","T1071.004 - T1102 - T1047","TA0011 - TA0002 - TA0005","N/A","Gamaredon","C2","api.telegram.org","0","1","N/A","High False positive Risk !","1","9","N/A","N/A","N/A","N/A"
"*api.cyberghostvpn.com*",".{0,1000}api\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*\DuckDNS.exe*",".{0,1000}\\DuckDNS\.exe.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*\Eraser 5.8.8.exe",".{0,1000}\\Eraser\s5\.8\.8\.exe","greyware_tool_keyword","eraser","It completely removes sensitive data from your hard drive by overwriting it several times with carefully selected patterns - abusedby attackers for anti forensic","T1070 - T1488 - T1561","TA0005","N/A","BlackSuit - Royal","Defense Evasion","https://sourceforge.net/projects/eraser","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.c",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.c","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*\mzcv.exe*",".{0,1000}\\mzcv\.exe.{0,1000}","greyware_tool_keyword","MozillaCookiesView","nirsoft utility that displays the details of all cookies stored inside the cookies file (cookies.txt or cookies.sqlite) - abused by threat actors","T1070 - T1552.001 - T1125 - T1005","TA0009 - TA0005","N/A","MuddyWater","Credential Access","https://www.nirsoft.net/utils/mzcv.html","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\PAExec.cpp*",".{0,1000}\\PAExec\.cpp.{0,1000}","greyware_tool_keyword","PAExec","PAExec is a freely-redistributable re-implementation of SysInternal/Microsoft's popular PsExec program","T1047 - T1105 - T1204","TA0003 - TA0008 - TA0040","N/A","N/A","Lateral Movement","https://github.com/poweradminllc/PAExec","1","1","N/A","N/A","10","6","543","176","2021-04-15T21:15:34Z","2013-11-13T04:05:27Z"
"*\Process Hacker 2\*",".{0,1000}\\Process\sHacker\s2\\.{0,1000}","greyware_tool_keyword","processhacker","Interactions with a objects present in windows such as threads stack - handles - gpu - services ? can be used by attackers to dump process - create services and process injection","T1055.001 - T1055.012 - T1003.001 - T1056.005","TA0005 - TA0003 - TA0040 - TA0006 - TA0009","N/A","N/A","Persistence","https://processhacker.sourceforge.io/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*\rtun-server-windows-amd64.exe*",".{0,1000}\\rtun\-server\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*\rtun-windows-amd64.exe*",".{0,1000}\\rtun\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","reverse-tunnel","rtun is a tool for exposing TCP and UDP ports to the Internet via a public gateway server. You can expose ssh and mosh server on a machine behind firewall and NAT.","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/snsinfu/reverse-tunnel","1","1","N/A","N/A","10","10","190","39","2023-10-15T07:29:32Z","2018-07-09T21:41:50Z"
"*CyberGhost.exe*",".{0,1000}CyberGhost\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhost.Service.exe*",".{0,1000}CyberGhost\.Service\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*CyberGhostVPNSetup.exe*",".{0,1000}CyberGhostVPNSetup\.exe.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*download.cyberghostvpn.com*",".{0,1000}download\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*feedback.cyberghostvpn.com*",".{0,1000}feedback\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*\WVSScheduler.exe*",".{0,1000}\\WVSScheduler\.exe.{0,1000}","greyware_tool_keyword","Acunetix Web Vulnerability Scanner","Vulnerability Scanner abused by threat actors","T1190 - T1046 - T1210 - T1213","TA0001 - TA0008 - TA0009","N/A","Clever Kitten - EMBER BEAR","Vulnerability Scanner","https://www.acunetix.com/vulnerability-scanner/","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*payment.cyberghostvpn.com*",".{0,1000}payment\.cyberghostvpn\.com.{0,1000}","greyware_tool_keyword","CyberGhost VPN","External VPN usage within coporate network","T1567 - T1090","TA0003 - TA0005 - TA0009 - TA0010 - TA0011","N/A","N/A","Defense Evasion","https://www.cyberghostvpn.com/","1","1","#VPN","N/A","9","8","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cer*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cer.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cmd*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cmd.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.com*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.com.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*159.69.126.209*",".{0,1000}159\.69\.126\.209.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","278","31","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*raw.githubusercontent.com*.cpp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cpp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.crt*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.crt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*3proxy/3proxy*",".{0,1000}3proxy\/3proxy.{0,1000}","greyware_tool_keyword","3proxy","3proxy - tiny free proxy server","T1090 - T1583 - T1001 - T1132","TA0040 - TA0001 - TA0005 - TA0006","N/A","Lazarus Group","Defense Evasion","https://github.com/3proxy/3proxy","1","1","N/A","N/A","8","10","3981","781","2024-09-11T15:34:46Z","2014-04-08T08:59:11Z"
"*-443.devtunnels.ms*",".{0,1000}\-443\.devtunnels\.ms.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.cs*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.cs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.csh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.csh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.dat*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.dat.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.dll*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.dll.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*https://nordvpn.com*/ovpn/*.ovpn*",".{0,1000}https\:\/\/nordvpn\.com.{0,1000}\/ovpn\/.{0,1000}\.ovpn.{0,1000}","greyware_tool_keyword","NordVPN","OVPN configuration for nordvpn accessed within corporate network","T1090.003 - T1133 - T1572","TA0003 - TA0001 - TA0011 - TA0010 - TA0005","N/A","N/A","Data Exfiltration","https://nordvpn.com","0","1","#VPN","N/A","8","10","N/A","N/A","N/A","N/A"
"*625ae9460120.ngrok.io*",".{0,1000}625ae9460120\.ngrok\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*/openvpn.exe*",".{0,1000}\/openvpn\.exe.{0,1000}","greyware_tool_keyword","OPENVPN","OpenVPN is a legitimate tool that might be used by an adversary to maintain persistence or exfiltrate data","T1071 - T1573 - T1133","TA0003 - TA0008 - TA0011","N/A","N/A","Defense Evasion","https://openvpn.net/","1","1","#VPN","N/A","6","8","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.docm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.docm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.dos*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.dos.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.exe*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.go*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.go.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.gz*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.gz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.hta*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.hta.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*7k3j6g3h67l23j345wennkoc4a2223rhjkba22o77ihzdj3achwa.remote.moe*",".{0,1000}7k3j6g3h67l23j345wennkoc4a2223rhjkba22o77ihzdj3achwa\.remote\.moe.{0,1000}","greyware_tool_keyword","remotemoe","remotemoe is a software daemon for exposing ad-hoc services to the internet without having to deal with the regular network stuff such as configuring VPNs - changing firewalls - or adding port forwards","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/fasmide/remotemoe","1","1","N/A","N/A","10","10","278","31","2024-06-03T14:00:47Z","2020-06-11T07:41:03Z"
"*raw.githubusercontent.com*.iso*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.iso.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.jar*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.jar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.js*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.js.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.lnk*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.lnk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.log*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.log.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.mac*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.mac.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*a.aomeisoftware.com*",".{0,1000}a\.aomeisoftware\.com.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AADInternals.exe*",".{0,1000}AADInternals\.exe.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29 - COZY BEAR","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*AADInternals.pdb*",".{0,1000}AADInternals\.pdb.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29 - COZY BEAR","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*AADInternals.psd1*",".{0,1000}AADInternals\.psd1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29 - COZY BEAR","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*AADInternals.psm1*",".{0,1000}AADInternals\.psm1.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29 - COZY BEAR","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*ACLScanner.exe*",".{0,1000}ACLScanner\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability Scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*acontrol.atera.com*",".{0,1000}acontrol\.atera\.com.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta - Dispossessor","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_agent.exe*",".{0,1000}action1_agent\.exe.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_remote.exe*",".{0,1000}action1_remote\.exe.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*action1_update.exe*",".{0,1000}action1_update\.exe.{0,1000}","greyware_tool_keyword","action1","Action1 remote administration tool abused buy attacker","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","LockBit - MONTI","RMM","https://app.action1.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*activate.netsupportsoftware.com*",".{0,1000}activate\.netsupportsoftware\.com.{0,1000}","greyware_tool_keyword","NetSupport","NetSupport Manager is a remote access tool that can be used legitimately for IT management but has also been abused by adversaries for remote system control and surveillance","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Cuba - EvilCorp* - Black Basta - Moskalvzapoe","RMM","https://www.netsupportmanager.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.mam*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.mam.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*adexplorer.exe*",".{0,1000}adexplorer\.exe.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer.zip*",".{0,1000}adexplorer\.zip.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer64.exe*",".{0,1000}adexplorer64\.exe.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adexplorer64a.exe*",".{0,1000}adexplorer64a\.exe.{0,1000}","greyware_tool_keyword","adexplorer","Active Directory Explorer (AD Explorer) is an advanced Active Directory (AD) viewer and editor. You can use AD Explorer to easily navigate an AD database. It can be abused by malicious actors","T1003.001 - T1087.001","TA0006 - TA0007","N/A","Lapsus$ - Scattered Spider*","Discovery","https://learn.microsoft.com/en-us/sysinternals/downloads/adexplorer","1","1","N/A","greyware tool - risks of False positive !","7","10","N/A","N/A","N/A","N/A"
"*adfind.bat*",".{0,1000}adfind\.bat.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*adfind.exe*",".{0,1000}adfind\.exe.{0,1000}","greyware_tool_keyword","adfind","Adfind is a command-line tool often used by administrators for Active Directory queries. However. attackers can misuse it to gather valuable information about the network environment. including user accounts. group memberships. domain controllers. and domain trusts. This gathered intelligence can aid in Lateral Movement. privilege escalation. or even data exfiltration. Such reconnaissance activities often precede more damaging attacks.","T1087 - T1016 - T1482","TA0007 - TA0008 - TA0043","N/A","APT29 - Akira - Black Basta - BlackSuit - Conti - COZY BEAR - Dagon Locker - Diavol - FIN6 - FIN7 - INC Ransom - LockBit - MAZE - MUSTANG PANDA - NetWalker - Nokoyawa - PLAY - Quantum - REvil - Royal - Ryuk - TA505 - TRAVELING SPIDER - Unit 29155 - WIZARD SPIDER - Wizard Spider - XingLocker - menuPass - Dispossessor","Discovery","https://thedfirreport.com/2022/08/08/bumblebee-roasts-its-way-to-domain-admin/","1","1","N/A","greyware tool - risks of False positive !","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.msi*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.msi.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.msp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.msp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*admin.*.swi-dre.com*",".{0,1000}admin\..{0,1000}\.swi\-dre\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ADRecon.ps1*",".{0,1000}ADRecon\.ps1.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","N/A","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","8","716","102","2024-10-15T03:41:29Z","2018-12-15T13:00:09Z"
"*adrecon/ADRecon*",".{0,1000}adrecon\/ADRecon.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","8","716","102","2024-10-15T03:41:29Z","2018-12-15T13:00:09Z"
"*ADRecon-master.zip*",".{0,1000}ADRecon\-master\.zip.{0,1000}","greyware_tool_keyword","adrecon","ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.","T1018 - T1087.001 - T1069.001 - T1003.002 - T1482","TA0007 - TA0009 - TA0040","N/A","Scattered Spider*","Discovery","https://github.com/adrecon/ADRecon","1","1","N/A","AD Enumeration","7","8","716","102","2024-10-15T03:41:29Z","2018-12-15T13:00:09Z"
"*Advanced Monitoring Agent HTTP Retriever 1.1*",".{0,1000}Advanced\sMonitoring\sAgent\sHTTP\sRetriever\s1\.1.{0,1000}","greyware_tool_keyword","Nsight RMM","Nsight RMM usage","T1021 - T1219 - T1563 - T1608","TA0002 - TA0008 - TA0011 - TA0040","N/A","Scattered Spider*","RMM","https://www.n-able.com/products/n-sight-rmm","1","1","N/A","user-agent","10","10","N/A","N/A","N/A","N/A"
"*Advanced_IP_Scanner*.exe*",".{0,1000}Advanced_IP_Scanner.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Royal - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*advanced_ip_scanner_console.exe*",".{0,1000}advanced_ip_scanner_console\.exe.{0,1000}","greyware_tool_keyword","advanced-ip-scanner","The program shows all network devices. gives you access to shared folders. provides remote control of computers (via RDP and Radmin) and can even remotely switch computers off. It is easy to use and runs as a portable edition (abused by TA)","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","MAZE - BlackSuit - Royal - Akira - LockBit - Diavol - GoGoogle - INC Ransom - Hive - ZolaConti2 - Darkside/UNC24653 - Egregor4 - Hades/ Evilcorp5 - REvil6 - Ryuk/ UNC18787 - UNC24477 - UNC Iranian actor8 - Dharma9","Discovery","https://www.huntandhackett.com/blog/advanced-ip-scanner-the-preferred-scanner-in-the-apt-toolbox","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*advanced_port_scanner.exe*",".{0,1000}advanced_port_scanner\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","Dispossessor - LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider* - INDRIK SPIDER - Medusa Locker","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*advanced_port_scanner_console.exe*",".{0,1000}advanced_port_scanner_console\.exe.{0,1000}","greyware_tool_keyword","advanced port scanner","port scanner tool abused by ransomware actors","T1135 - T1021 - T1016 - T1046","TA0007 - TA0043","N/A","Dispossessor - LockBit - BianLian - PYSA - Trigona - EvilCorp* - Fog - Scattered Spider* - INDRIK SPIDER - Medusa Locker","Discovery","https://www.advanced-port-scanner.com/","1","1","N/A","N/A","7","10","N/A","N/A","N/A","N/A"
"*AeroAdmin PRO - remote desktop.exe*",".{0,1000}AeroAdmin\sPRO\s\-\sremote\sdesktop\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AeroAdmin_2.exe*",".{0,1000}AeroAdmin_2\.exe.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*agent.fleetdeck.io/*?win*",".{0,1000}agent\.fleetdeck\.io\/.{0,1000}\?win.{0,1000}","greyware_tool_keyword","fleetdeck","FleetDeck is a Remote Desktop & Virtual Terminal solution tailored for techs to manage large fleets of computers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://fleetdeck.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*agent01.xeox.com*",".{0,1000}agent01\.xeox\.com.{0,1000}","greyware_tool_keyword","xeox","Easily access and manage Windows devices remotely within XEOX - RMM abused by threat actors","T1021 - T1078 - T1219 - T1105 - T1046","TA0011 - TA0010 - TA0003 - TA0005","N/A","Dispossessor","RMM","https://xeox.com/remote-access/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*agent-api.atera.com*",".{0,1000}agent\-api\.atera\.com.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta - Dispossessor","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*agents.level.io*",".{0,1000}agents\.level\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*agrinman/tap/tunnelto*",".{0,1000}agrinman\/tap\/tunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*agrinman/tunnelto*",".{0,1000}agrinman\/tunnelto.{0,1000}","greyware_tool_keyword","tunnelto.dev","Expose your local web server to the internet with a public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/agrinman/tunnelto","1","1","N/A","N/A","10","10","2110","114","2022-09-24T21:28:44Z","2020-03-22T05:39:49Z"
"*/SoftEtherVPN-*.tar.xz*",".{0,1000}\/SoftEtherVPN\-.{0,1000}\.tar\.xz.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","GALLIUM","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","#VPN","N/A","8","10","11724","2605","2024-09-24T14:47:23Z","2014-01-02T12:40:57Z"
"*alt.meshcentral.com*",".{0,1000}alt\.meshcentral\.com.{0,1000}","greyware_tool_keyword","meshcentral","MeshCentral is a full computer management web site - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://github.com/Ylianst/MeshCentral","1","1","N/A","N/A","10","10","4349","581","2024-12-07T14:41:24Z","2017-08-28T16:21:11Z"
"*amalshaji/portr*",".{0,1000}amalshaji\/portr.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*amalshaji/taps/portr*",".{0,1000}amalshaji\/taps\/portr.{0,1000}","greyware_tool_keyword","Portr","Portr is a tunnel solution that allows you to expose local http, tcp or websocket connections to the public internet","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/amalshaji/portr","1","1","N/A","N/A","10","10","2328","66","2024-11-30T12:13:04Z","2023-11-21T11:14:01Z"
"*amidaware/tacticalrmm*",".{0,1000}amidaware\/tacticalrmm.{0,1000}","greyware_tool_keyword","tacticalrmm","A remote monitoring & management tool","T1021.001 - T1219 - T1076 - T1563.002","TA0008 - TA0009 - TA0010 - TA0011","N/A","AvosLocker - Scattered Spider*","RMM","https://github.com/amidaware/tacticalrmm","1","1","N/A","N/A","10","10","3276","450","2024-11-28T19:56:21Z","2019-10-22T22:19:12Z"
"*/SoftEtherVPN.git*",".{0,1000}\/SoftEtherVPN\.git.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","GALLIUM","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","#VPN","abused https://asec.ahnlab.com/en/66843/","8","10","11724","2605","2024-09-24T14:47:23Z","2014-01-02T12:40:57Z"
"*anderspitman/SirTunnel*",".{0,1000}anderspitman\/SirTunnel.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1364","114","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*angryip/ipscan*",".{0,1000}angryip\/ipscan.{0,1000}","greyware_tool_keyword","ipscan","Angry IP Scanner - fast and friendly network scanner - abused by a lot ransomware actors","T1046 - T1040 - T1018","TA0007 - TA0009","N/A","Phobos - BERSERK BEAR","Discovery","https://github.com/angryip/ipscan","1","1","N/A","N/A","7","10","4213","731","2024-11-23T19:03:47Z","2011-06-28T20:58:48Z"
"*AnyplaceControlInstall.exe*",".{0,1000}AnyplaceControlInstall\.exe.{0,1000}","greyware_tool_keyword","AnyplaceControl","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyplace-control[.]com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*/SoftEtherVPN/releases/tag/*",".{0,1000}\/SoftEtherVPN\/releases\/tag\/.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","GALLIUM","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","#VPN","N/A","8","10","11724","2605","2024-09-24T14:47:23Z","2014-01-02T12:40:57Z"
"*/softether-vpnclient-*.exe*",".{0,1000}\/softether\-vpnclient\-.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","GALLIUM","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","#VPN","N/A","8","10","11724","2605","2024-09-24T14:47:23Z","2014-01-02T12:40:57Z"
"*raw.githubusercontent.com*.nexe*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.nexe.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*/softether-vpnserver-*.deb*",".{0,1000}\/softether\-vpnserver\-.{0,1000}\.deb.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","GALLIUM","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","#VPN","N/A","8","10","11724","2605","2024-09-24T14:47:23Z","2014-01-02T12:40:57Z"
"*raw.githubusercontent.com*.nim*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.nim.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.otm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.otm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.out*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.out.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ova*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ova.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*api.remot3.it*",".{0,1000}api\.remot3\.it.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*api.telegram.org*",".{0,1000}api\.telegram\.org.{0,1000}","greyware_tool_keyword","telegram","telegram API usage -given the increasing adoption of Telegram by malware for command and control (C2) operations. it's essential to monitor and restrict its usage within corporate networks and on company devices","T1071.004 - T1102 - T1047","TA0011 - TA0002 - TA0005","N/A","Gamaredon","C2","api.telegram.org","0","1","N/A","High False positive Risk !","1","9","N/A","N/A","N/A","N/A"
"*api/v1/fleet/sso/callback*",".{0,1000}api\/v1\/fleet\/sso\/callback.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*api01.remot3.it*",".{0,1000}api01\.remot3\.it.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*api-telemetry.servers.getgo.com*",".{0,1000}api\-telemetry\.servers\.getgo\.com.{0,1000}","greyware_tool_keyword","GoToMyPC","GoToMyPC is remote desktop software that allows users to access computers remotely using a web browser","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","N/A","RMM","https://www.gotomypc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pem*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pem.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pfx*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pfx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*asapi.aweray.net*",".{0,1000}asapi\.aweray\.net.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*asse.rel.tunnels.api.visualstudio.com*",".{0,1000}asse\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*assist.zoho.com*",".{0,1000}assist\.zoho\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*as-tk.aweray.com*",".{0,1000}as\-tk\.aweray\.com.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*as-tk.aweray.com/track*",".{0,1000}as\-tk\.aweray\.com\/track.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ataylor32/duckdns-powershell*",".{0,1000}ataylor32\/duckdns\-powershell.{0,1000}","greyware_tool_keyword","duckdns.org","A simple C# DuckDNS updater - free dynamic DNS hosted on AWS - often used by threat actors for contacting C2","T1568.002 - T1071.001","TA0011 - TA0005","N/A","N/A","Defense Evasion","https://www.duckdns.org/install.jsp","1","1","N/A","N/A","5","10","N/A","N/A","N/A","N/A"
"*atera_del.bat*",".{0,1000}atera_del\.bat.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta - Dispossessor","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*atera_del2.bat*",".{0,1000}atera_del2\.bat.{0,1000}","greyware_tool_keyword","Atera","control remote machines- abused by threat actors","T1021.001 - T1078 - T1133 - T1112","TA0008 - TA0003 - TA0004 - TA0005 - TA0011 - TA0010","N/A","BlackSuit - Royal - AvosLocker - BianLian - Conti - Hive - Quantum - RansomHub - Black Basta - Dispossessor","RMM","https://www.atera.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*auc1.rel.tunnels.api.visualstudio.com*",".{0,1000}auc1\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*aue.rel.tunnels.api.visualstudio.com*",".{0,1000}aue\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*aue.rel.tunnels.api.visualstudio.com*",".{0,1000}aue\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","0","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*aue-data.rel.tunnels.api.visualstudio.com*",".{0,1000}aue\-data\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","0","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*auth11.aeroadmin.com*",".{0,1000}auth11\.aeroadmin\.com.{0,1000}","greyware_tool_keyword","aeroadmin","RMM software - full remote control / file transfer","T1021.001 - T1048.003","TA0008 - TA0011 - TA0009 - TA0010","N/A","N/A","RMM","https://ulm.aeroadmin.com/AeroAdmin.exe","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AutoHotkey/Ahk2Exe*",".{0,1000}AutoHotkey\/Ahk2Exe.{0,1000}","greyware_tool_keyword","Ahk2Exe","Official AutoHotkey script compiler - misused in scripting malicious executables","T1059 - T1204 - T1036 - T1027","TA0002 - TA0005","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/Ahk2Exe","1","1","N/A","N/A","7","7","622","116","2024-08-10T23:15:47Z","2011-08-01T10:28:19Z"
"*AutoHotkey/AutoHotkey*",".{0,1000}AutoHotkey\/AutoHotkey.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*AutoHotkeySC.bin*",".{0,1000}AutoHotkeySC\.bin.{0,1000}","greyware_tool_keyword","AutoHotkey","AutoHotkey - macro-creation and automation-oriented scripting utility for Windows","T1056.001 - T1027 - T1059.001 - T1140","TA0005 - TA0002","N/A","N/A","Defense Evasion","https://github.com/AutoHotkey/AutoHotkey","1","1","N/A","abused by multiple threat actors https://thehackernews.com/2024/06/darkgate-malware-replaces-autoit-with.html - False positives expected","6","10","9438","956","2024-07-06T14:02:52Z","2009-11-25T11:08:21Z"
"*auvik.agent.exe*",".{0,1000}auvik\.agent\.exe.{0,1000}","greyware_tool_keyword","auvik","cloud-based network management software","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.auvik.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AuvikService.exe*",".{0,1000}AuvikService\.exe.{0,1000}","greyware_tool_keyword","auvik","cloud-based network management software","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.auvik.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*Aweray_Remote.exe*",".{0,1000}Aweray_Remote\.exe.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*awerayimg.com*",".{0,1000}awerayimg\.com.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*AzureADConnectAuthenticationAgentService.exe*",".{0,1000}AzureADConnectAuthenticationAgentService\.exe.{0,1000}","greyware_tool_keyword","AADInternals","AADInternals PowerShell module for administering Azure AD and Office 365","T1583 - T1558 - T1078 - T1136 - T1087 - T1114 - T1566 - T1056 - T1199 - T1098 - T1649 - T1621 - T1649","TA0006 - TA0003 - TA0004 - TA0005 - TA0007 - TA0009 - TA0011","N/A","APT29 - COZY BEAR","Exploitation tool","https://github.com/Gerenios/AADInternals","1","1","N/A","N/A","9","10","1318","218","2024-11-12T21:53:15Z","2018-10-25T17:35:16Z"
"*/softether-vpnserver_*.exe*",".{0,1000}\/softether\-vpnserver_.{0,1000}\.exe.{0,1000}","greyware_tool_keyword","SoftEtherVPN","Cross-platform multi-protocol VPN software abused by attackers","T1133 - T1210 - T1573 - T1219 - T1571","TA0001 - TA0002 - TA0003 - TA0005 - TA0010","N/A","GALLIUM","Defense Evasion","https://github.com/SoftEtherVPN/SoftEtherVPN","1","1","#VPN","N/A","8","10","11724","2605","2024-09-24T14:47:23Z","2014-01-02T12:40:57Z"
"*b4ldr/nse-scripts*",".{0,1000}b4ldr\/nse\-scripts.{0,1000}","greyware_tool_keyword","nmap","Install and update external NSE script for nmap","T1595 - T1592 - T1589 - T1590 - T1591 - T1190 - T1059 - T1046 - T1016 - T1049 - T1007","TA0001 - TA0007 - TA0043","N/A","Qilin - Cactus - EMBER BEAR - ENERGETIC BEAR - MUSTANG PANDA - TA2101 - FIN13","Vulnerability Scanner","https://github.com/shadawck/nse-install","1","1","N/A","N/A","7","1","6","1","2020-08-28T11:27:08Z","2020-08-24T16:55:55Z"
"*berstend/hypertunnel*",".{0,1000}berstend\/hypertunnel.{0,1000}","greyware_tool_keyword","hypertunnel","Expose any local TCP/IP service on the internet","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","N/A","C2","https://github.com/berstend/hypertunnel","1","1","N/A","N/A","10","10","242","45","2022-12-08T19:13:24Z","2018-06-11T05:29:58Z"
"*beyondcode/expose*",".{0,1000}beyondcode\/expose.{0,1000}","greyware_tool_keyword","expose","tunneling service - written in pure PHP","T1572 - T1090","TA0011 - TA0005","N/A","N/A","C2","https://github.com/beyondcode/expose","1","1","N/A","N/A","10","10","4261","266","2024-09-25T09:30:30Z","2020-04-14T19:18:38Z"
"*bfleegjcoffelppfmadimianphbcdjkb*",".{0,1000}bfleegjcoffelppfmadimianphbcdjkb.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*raw.githubusercontent.com*.pl*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pl.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*bluekeepscanner.exe*",".{0,1000}bluekeepscanner\.exe.{0,1000}","greyware_tool_keyword","pingcastle","active directory weakness scan Vulnerability scanner and Earth Lusca Operations Tools and commands","T1016 - T1069.002 - T1087.002 - T1485","TA0007 - TA0008","N/A","MAZE - BianLian - Scattered Spider*","Vulnerability Scanner","https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf https://github.com/vletoux/pingcastle","1","1","N/A","N/A","10","","N/A","","",""
"*bomgar-rdp.exe*",".{0,1000}bomgar\-rdp\.exe.{0,1000}","greyware_tool_keyword","Bomgar","Bomgar beyoundtrust Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","https://www.beyondtrust.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*boot.net.anydesk.com*",".{0,1000}boot\.net\.anydesk\.com.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt - Dispossessor","RMM","https://anydesk.com/","1","1","N/A","risk of false positives - compliance detection","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.plx*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.plx.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*boringproxy/boringproxy*",".{0,1000}boringproxy\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*boringproxy_db.json*",".{0,1000}boringproxy_db\.json.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*brimstone/rsocks*",".{0,1000}brimstone\/rsocks.{0,1000}","greyware_tool_keyword","rsocks","reverse socks5 client & server","T1090 - T1571 - T1071 - T1095","TA0011 - TA0001 - TA0008","N/A","Scattered Spider*","C2","https://github.com/brimstone/rsocks","1","1","N/A","N/A","10","10","81","30","2020-01-09T20:45:32Z","2018-01-05T03:09:07Z"
"*browser.lol/create*",".{0,1000}browser\.lol\/create.{0,1000}","greyware_tool_keyword","browser.lol","Virtual Browser - Safely visit blocked or risky websites - can be used to bypass network restrictions within a corporate environment","T1071 - T1090 - T1562","TA0005","N/A","N/A","Defense Evasion","https://browser.lol","1","1","N/A","N/A","8","9","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pm*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pm.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ppk*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ppk.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ps1*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ps1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*brs.rel.tunnels.api.visualstudio.com*",".{0,1000}brs\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","dev-tunnels","Dev tunnels allow developers to securely share local web services across the internet. Enabling you to connect your local development environment with cloud services and share work in progress with colleagues or aid in building webhooks","T1021.003 - T1105 - T1090","TA0002 - TA0005 - TA0011","N/A","N/A","C2","https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/overview","1","1","N/A","N/A","8","10","N/A","N/A","N/A","N/A"
"*builds.level.io*",".{0,1000}builds\.level\.io.{0,1000}","greyware_tool_keyword","level.io","Level is reinventing remote monitoring and management","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://level.io/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*c3pool_miner service*",".{0,1000}c3pool_miner\sservice.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","27","21","2024-11-05T05:34:20Z","2020-05-16T13:01:30Z"
"*c3pool_miner.bat*",".{0,1000}c3pool_miner\.bat.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","27","21","2024-11-05T05:34:20Z","2020-05-16T13:01:30Z"
"*c3pool_miner.service*",".{0,1000}c3pool_miner\.service.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","27","21","2024-11-05T05:34:20Z","2020-05-16T13:01:30Z"
"*c3pool_miner.sh*",".{0,1000}c3pool_miner\.sh.{0,1000}","greyware_tool_keyword","xmrig","Auto setup scripts and pre-compiled xmr miner for c3pool.com pool","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","27","21","2024-11-05T05:34:20Z","2020-05-16T13:01:30Z"
"*chat.us.n-able.com*",".{0,1000}chat\.us\.n\-able\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*ChromeCookiesView.exe*",".{0,1000}ChromeCookiesView\.exe.{0,1000}","greyware_tool_keyword","ChromeCookiesView","displays the list of all cookies stored by Google Chrome Web browser - abused by attackers","T1539 - T1005 - T1070.004 - T1552.001","TA0006 - TA0008 - TA0009","N/A","Evilnum - MuddyWater","Credential Access","https://www.nirsoft.net/utils/chrome_cookies_view.html","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","8","10","N/A","N/A","N/A","N/A"
"*chromecookiesview.zip*",".{0,1000}chromecookiesview\.zip.{0,1000}","greyware_tool_keyword","ChromeCookiesView","displays the list of all cookies stored by Google Chrome Web browser - abused by attackers","T1539 - T1005 - T1070.004 - T1552.001","TA0006 - TA0008 - TA0009","N/A","Evilnum - MuddyWater","Credential Access","https://www.nirsoft.net/utils/chrome_cookies_view.html","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","8","10","N/A","N/A","N/A","N/A"
"*chromecookiesview-x64.zip*",".{0,1000}chromecookiesview\-x64\.zip.{0,1000}","greyware_tool_keyword","ChromeCookiesView","displays the list of all cookies stored by Google Chrome Web browser - abused by attackers","T1539 - T1005 - T1070.004 - T1552.001","TA0006 - TA0008 - TA0009","N/A","Evilnum - MuddyWater","Credential Access","https://www.nirsoft.net/utils/chrome_cookies_view.html","1","1","N/A","https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf","8","10","N/A","N/A","N/A","N/A"
"*chrome-remote-desktop_current_amd64.deb*",".{0,1000}chrome\-remote\-desktop_current_amd64\.deb.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*chromeremotedesktophost.msi*",".{0,1000}chromeremotedesktophost\.msi.{0,1000}","greyware_tool_keyword","Google Remote Desktop","Google Chrome Remote Desktop to access remote computers - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotedesktop.google.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*client.teamviewer.com*",".{0,1000}client\.teamviewer\.com.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit - BERSERK BEAR - MUSTANG PANDA - TeamSpy Crew - BianLian - Scattered Spider* - Trigona - Yanluowang - FIN7 - LOTUS PANDA","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*client-api.aweray.com*",".{0,1000}client\-api\.aweray\.com.{0,1000}","greyware_tool_keyword","aweray","all-in-one secure remote access control and support solution","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","sun.aweray.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.psm1*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.psm1.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*cloud.telebit.remot*",".{0,1000}cloud\.telebit\.remot.{0,1000}","greyware_tool_keyword","telebit.cloud","Access your devices - Share your stuff (shell from telebit.cloud)","T1021 - T1090 - T1573 - T1219 - T1562.001","TA0001 - TA0005 - TA0008 - TA0011","N/A","N/A","C2","https://telebit.cloud/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*cloudflared-amd64.pkg*",".{0,1000}cloudflared\-amd64\.pkg.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*cloudflared-windows-386.exe*",".{0,1000}cloudflared\-windows\-386\.exe.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*cloudflared-windows-amd64.exe*",".{0,1000}cloudflared\-windows\-amd64\.exe.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*cloudflared-windows-amd64.msi*",".{0,1000}cloudflared\-windows\-amd64\.msi.{0,1000}","greyware_tool_keyword","cloudflared","cloudfared Contains the command-line client for Cloudflare Tunnel - a tunneling daemon that proxies traffic from the Cloudflare network to your origins","T1572 - T1090 - T1071","TA0001 - TA0011","N/A","BlackSuit - Royal - Akira - Scattered Spider* - Gamaredon - TA4557 - FIN6","C2","https://github.com/cloudflare/cloudflared","1","1","N/A","N/A","10","10","9418","838","2024-12-06T13:05:17Z","2017-10-13T19:54:47Z"
"*cmd/boringproxy*",".{0,1000}cmd\/boringproxy.{0,1000}","greyware_tool_keyword","boringproxy","Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/boringproxy/boringproxy","1","1","N/A","N/A","10","10","1233","117","2024-07-06T10:13:37Z","2020-09-26T21:58:07Z"
"*cmd/crowbard/*",".{0,1000}cmd\/crowbard\/.{0,1000}","greyware_tool_keyword","crowbar","Tunnel TCP over a plain HTTP session","T1572 - T1048","TA0011 - TA0010 - TA0005","N/A","Dispossessor","C2","https://github.com/q3k/crowbar","1","1","N/A","N/A","10","10","475","48","2021-01-24T08:21:05Z","2015-02-03T18:40:00Z"
"*raw.githubusercontent.com*.pub*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pub.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*commanderupdate.fleetdeck.io*",".{0,1000}commanderupdate\.fleetdeck\.io.{0,1000}","greyware_tool_keyword","fleetdm","Manage everything in one place","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://github.com/fleetdm/fleet","1","1","N/A","N/A","10","10","3183","437","2024-12-08T00:28:45Z","2020-11-03T22:17:18Z"
"*comserver.corporate.beanywhere.com*",".{0,1000}comserver\.corporate\.beanywhere\.com.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*control.*.logmeinrescue.com*",".{0,1000}control\..{0,1000}\.logmeinrescue\.com.{0,1000}","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*control.rsc-app*.logmeinrescue.com",".{0,1000}control\.rsc\-app.{0,1000}\.logmeinrescue\.com","greyware_tool_keyword","LogMeIn","LogMeIn is a legitimate remote support software that allows IT and customer support teams to remotely access and control devices to provide support - abused by threat actors ","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","BlackSuit - Royal - Trigona - Yanluowang","RMM","https://www.logmein.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*controlserver.anyviewer.com*",".{0,1000}controlserver\.anyviewer\.com.{0,1000}","greyware_tool_keyword","anyviewer","access your unattended PC from anywhere","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","N/A","RMM","www.anyviewer.com","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.py*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.py.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*curl*.interact.sh*",".{0,1000}curl.{0,1000}\.interact\.sh.{0,1000}","greyware_tool_keyword","interactsh","Interactsh is an open-source tool for detecting out-of-band interactions. It is a tool designed to detect vulnerabilities that cause external interactions but abused by attackers as C3","T1566.002 - T1566.001 - T1071 - T1102","TA0011 - TA0001","N/A","N/A","C2","https://github.com/projectdiscovery/interactsh","1","1","N/A","FP risk - legitimate service abused by attackers","10","10","3478","370","2024-12-02T01:45:18Z","2021-01-29T14:31:51Z"
"*cwn-log-collector-production-clone.*.elasticbeanstalk.com*",".{0,1000}cwn\-log\-collector\-production\-clone\..{0,1000}\.elasticbeanstalk\.com.{0,1000}","greyware_tool_keyword","ComodoRMM (Itarian RMM)","Comodo offers IT Remote Management tools includes RMM Software - Remote Access - Service Desk - Patch Management and Network Assessment (Itarian RMM)","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://one.comodo.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pyc*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pyc.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.pyo*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.pyo.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*damewareagent.msi*",".{0,1000}damewareagent\.msi.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*damewareremoteeverywhereagent.exe*",".{0,1000}damewareremoteeverywhereagent\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*damewareremoteeverywhereconsole.exe*",".{0,1000}damewareremoteeverywhereconsole\.exe.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*daps94/SirTunnel*",".{0,1000}daps94\/SirTunnel.{0,1000}","greyware_tool_keyword","SirTunnel","SirTunnel enables you to securely expose a webserver running on your computer to a public URL using HTTPS.","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/anderspitman/SirTunnel","1","1","N/A","N/A","10","10","1364","114","2024-03-24T20:15:50Z","2020-09-23T00:15:26Z"
"*dashboard.tunnelmole.com*",".{0,1000}dashboard\.tunnelmole\.com.{0,1000}","greyware_tool_keyword","tunnelmole-client","tmole - Share your local server with a Public URL","T1572","TA0011 - TA0003","N/A","N/A","C2","https://github.com/robbie-cahill/tunnelmole-client/","1","1","N/A","N/A","10","10","1288","80","2024-11-26T09:03:11Z","2023-02-08T08:27:57Z"
"*-data.rel.tunnels.api.visualstudio.com*",".{0,1000}\-data\.rel\.tunnels\.api\.visualstudio\.com.{0,1000}","greyware_tool_keyword","vscode","built-in port forwarding. This feature allows you to share locally running services over the internet to other people and devices.","T1090 - T1003 - T1571","TA0010 - TA0002 - TA0009","N/A","N/A","C2","https://twitter.com/code/status/1699869087071899669","0","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.rar*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.rar.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.raw*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.raw.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.reg*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.reg.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*device.remote.it*",".{0,1000}device\.remote\.it.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*d-h.st/users/powertool*",".{0,1000}d\-h\.st\/users\/powertool.{0,1000}","greyware_tool_keyword","Powertool","tool abused by threat actors to desactive Antivirus","T1562.001 - T1089 - T1562.009","TA0005","N/A","Play - Dispossessor","Defense Evasion","https://www.softpedia.com/get/Antivirus/Removal-Tools/ithurricane-PowerTool.shtml","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*dir /a C:\pagefile.sys | findstr /R *",".{0,1000}dir\s\/a\sC\:\\pagefile\.sys\s\|\sfindstr\s\/R\s.{0,1000}","greyware_tool_keyword","findstr","commands from wmiexec2.0 - is the same wmiexec that everyone knows and loves (debatable). This 2.0 version is obfuscated to avoid well known signatures from various AV engines.","T1047 - T1027 - T1059","TA0005 - TA0002","N/A","N/A","Discovery","https://github.com/ice-wzl/wmiexec2","1","1","N/A","N/A","9","1","33","1","2024-06-12T17:56:15Z","2023-02-07T22:10:08Z"
"*raw.githubusercontent.com*.rgs*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.rgs.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.RGS*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.RGS.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.run*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.run.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*dl.wireshark.org*",".{0,1000}dl\.wireshark\.org.{0,1000}","greyware_tool_keyword","wireshark","Wireshark is a network protocol analyzer.","T1040 - T1052.001 - T1046","TA0001 - TA0002 - TA0007","N/A","N/A","Sniffing & Spoofing","https://www.wireshark.org/","1","1","N/A","greyware tool - risks of False positive !","N/A","N/A","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.scpt*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.scpt.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.script*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.script.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.sct*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.sct.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.sh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.sh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.ssh*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.ssh.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.sys*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.sys.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.teamserver*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.teamserver.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.temp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.temp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.tgz*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.tgz.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*donate.ssl.xmrig.com*",".{0,1000}donate\.ssl\.xmrig\.com.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","27","21","2024-11-05T05:34:20Z","2020-05-16T13:01:30Z"
"*donate.v2.xmrig.com:3333*",".{0,1000}donate\.v2\.xmrig\.com\:3333.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/xmrig/xmrig/","1","1","N/A","N/A","9","10","8852","3477","2024-11-08T06:03:49Z","2017-04-15T05:57:53Z"
"*donate.xmrig.com*",".{0,1000}donate\.xmrig\.com.{0,1000}","greyware_tool_keyword","xmrig","CPU/GPU cryptominer often used by attackers on compromised machines","T1496 - T1057","TA0004 - TA0007","N/A","Pacha Group - APT4","Cryptomining","https://github.com/C3Pool/xmrig_setup/","1","1","N/A","N/A","9","1","27","21","2024-11-05T05:34:20Z","2020-05-16T13:01:30Z"
"*raw.githubusercontent.com*.tmp*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.tmp.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*download.anydesk.com*",".{0,1000}download\.anydesk\.com.{0,1000}","greyware_tool_keyword","anydesk","Anydesk RMM usage","T1021 - T1071 - T1090","TA0008 - TA0011","N/A","BlackSuit - Royal - Akira - BlackCat - Karakurt - LockBit - Rhysida - AvosLocker - Conti - Dagon Locker - Nokoyawa - Quantum - Diavol - Trigona - BlackByte - Cactus - Lapsus$ - Black Basta - MONTI - Karakurt","RMM","https://anydesk.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*raw.githubusercontent.com*.vb*",".{0,1000}raw\.githubusercontent\.com.{0,1000}\.vb.{0,1000}","greyware_tool_keyword","github","Github raw access content - abused by malwares to retrieve payloads","T1119","TA0009","N/A","N/A","Collection","https://github.com/","1","1","N/A","greyware tool - risks of False positive !","9","10","N/A","N/A","N/A","N/A"
"*download.global.mspa.n-able.com/*",".{0,1000}download\.global\.mspa\.n\-able\.com\/.{0,1000}","greyware_tool_keyword","Dameware","Solarwind Dameware Remote Control utilities","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://www.solarwinds.com/fr/remote-support-software","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.radmin.com*",".{0,1000}download\.radmin\.com.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.radmin-vpn.com*",".{0,1000}download\.radmin\-vpn\.com.{0,1000}","greyware_tool_keyword","Radmin","Radmin is a remote control program that lets you work on another computer through your own","T1021 - T1076 - T1563","TA0008 - TA0009 - TA0002","N/A","Akira","RMM","https://www.radmin.com/download/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.remotepc.com*",".{0,1000}download\.remotepc\.com.{0,1000}","greyware_tool_keyword","RemotePC","RemotePC Remote administration tool","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","Scattered Spider*","RMM","https://remotepc.com/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"
"*download.teamviewer.com.cdn.cloudflare.net*",".{0,1000}download\.teamviewer\.com\.cdn\.cloudflare\.net.{0,1000}","greyware_tool_keyword","teamviewer","TeamViewer Remote is software for remote assistance - control and access to computers and other terminals - abused by attackers","T1021.001 - T1059 - T1078 - T1133 - T1563","TA0001 - TA0002 - TA0005 - TA0008 - TA0011 - TA0010","N/A","LockBit - BERSERK BEAR - MUSTANG PANDA - TeamSpy Crew - BianLian - Scattered Spider* - Trigona - Yanluowang - FIN7 - LOTUS PANDA","RMM","https://www.teamviewer.com/","1","1","N/A","FP risk - teamviewer usage","10","10","N/A","N/A","N/A","N/A"
"*download.wireguard.com/windows-client/*",".{0,1000}download\.wireguard\.com\/windows\-client\/.{0,1000}","greyware_tool_keyword","wiretap","Wiretap is a transparent - VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.","T1572","TA0011 - TA0003","N/A","N/A","Defense Evasion","https://github.com/sandialabs/wiretap","1","1","N/A","N/A","10","9","861","38","2024-11-26T00:33:13Z","2022-11-19T00:19:05Z"
"*downloads.remote.it/remoteit/install_agent.sh*",".{0,1000}downloads\.remote\.it\/remoteit\/install_agent\.sh.{0,1000}","greyware_tool_keyword","remoteit","Expose localhost to internet","T1102 - T1071 - T1560.001","TA0011 - TA0042","N/A","N/A","C2","https://github.com/remoteit/installer","1","1","N/A","N/A","10","10","24","9","2024-04-17T00:45:45Z","2019-01-29T21:06:02Z"
"*downloads.zohocdn.com*",".{0,1000}downloads\.zohocdn\.com.{0,1000}","greyware_tool_keyword","Zoho Assist","Zoho Assist Remote access software - abused by attackers","T1021 - T1071 - T1090","TA0003 - TA0008 - TA0011","N/A","LockBit - Scattered Spider*","RMM","https://www.zoho.com/assist/","1","1","N/A","N/A","10","10","N/A","N/A","N/A","N/A"