Supported malware families via YARA

Detecting malware families provides critical insights into the behavior, techniques, and goals of malicious software, enabling more effective defenses against these threats. MetaDefender Sandbox uses YARA rules to identify over 500 malware families and hacking tools, with more than 200 identified through meticulously vetted rules.

Due to the high number of detections, this page highlights only some of the most well-known malware families. Detection coverage may shift as malware strains continue to develop and evolve.

Below is a selection of well-known, detected malware families organized by category.

Hunt the latest samples that belong to Xworm family with this advanced search query.

Ransomware and Wiper

Malware family	Tag to search for in MetaDefender Sandbox
AlphV	alphv
AvosLocker	avoslocker
Babuk	babuk
BadRabbit	badrabbit
BlackMatter	blackmatter
Cerber	cerber
Conti	conti
DarkSide	darkside
GoldenEye	goldeneye
Hive	hive
LockBit	lockbit
Maze	maze
Medusa	medusa
Nemty	nemty
Netwalker	netwalker
NotPetya	notpetya
Petya	petya
Phobos	phobos
RagnarLocker	ragnarlocker
REvil	revil sodinokibi
Ryuk	ryuk
Snake	snake ekans
TeslaCrypt	teslacrypt
WannaCry	wannacry

OT malware

Malware family	Tag to search for in MetaDefender Sandbox
BlackEnergy	blackenergy
EKANS	snake ekans
HavexRAT	havex
Industroyer	industroyer
Mirai	mirai
Stuxnet	stuxnet
Triton	triton
Tsunami	tsunami

Remote Access Trojan (RAT)

Malware family	Tag to search for in MetaDefender Sandbox
Adwind	adwind
Agent Tesla	agenttesla
AsyncRat	asyncrat
Crimson	crimson
DarkComet	darkcomet
AmmyyAdmin	ammyy
Gh0stRAT	gh0strat
LimeRAT	limerat
MilleniumRAT	milleniumrat
Nanocore	nanocore
Netwire	netwire
njRAT	njrat
OrcusRAT	orcus
Parallax	parallax parallaxrat
QuasarRAT	quasarrat
Remcos	remcos
Revenge	revenge
WezRat	wezrat
xworm	xworm

Banking Trojan

Malware family	Tag to search for in MetaDefender Sandbox
Dridex	dridex
Emotet	emotet
Gozi	gozi
IcedID	icedid
TrickBot	trickbot
Ursnif	ursnif

Stealer and Keylogger

Malware family	Tag to search for in MetaDefender Sandbox
Amadey	amadey
Azorult	azorult
Formbook	formbook
Hawkeye	hawkeye
Iconic	iconicstealer
LokiBot	lokibot
Lumma	lumma lummastealer
Luna	luna
Pony	pony
Predator the Thief	predator
Redline	redline
RisePro	risepro
Stealc	stealc

Loader and Downloader

Malware family	Tag to search for in MetaDefender Sandbox
BazarLoader	bazaarloader
Emotet	emotet
GCleaner	gcleaner
Hancitor	hancitor
HijackLoader	hijackloader
Latrodectus	latrodectus
Matryoshka	matryoshka
PrivateLoader	privateloader
RockLoader	rockloader
SmokeLoader	smokeloader
SystemBC	systembc

Botnet

Malware family	Tag to search for in MetaDefender Sandbox
Gafgyt	gafgyt
Mirai	mirai
Nitol	nitol
Qbot	qbot qakbot
Tsunami	tsunami
Voldemort	voldemort

Command and Control (C2) Frameworks

Malware family	Tag to search for in MetaDefender Sandbox
Cobalt Strike	cobalt
Havoc	havoc
Merlin	merlin
Metasploit	metasploit
PoshC2	poshc2
Sliver	sliver

Last updated on

Was this page helpful?