Title
Create new category
Edit page index title
Edit category
Edit link
Supported malware families via YARA
Detecting malware families provides critical insights into the behavior, techniques, and goals of malicious software, enabling more effective defenses against these threats. MetaDefender Aether uses YARA rules to identify over 500 malware families and hacking tools, with more than 200 identified through meticulously vetted rules.
Due to the high number of detections, this page highlights only some of the most well-known malware families. Detection coverage may shift as malware strains continue to develop and evolve.
Below is a selection of well-known, detected malware families organized by category.
Hunt the latest samples that belong to Xworm family with this advanced search query.
Ransomware and Wiper
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
AlphV | alphv |
AvosLocker | avoslocker |
Babuk | babuk |
BadRabbit | badrabbit |
BlackMatter | blackmatter |
Cerber | cerber |
Conti | conti |
DarkSide | darkside |
GoldenEye | goldeneye |
Hive | hive |
LockBit | lockbit |
Maze | maze |
Medusa | medusa |
Nemty | nemty |
Netwalker | netwalker |
NotPetya | notpetya |
Petya | petya |
Phobos | phobos |
RagnarLocker | ragnarlocker |
REvil | revil sodinokibi |
Ryuk | ryuk |
Snake | snake ekans |
TeslaCrypt | teslacrypt |
WannaCry | wannacry |
OT malware
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
BlackEnergy | blackenergy |
EKANS | snake ekans |
HavexRAT | havex |
Industroyer | industroyer |
Mirai | mirai |
Stuxnet | stuxnet |
Triton | triton |
Tsunami | tsunami |
Remote Access Trojan (RAT)
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
Adwind | adwind |
Agent Tesla | agenttesla |
AsyncRat | asyncrat |
Crimson | crimson |
DarkComet | darkcomet |
AmmyyAdmin | ammyy |
Gh0stRAT | gh0strat |
LimeRAT | limerat |
MilleniumRAT | milleniumrat |
Nanocore | nanocore |
Netwire | netwire |
njRAT | njrat |
OrcusRAT | orcus |
Parallax | parallax parallaxrat |
QuasarRAT | quasarrat |
Remcos | remcos |
Revenge | revenge |
WezRat | wezrat |
xworm | xworm |
Banking Trojan
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
Dridex | dridex |
Emotet | emotet |
Gozi | gozi |
IcedID | icedid |
TrickBot | trickbot |
Ursnif | ursnif |
Stealer and Keylogger
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
Amadey | amadey |
Azorult | azorult |
Formbook | formbook |
Hawkeye | hawkeye |
Iconic | iconicstealer |
LokiBot | lokibot |
Lumma | lumma lummastealer |
Luna | luna |
Pony | pony |
Predator the Thief | predator |
Redline | redline |
RisePro | risepro |
Stealc | stealc |
Loader and Downloader
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
BazarLoader | bazaarloader |
Emotet | emotet |
GCleaner | gcleaner |
Hancitor | hancitor |
HijackLoader | hijackloader |
Latrodectus | latrodectus |
Matryoshka | matryoshka |
PrivateLoader | privateloader |
RockLoader | rockloader |
SmokeLoader | smokeloader |
SystemBC | systembc |
Botnet
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
Gafgyt | gafgyt |
Mirai | mirai |
Nitol | nitol |
Qbot | qbot qakbot |
Tsunami | tsunami |
Voldemort | voldemort |
Command and Control (C2) Frameworks
Malware family | Tag to search for in MetaDefender Sandbox |
|---|---|
Cobalt Strike | cobalt |
Havoc | havoc |
Merlin | merlin |
Metasploit | metasploit |
PoshC2 | poshc2 |
Sliver | sliver |
See the "Technical Datasheet" for a complete list of features: https://docs.opswat.com/filescan/datasheet/technical-datasheet