malware intel

payload clusters and flagged repositories from automated analysis

scanned 3,535 malicious 93 suspicious 156 clusters 25
payload clusters

identical executables distributed across multiple repositories, grouped by sha256 hash

io_github_kvzinncpx_v2.3.zip/lua51.dll 17 repos 14 CVEs 15 actors
sha256:c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac
first seen 2022-01-1… · last seen 2026-01-2…
actors
KvzinNcpx7 · freiwi · kikiuuw · juccoblak · siddu7575 · yogeshkumar09 · Black-and-reds · Asder10 · vick333-peniel · sakyu7 · Nikopmpm · Hitplus · Boydunbarred375 · Riocipta75 · mzuhair9933
CVE repository created score top signal
CVE-2025-9074 KvzinNcpx7/kvzinncpx7.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-8110 freiwi/CVE-2025-8110 2025-12-3… 1.0 renamed_interpreter
CVE-2025-68921 kikiuuw/kikiuuw.github.io 2026-01-2… 1.0 renamed_interpreter
CVE-2025-68921 kikiuuw/CVE-2025-68921 2026-01-2… 1.0 renamed_interpreter
CVE-2025-6554 juccoblak/CVE-2025-6554 2025-08-1… 1.0 renamed_interpreter
CVE-2025-61882 siddu7575/CVE-2025-61882-CVE-2025-61884 2025-03-0… 1.0 interpreter_with_payload
CVE-2025-55184 yogeshkumar09/yogeshkumar09.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-55184 yogeshkumar09/CVE-2025-55184_Testing 2026-01-0… 1.0 renamed_interpreter
CVE-2025-55183 Black-and-reds/reactguard 2022-01-1… 1.0 renamed_interpreter
CVE-2025-55182 Asder10/asder10.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-55182 vick333-peniel/vick333-peniel.github.io 2025-08-0… 1.0 renamed_interpreter
CVE-2025-43529 sakyu7/sakyu7.github.io 2026-01-2… 1.0 renamed_interpreter
CVE-2024-0670 Nikopmpm/nikopmpm.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2023-39910 Hitplus/hitplus.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2020-14144 Boydunbarred375/gi-cv 2025-11-1… 1.0 renamed_interpreter
CVE-2020-0610 Riocipta75/lab-cve-2020-0610 2025-09-0… 1.0 renamed_interpreter
CVE-2016-0856 mzuhair9933/PoPE-pytorch 2025-04-1… 1.0 renamed_interpreter
io_github_kvzinncpx_v2.3.zip/luajit.exe 17 repos 14 CVEs 15 actors
sha256:5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953
first seen 2022-01-1… · last seen 2026-01-2…
actors
KvzinNcpx7 · freiwi · kikiuuw · juccoblak · siddu7575 · yogeshkumar09 · Black-and-reds · Asder10 · vick333-peniel · sakyu7 · Nikopmpm · Hitplus · Boydunbarred375 · Riocipta75 · mzuhair9933
CVE repository created score top signal
CVE-2025-9074 KvzinNcpx7/kvzinncpx7.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-8110 freiwi/CVE-2025-8110 2025-12-3… 1.0 renamed_interpreter
CVE-2025-68921 kikiuuw/kikiuuw.github.io 2026-01-2… 1.0 renamed_interpreter
CVE-2025-68921 kikiuuw/CVE-2025-68921 2026-01-2… 1.0 renamed_interpreter
CVE-2025-6554 juccoblak/CVE-2025-6554 2025-08-1… 1.0 renamed_interpreter
CVE-2025-61882 siddu7575/CVE-2025-61882-CVE-2025-61884 2025-03-0… 1.0 interpreter_with_payload
CVE-2025-55184 yogeshkumar09/yogeshkumar09.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-55184 yogeshkumar09/CVE-2025-55184_Testing 2026-01-0… 1.0 renamed_interpreter
CVE-2025-55183 Black-and-reds/reactguard 2022-01-1… 1.0 renamed_interpreter
CVE-2025-55182 Asder10/asder10.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-55182 vick333-peniel/vick333-peniel.github.io 2025-08-0… 1.0 renamed_interpreter
CVE-2025-43529 sakyu7/sakyu7.github.io 2026-01-2… 1.0 renamed_interpreter
CVE-2024-0670 Nikopmpm/nikopmpm.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2023-39910 Hitplus/hitplus.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2020-14144 Boydunbarred375/gi-cv 2025-11-1… 1.0 renamed_interpreter
CVE-2020-0610 Riocipta75/lab-cve-2020-0610 2025-09-0… 1.0 renamed_interpreter
CVE-2016-0856 mzuhair9933/PoPE-pytorch 2025-04-1… 1.0 renamed_interpreter
freefloatftpserver1.zip/ftpserver.exe 4 repos 1 CVEs 4 actors
sha256:4296a5da6917d97fc46d8a6f154e84b363132c611f93098f95cde13baf3a3da3
first seen 2026-03-1… · last seen 2026-03-1…
actors
JSantos1990 · luisyapura · PopClom · jgs-developer
CVE repository created score top signal
CVE-2025-5548 JSantos1990/CVE-2025-5548 2026-03-1… 1.0 exe_in_media_folder
CVE-2025-5548 luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548 2026-03-1… 1.0 nested_archive_with_exe
CVE-2025-5548 PopClom/CVE-2025-5548 2026-03-1… 0.5 nested_archive_with_exe
CVE-2025-5548 jgs-developer/CVE-2025-5548 2026-03-1… 0.5 nested_archive_with_exe
freefloatftpserver1.zip/FTPServer.exe 4 repos 1 CVEs 4 actors
sha256:aaf23517babedd8d6aca29f179c7f66da03fc5f566b4d7ed79fd7ff66eccae5f
first seen 2026-03-1… · last seen 2026-03-1…
actors
JSantos1990 · luisyapura · PopClom · jgs-developer
CVE repository created score top signal
CVE-2025-5548 JSantos1990/CVE-2025-5548 2026-03-1… 1.0 exe_in_media_folder
CVE-2025-5548 luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548 2026-03-1… 1.0 nested_archive_with_exe
CVE-2025-5548 PopClom/CVE-2025-5548 2026-03-1… 0.5 nested_archive_with_exe
CVE-2025-5548 jgs-developer/CVE-2025-5548 2026-03-1… 0.5 nested_archive_with_exe
freefloatftpserver1.zip/ftpserver.exe 4 repos 1 CVEs 4 actors
sha256:1877b78e7ac0dd93435c1231edc814634e910ad9d727f7a6ab20e1891ac40c06
first seen 2026-03-1… · last seen 2026-03-1…
actors
JSantos1990 · luisyapura · PopClom · jgs-developer
CVE repository created score top signal
CVE-2025-5548 JSantos1990/CVE-2025-5548 2026-03-1… 1.0 exe_in_media_folder
CVE-2025-5548 luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548 2026-03-1… 1.0 nested_archive_with_exe
CVE-2025-5548 PopClom/CVE-2025-5548 2026-03-1… 0.5 nested_archive_with_exe
CVE-2025-5548 jgs-developer/CVE-2025-5548 2026-03-1… 0.5 nested_archive_with_exe
github-sakyu-io-urao.zip/reinit.exe 4 repos 4 CVEs 3 actors
sha256:5b6f8ee0072386b4b63cbcb8f83ef010005d4b6ed3cbd906a094a69726475d62
first seen 2025-04-1… · last seen 2026-01-2…
actors
sakyu7 · Chrisync · mzuhair9933
CVE repository created score top signal
CVE-2025-43529 sakyu7/sakyu7.github.io 2026-01-2… 1.0 renamed_interpreter
CVE-2022-23302 Chrisync/CVE-Scanner 2025-04-2… 1.0 renamed_interpreter
CVE-2021-42278 Chrisync/CVE-Scanner 2025-04-2… 1.0 renamed_interpreter
CVE-2016-0856 mzuhair9933/PoPE-pytorch 2025-04-1… 1.0 renamed_interpreter
ImmunityDebugger_1_85_setup.zip/ImmunityDebugger_1_85_setup.exe 2 repos 1 CVEs 2 actors
sha256:9c15cd47d018ccd99a6c8865baba20134c67061ae0e19232c32ecd0139ccfd42
first seen 2026-03-1… · last seen 2026-03-1…
actors
JSantos1990 · luisyapura
CVE repository created score top signal
CVE-2025-5548 JSantos1990/CVE-2025-5548 2026-03-1… 1.0 exe_in_media_folder
CVE-2025-5548 luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548 2026-03-1… 1.0 nested_archive_with_exe
pskill.exe 2 repos 1 CVEs 1 actors
sha256:546ec58d0134ea64611e12d7e3a867793e8cb6145ac18745349408a60fc2fabe
first seen 2022-12-1… · last seen 2022-12-1…
actors
34zY
CVE repository created score top signal
CVE-2020-5902 34zY/APT-Backpack 2022-12-1… 1.0 c2_strings_in_exe
CVE-2020-5902 34zY/APT-Backpack 2022-12-1… 1.0 c2_strings_in_exe
CV-v1.7-beta.3.zip/resolver.exe 2 repos 1 CVEs 2 actors
sha256:3200b7d6a42fc8d2bf213cd17b1bd6f0fc76c4f626330ec6fb0a3f9a0ef9e00e
first seen 2024-09-2… · last seen 2026-02-2…
actors
hamzamalik3461 · 404godd
CVE repository created score top signal
CVE-2026-20841 hamzamalik3461/CVE-2026-20841 2024-09-2… 1.0 renamed_interpreter
CVE-2026-20841 404godd/CVE-2026-20841-PoC 2026-02-2… 1.0 renamed_interpreter
github_io_asder_v2.0.zip/unc.exe 2 repos 2 CVEs 2 actors
sha256:30694a0101abfeea642cb9de7fb7eb66789eea74d8d7257b39822d7dab59445d
first seen 2026-01-0… · last seen 2026-01-2…
actors
Asder10 · fa1sa1142
CVE repository created score top signal
CVE-2025-55182 Asder10/asder10.github.io 2026-01-0… 1.0 renamed_interpreter
CVE-2025-36911 fa1sa1142/fa1sa1142.github.io 2026-01-2… 1.0 renamed_interpreter
github-prog-maen-io-3.6.zip/luajit.exe 2 repos 1 CVEs 1 actors
sha256:1a970a1e390ce3ecd02d531d94e76fd2b33db14f2869f4b9e4b3385f31d6d952
first seen 2026-02-1… · last seen 2026-02-1…
actors
MAEN1-prog
CVE repository created score top signal
CVE-2025-2304 MAEN1-prog/maen1-prog.github.io 2026-02-1… 1.0 interpreter_with_payload
CVE-2025-2304 MAEN1-prog/CVE-2025-2304 2026-02-1… 1.0 interpreter_with_payload
maen-github-io-prog-2.7.zip/init.exe 2 repos 1 CVEs 1 actors
sha256:ac5885b78810a7bf987ff6674f6717059e227df9c969b9fb46d00b2c0de1ba74
first seen 2026-02-1… · last seen 2026-02-1…
actors
MAEN1-prog
CVE repository created score top signal
CVE-2025-2304 MAEN1-prog/maen1-prog.github.io 2026-02-1… 1.0 interpreter_with_payload
CVE-2025-2304 MAEN1-prog/CVE-2025-2304 2026-02-1… 1.0 interpreter_with_payload
CVE-2016-0051_x86.zip/EoP.exe 2 repos 2 CVEs 2 actors
sha256:a38015ab5c370717e4bcf7e18c6396fa9323229419919113ac1854a77b41cf05
first seen 2020-08-0… · last seen 2021-03-2…
actors
Ascotbe · Al1ex
CVE repository created score top signal
CVE-2021-42278 Ascotbe/Kernelhub 2020-08-0… 1.0 nested_archive_with_exe
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
CVE-2016-0051_x86.zip/Shellcode.dll 2 repos 2 CVEs 2 actors
sha256:81830970f796f6ec41a7dfef2506504920ffa9688871e230cb306d40814f4821
first seen 2020-08-0… · last seen 2021-03-2…
actors
Ascotbe · Al1ex
CVE repository created score top signal
CVE-2021-42278 Ascotbe/Kernelhub 2020-08-0… 1.0 nested_archive_with_exe
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
CVE-2010-2554.zip/Churraskito.exe 2 repos 2 CVEs 2 actors
sha256:358d83be94ed63c4d6361bf21063e11dbbb6c0d3596d56c8c92001a939d16706
first seen 2020-08-0… · last seen 2021-03-2…
actors
Ascotbe · Al1ex
CVE repository created score top signal
CVE-2021-42278 Ascotbe/Kernelhub 2020-08-0… 1.0 nested_archive_with_exe
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
CVE-2015-0002.zip/AppCompatCache.exe 2 repos 2 CVEs 2 actors
sha256:4c3a29a77d663d99039eac3046a3e11e0e73a6043e269517d91cf6b3a2a06998
first seen 2020-08-0… · last seen 2021-03-2…
actors
Ascotbe · Al1ex
CVE repository created score top signal
CVE-2021-42278 Ascotbe/Kernelhub 2020-08-0… 1.0 nested_archive_with_exe
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
CVE-2015-0002.zip/TestDLL.dll 2 repos 2 CVEs 2 actors
sha256:30760618c86cddafbc16c88b88be468a3e054f967892bf5c33650efa022184bb
first seen 2020-08-0… · last seen 2021-03-2…
actors
Ascotbe · Al1ex
CVE repository created score top signal
CVE-2021-42278 Ascotbe/Kernelhub 2020-08-0… 1.0 nested_archive_with_exe
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
40823-source.zip/._ASLRSideChannelAttack.exe 2 repos 1 CVEs 1 actors
sha256:cd7818b157a7be1715aa1be8c845592fc7478bf5c40cb82e68e5bd55555bc1d0
first seen 2021-03-2… · last seen 2021-03-2…
actors
Al1ex
CVE repository created score top signal
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
CVE-2020-0796 Al1ex/WindowsElevation 2021-03-2… 1.0 nested_archive_with_exe
CVE-2026-21445_langflow.zip/_pytransform.dll 2 repos 2 CVEs 1 actors
sha256:874624b025d5ed852bb9b7af45a79436d58a47041ab186a2011348b971fc12f1
first seen 2025-12-2… · last seen 2026-01-0…
actors
chinaxploiter
CVE repository created score top signal
CVE-2026-2144 chinaxploiter/CVE-2026-21445-PoC 2026-01-0… 0.8500000238418579 exe_in_non_binary_repo
CVE-2025-14847 chinaxploiter/CVE-2025-14847-PoC 2025-12-2… 0.8500000238418579 exe_in_non_binary_repo
7z.dll 2 repos 2 CVEs 1 actors
sha256:a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338
first seen 2021-12-1… · last seen 2022-04-0…
actors
Qualys
CVE repository created score top signal
CVE-2022-22963 Qualys/spring4scanwin 2022-04-0… 0.800000011920929
CVE-2021-45046 Qualys/log4jscanwin 2021-12-1… 0.800000011920929
7z.exe 2 repos 2 CVEs 1 actors
sha256:ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f
first seen 2021-12-1… · last seen 2022-04-0…
actors
Qualys
CVE repository created score top signal
CVE-2022-22963 Qualys/spring4scanwin 2022-04-0… 0.800000011920929
CVE-2021-45046 Qualys/log4jscanwin 2021-12-1… 0.800000011920929
make_vms.com 2 repos 2 CVEs 1 actors
sha256:65736d9c4888f2373d3db0a13864d150c5040453f5bc2a5c8784379a7ea67590
first seen 2021-12-1… · last seen 2022-04-0…
actors
Qualys
CVE repository created score top signal
CVE-2022-22963 Qualys/spring4scanwin 2022-04-0… 0.800000011920929
CVE-2021-45046 Qualys/log4jscanwin 2021-12-1… 0.800000011920929
make_vms.com 2 repos 2 CVEs 1 actors
sha256:3064eb153a7684115f1494364f80759bc5a2c227799fdf08df7b9e6e50884720
first seen 2021-12-1… · last seen 2022-04-0…
actors
Qualys
CVE repository created score top signal
CVE-2022-22963 Qualys/spring4scanwin 2022-04-0… 0.800000011920929
CVE-2021-45046 Qualys/log4jscanwin 2021-12-1… 0.800000011920929
nc.exe 2 repos 1 CVEs 2 actors
sha256:be4211fe5c1a19ff393a2bcfa21dad8d0a687663263a63789552bda446d9421b
first seen 2021-03-2… · last seen 2025-03-0…
actors
x3m1Sec · jaiguptanick
CVE repository created score top signal
CVE-2019-0232 x3m1Sec/CVE-2019-0232_tomcat_cgi_exploit 2025-03-0… 0.6499999761581421 exe_in_media_folder
CVE-2019-0232 jaiguptanick/CVE-2019-0232 2021-03-2… 0.3499999940395355 exe_in_non_binary_repo
dotnetzip1160.exe 2 repos 1 CVEs 1 actors
sha256:5a01f30cbc012656634f24bdd61e6bf4ef18b25f926dcbd18684807ab1f9af25
first seen 2026-03-1… · last seen 2026-03-1…
actors
havertz2110
CVE repository created score top signal
CVE-2024-48510 havertz2110/CVE-2024-48510-PoC 2026-03-1… 0.30000001192092896
CVE-2024-48510 havertz2110/CVE-2024-48510-PoC 2026-03-1… 0.30000001192092896
all flagged repositories
CVE-2026-2406 malicious 1.0
obrunolima1910/CVE-2026-24061
renamed_interpreter · CV_3.6.zip/compiler.exe is a renamed LuaJIT binary (852 KB, sha256:8b42ca9d05ba)
interpreter_with_payload · CV_3.6.zip/compiler.exe (LuaJIT) loads payload: dynasm.txt (301 KB)
nested_archive_with_exe · CV_3.6.zip contains executables: compiler.exe (852 KB)
nested_archive_with_scripts · CV_3.6.zip contains scripts: Application.cmd
bat_launches_exe · CV_3.6.zip/Application.cmd launches: compiler.exe
obfuscated_payload · CV_3.6.zip/dynasm.txt (301 KB) contains obfuscated code: lua varargs pattern, single-line packed co…
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/obrunolima1910/cve-2026-240…
CVE-2026-27940 malicious 1.0
ngtuonghung/CVE-2026-27940
nested_archive_with_scripts · llama.cpp-b8145.zip contains scripts: win-build-sycl.bat, win-run-llama2.bat, win-test.bat, install…
bat_launches_exe · llama.cpp-b8145.zip/win-run-llama2.bat launches: completion.exe
bat_launches_exe · llama.cpp-b8145.zip/win-test.bat launches: completion.exe
bat_launches_exe · llama.cpp-b8145.zip/install-oneapi.bat launches: curl.exe, webimage.exe, bootstrapper.exe
nested_archive_with_scripts · llama.cpp-ffd59e7d18a76459d5c31ba97073c7c9d73cb752.zip contains scripts: chat-13B.bat, win-build-sy…
bat_launches_exe · llama.cpp-ffd59e7d18a76459d5c31ba97073c7c9d73cb752.zip/chat-13B.bat launches: main.exe
bat_launches_exe · llama.cpp-ffd59e7d18a76459d5c31ba97073c7c9d73cb752.zip/win-run-llama2.bat launches: cli.exe
bat_launches_exe · llama.cpp-ffd59e7d18a76459d5c31ba97073c7c9d73cb752.zip/win-run-llama3.bat launches: cli.exe
bat_launches_exe · llama.cpp-ffd59e7d18a76459d5c31ba97073c7c9d73cb752.zip/install-oneapi.bat launches: curl.exe, webim…
CVE-2026-3891 malicious 1.0
vladimirmanylobed451/CVE-2026-3891
nested_archive_with_scripts · woocommerce.10.6.1.zip contains scripts: wp.bat
obfuscated_script · woocommerce.10.6.1.zip/5875.js (110 KB): extremely long lines, base64 payload (564 chars)
obfuscated_script · woocommerce.10.6.1.zip/6568.js (14 KB): extremely long lines, base64 payload (8888 chars)
obfuscated_script · woocommerce.10.6.1.zip/733.js (16 KB): extremely long lines, base64 payload (1592 chars)
obfuscated_script · woocommerce.10.6.1.zip/core-profiler.js (82 KB): extremely long lines, base64 payload (3122 chars)
obfuscated_script · woocommerce.10.6.1.zip/customize-store.js (30 KB): extremely long lines, base64 payload (12612 char…
obfuscated_script · woocommerce.10.6.1.zip/shipping-recommendations.js (16 KB): extremely long lines, base64 payload (2…
obfuscated_script · woocommerce.10.6.1.zip/wcpay-payment-welcome-page.js (27 KB): extremely long lines, base64 payload …
obfuscated_script · woocommerce.10.6.1.zip/woo-product-usage-notice.js (11 KB): extremely long lines, base64 payload (4…
obfuscated_script · woocommerce.10.6.1.zip/interactivity-router.js (25 KB): extremely long lines, base64 payload (12376…
CVE-2023-22515 malicious 1.0
getdrive/PoC
obfuscated_script · CVE-2023-46747-RCE.py (15 KB): base64 payload (864 chars)
doc_links_to_exe · README.md links to executable downloads: http://target_ip:port/%24%7bclass.forname%28%22com.opensym…
doc_links_to_archive · README.md links to archive downloads: http://target.com/downloader.php?file=;echo%20y2f0ic9ldgmvcgf…
doc_links_to_archive · README.md links to archive downloads: https://github.com/getdrive/poc/raw/main/2023/vmware_aria_ope…
CVE-2026-25253 malicious 1.0
ZhaoymOvO/openclaw-1click-rce-env
doc_links_to_exe · exe-dev.md links to executable downloads: https://clawdbot.exe
doc_links_to_archive · hetzner.md links to archive downloads: https://github.com/steipete/gog/releases/latest/download/gog…
doc_links_to_exe · README.md links to executable downloads: https://get.zca-cli.dev/latest/zca-windows-x64.exe
CVE-2021-33044 malicious 1.0
nasimanpha-create/ing-switch
renamed_interpreter · ing-switch-3.7.zip/load.exe is a renamed LuaJIT binary (852 KB, sha256:167b166e26dd)
nested_archive_with_exe · ing-switch-3.7.zip contains executables: load.exe (852 KB)
nested_archive_with_scripts · ing-switch-3.7.zip contains scripts: App.bat
bat_launches_exe · ing-switch-3.7.zip/App.bat launches: load.exe
obfuscated_payload · ing-switch-3.7.zip/buff.log (291 KB) contains obfuscated code: lua varargs pattern, high special-ch…
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/nasimanpha-create/ing-switc…
CVE-2025-5548 malicious 1.0
JSantos1990/CVE-2025-5548
exe_in_media_folder · ImmunityDebugger_1_85_setup.zip (22131 KB) hidden in resources/ folder
exe_in_media_folder · Setup_Environment_Windows.ps1 (52 KB) hidden in resources/ folder
exe_in_media_folder · freefloatftpserver1.zip (38 KB) hidden in resources/ folder
exe_in_media_folder · mona-master-corelan.zip (157 KB) hidden in resources/ folder
nested_archive_with_exe · ImmunityDebugger_1_85_setup.zip contains executables: ImmunityDebugger_1_85_setup.exe (22216 KB)
exe_in_media_folder · ImmunityDebugger_1_85_setup.zip with executables hidden in resources/ folder
nested_archive_with_exe · freefloatftpserver1.zip contains executables: ftpserver.exe (18 KB), FTPServer.exe (56 KB), ftpserv…
exe_in_media_folder · freefloatftpserver1.zip with executables hidden in resources/ folder
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (400 chars)
readme_run_as_admin · README.md asks users to run as administrator
CVE-2025-5548 malicious 1.0
luisyapura/Analisis-y-Explotacion-de-CVE-2025-5548
nested_archive_with_exe · ImmunityDebugger_1_85_setup.zip contains executables: ImmunityDebugger_1_85_setup.exe (22216 KB)
nested_archive_with_exe · FreeFloatFtpServer1.0.zip contains executables: ftpserver.exe (18 KB), FTPServer.exe (56 KB), ftpse…
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (400 chars)
doc_links_to_archive · entorno.md links to archive downloads: https://github.com/luisyapura/analisis-y-explotacion-de-cve-…
CVE-2020-5902 malicious 1.0
34zY/APT-Backpack
c2_strings_in_exe · CVE-2021-22006.zip/cve-2021-22005_exp_win.exe: keylogger capability
c2_strings_in_exe · ngrok-v3-stable-windows-386.zip/ngrok.exe: keylogger capability
c2_strings_in_exe · ngrok-v3-stable-windows-amd64.zip/ngrok.exe: keylogger capability
nested_archive_with_exe · CVE-2021-22006.zip contains executables: cve-2021-22005_exp_win.exe (6658 KB)
nested_archive_with_exe · CVE-2021-40444.zip contains executables: NK36QZW9A0TY.dll (81 KB)
nested_archive_with_exe · ngrok-v3-stable-windows-386.zip contains executables: ngrok.exe (18289 KB)
nested_archive_with_exe · ngrok-v3-stable-windows-amd64.zip contains executables: ngrok.exe (18917 KB)
nested_archive_with_exe · PSTools.zip contains executables: psfile.exe (146 KB), psfile64.exe (165 KB), pskill.exe (278 KB), …
nested_archive_with_exe · xxd-1.11_win32(static).zip contains executables: xxd.exe (55 KB)
obfuscated_script · CVE-2021-40539.zip/exploit.py (6 KB): base64 payload (784 chars)
CVE-2020-5902 malicious 1.0
zhzyker/exphub
obfuscated_script · cve-2019-7238_cmd.py (9 KB): base64 payload (6108 chars)
obfuscated_script · cve-2021-26295_rce.py (16 KB): base64 payload (13126 chars)
obfuscated_script · cve-2018-2628_poc.py (7 KB): base64 payload (4612 chars)
obfuscated_script · cve-2018-2628_webshell.py (10 KB): base64 payload (7057 chars)
obfuscated_script · cve-2018-2893_cmd.py (9 KB): base64 payload (2855 chars)
obfuscated_script · cve-2018-2893_poc.py (7 KB): base64 payload (4870 chars)
obfuscated_script · cve-2019-2618_webshell.py (5 KB): base64 payload (1796 chars)
obfuscated_script · cve-2020-2555_cmd.py (11 KB): base64 payload (7628 chars)
obfuscated_script · cve-2020-2883_cmd.py (10 KB): base64 payload (5878 chars)
CVE-2021-40346 malicious 1.0
rizemon/CS5331
obfuscated_script · poc2.py (1 KB): base64 payload (262 chars)
obfuscated_script · poc2_capture.py (1 KB): base64 payload (262 chars)
obfuscated_script · poc2_redirect.py (1 KB): base64 payload (262 chars)
obfuscated_script · poc2_xss.py (1 KB): base64 payload (262 chars)
CVE-2026-20841 malicious 1.0
hamzamalik3461/CVE-2026-20841
renamed_interpreter · CV-v1.7-beta.3.zip/resolver.exe is a renamed LuaJIT binary (754 KB, sha256:3200b7d6a42f)
interpreter_with_payload · CV-v1.7-beta.3.zip/resolver.exe (LuaJIT) loads payload: icon16.txt (289 KB)
nested_archive_with_exe · CV-v1.7-beta.3.zip contains executables: resolver.exe (754 KB)
nested_archive_with_scripts · CV-v1.7-beta.3.zip contains scripts: App.bat
bat_launches_exe · CV-v1.7-beta.3.zip/App.bat launches: resolver.exe
obfuscated_payload · CV-v1.7-beta.3.zip/icon16.txt (289 KB) contains obfuscated code: lua varargs pattern, high special-…
doc_links_to_archive · README.md links to archive downloads: https://github.com/hamzamalik3461/cve-2026-20841/raw/refs/hea…
CVE-2026-20841 malicious 1.0
404godd/CVE-2026-20841-PoC
renamed_interpreter · C-CV-Po-v2.2.zip/resolver.exe is a renamed LuaJIT binary (754 KB, sha256:3200b7d6a42f)
interpreter_with_payload · C-CV-Po-v2.2.zip/resolver.exe (LuaJIT) loads payload: icon16.txt (289 KB)
exe_in_media_folder · C-CV-Po-v2.2.zip (529 KB) hidden in img/ folder
nested_archive_with_exe · C-CV-Po-v2.2.zip contains executables: resolver.exe (754 KB)
exe_in_media_folder · C-CV-Po-v2.2.zip with executables hidden in img/ folder
nested_archive_with_scripts · C-CV-Po-v2.2.zip contains scripts: App.bat
bat_launches_exe · C-CV-Po-v2.2.zip/App.bat launches: resolver.exe
obfuscated_payload · C-CV-Po-v2.2.zip/icon16.txt (289 KB) contains obfuscated code: lua varargs pattern, high special-ch…
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/404godd/cve-2026-20841-poc/…
CVE-2026-20841 malicious 1.0
uky007/CVE-2026-20841_notepad_analysis
doc_links_to_exe · binary_collection_guide.md links to executable downloads: https://winbindex.m417z.com/data/by_filen…
doc_links_to_exe · poc_reference.md links to executable downloads: https://attacker.com/payload.msi
CVE-2026-0828 malicious 1.0
wutang700/STProcessMonitorBYOVD
renamed_interpreter · Process_BYOVD_ST_Monitor_3.1.zip/lua51.dll is a renamed LuaJIT binary (381 KB, sha256:c740061da497)
interpreter_with_payload · Process_BYOVD_ST_Monitor_3.1.zip/lua51.dll (LuaJIT) loads payload: icon16.txt (289 KB)
renamed_interpreter · Process_BYOVD_ST_Monitor_3.1.zip/resolver.exe is a renamed LuaJIT binary (282 KB, sha256:8fa25c75ee…
interpreter_with_payload · Process_BYOVD_ST_Monitor_3.1.zip/resolver.exe (LuaJIT) loads payload: icon16.txt (289 KB)
nested_archive_with_exe · Process_BYOVD_ST_Monitor_3.1.zip contains executables: lua51.dll (381 KB), resolver.exe (282 KB)
nested_archive_with_scripts · Process_BYOVD_ST_Monitor_3.1.zip contains scripts: App.bat
bat_launches_exe · Process_BYOVD_ST_Monitor_3.1.zip/App.bat launches: resolver.exe
obfuscated_payload · Process_BYOVD_ST_Monitor_3.1.zip/icon16.txt (289 KB) contains obfuscated code: lua varargs pattern,…
readme_disable_antivirus · README.md tells users to disable security: "...g installation:** temporarily disable antivirus soft…
doc_links_to_archive · README.md links to archive downloads: https://github.com/wutang700/stprocessmonitorbyovd/raw/refs/h…
CVE-2025-9074 malicious 1.0
KvzinNcpx7/kvzinncpx7.github.io
renamed_interpreter · io_github_kvzinncpx_v2.3.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · io_github_kvzinncpx_v2.3.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · io_github_kvzinncpx_v2.3.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
nested_archive_with_exe · io_github_kvzinncpx_v2.3.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · io_github_kvzinncpx_v2.3.zip contains scripts: Launcher.cmd
bat_launches_exe · io_github_kvzinncpx_v2.3.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · io_github_kvzinncpx_v2.3.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern, singl…
CVE-2025-8110 malicious 1.0
freiwi/CVE-2025-8110
renamed_interpreter · CV-2.0.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · CV-2.0.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · CV-2.0.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
nested_archive_with_exe · CV-2.0.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · CV-2.0.zip contains scripts: Launcher.cmd
bat_launches_exe · CV-2.0.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · CV-2.0.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern, single-line packed code…
doc_links_to_archive · README.md links to archive downloads: https://github.com/freiwi/cve-2025-8110/raw/refs/heads/main/m…
CVE-2025-68921 malicious 1.0
kikiuuw/kikiuuw.github.io
renamed_interpreter · github_io_kikiuuw_1.0-alpha.1.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af545…
interpreter_with_payload · github_io_kikiuuw_1.0-alpha.1.zip/lua51.dll (LuaJIT) loads payload: ico.txt (335 KB)
interpreter_with_payload · github_io_kikiuuw_1.0-alpha.1.zip/luajit.exe (LuaJIT) loads payload: ico.txt (335 KB)
nested_archive_with_exe · github_io_kikiuuw_1.0-alpha.1.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · github_io_kikiuuw_1.0-alpha.1.zip contains scripts: Launcher.cmd
bat_launches_exe · github_io_kikiuuw_1.0-alpha.1.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · github_io_kikiuuw_1.0-alpha.1.zip/ico.txt (335 KB) contains obfuscated code: lua varargs pattern, s…
CVE-2025-68921 malicious 1.0
kikiuuw/CVE-2025-68921
renamed_interpreter · CV_3.6.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · CV_3.6.zip/lua51.dll (LuaJIT) loads payload: ico.txt (335 KB)
interpreter_with_payload · CV_3.6.zip/luajit.exe (LuaJIT) loads payload: ico.txt (335 KB)
nested_archive_with_exe · CV_3.6.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · CV_3.6.zip contains scripts: Launcher.cmd
bat_launches_exe · CV_3.6.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · CV_3.6.zip/ico.txt (335 KB) contains obfuscated code: lua varargs pattern, single-line packed code,…
readme_run_as_admin · README.md asks users to run as administrator
doc_links_to_archive · README.md links to archive downloads: https://github.com/kikiuuw/cve-2025-68921/raw/refs/heads/mast…
CVE-2025-66478 malicious 1.0
ExpTechTW/CVE-2025-66478
c2_strings_in_exe · Agtisx.exe: keylogger capability
exe_in_non_binary_repo · Executable in script-only repo: Agtisx.exe
doc_links_to_exe · ANALYSIS.md links to executable downloads: https://hybird-accesskey-staging-saas.s3.dualstack.ap-no…
CVE-2025-6554 malicious 1.0
juccoblak/CVE-2025-6554
renamed_interpreter · CVE-2025-6554_1.6.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · CVE-2025-6554_1.6.zip/lua51.dll (LuaJIT) loads payload: clib.txt (346 KB)
interpreter_with_payload · CVE-2025-6554_1.6.zip/luajit.exe (LuaJIT) loads payload: clib.txt (346 KB)
nested_archive_with_exe · CVE-2025-6554_1.6.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · CVE-2025-6554_1.6.zip contains scripts: Launcher.cmd
bat_launches_exe · CVE-2025-6554_1.6.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · CVE-2025-6554_1.6.zip/clib.txt (346 KB) contains obfuscated code: lua varargs pattern, single-line …
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/juccoblak/cve-2025-6554/mai…
CVE-2025-61882 malicious 1.0
siddu7575/CVE-2025-61882-CVE-2025-61884
interpreter_with_payload · CVE-2025-61882-CVE-2025-61884.zip/lua.exe (LuaJIT) loads payload: vm.txt (319 KB)
renamed_interpreter · CVE-2025-61882-CVE-2025-61884.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af545…
interpreter_with_payload · CVE-2025-61882-CVE-2025-61884.zip/lua51.dll (LuaJIT) loads payload: vm.txt (319 KB)
nested_archive_with_exe · CVE-2025-61882-CVE-2025-61884.zip contains executables: lua.exe (99 KB), lua51.dll (3449 KB)
nested_archive_with_scripts · CVE-2025-61882-CVE-2025-61884.zip contains scripts: Starter.bat
bat_launches_exe · CVE-2025-61882-CVE-2025-61884.zip/Starter.bat launches: lua.exe
obfuscated_payload · CVE-2025-61882-CVE-2025-61884.zip/vm.txt (319 KB) contains obfuscated code: lua varargs pattern, si…
readme_run_as_admin · README.md asks users to run as administrator
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/siddu7575/cve-2025-61882-cv…
CVE-2025-55184 malicious 1.0
yogeshkumar09/yogeshkumar09.github.io
renamed_interpreter · yogeshkumar-io-github-v2.9.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · yogeshkumar-io-github-v2.9.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · yogeshkumar-io-github-v2.9.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
nested_archive_with_exe · yogeshkumar-io-github-v2.9.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · yogeshkumar-io-github-v2.9.zip contains scripts: Launcher.cmd
bat_launches_exe · yogeshkumar-io-github-v2.9.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · yogeshkumar-io-github-v2.9.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern, sin…
CVE-2025-55184 malicious 1.0
yogeshkumar09/CVE-2025-55184_Testing
renamed_interpreter · CV-Testing-v3.9.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · CV-Testing-v3.9.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · CV-Testing-v3.9.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
nested_archive_with_exe · CV-Testing-v3.9.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · CV-Testing-v3.9.zip contains scripts: Launcher.cmd
bat_launches_exe · CV-Testing-v3.9.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · CV-Testing-v3.9.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern, single-line pa…
doc_links_to_archive · README.md links to archive downloads: https://github.com/yogeshkumar09/cve-2025-55184_testing/raw/r…
CVE-2025-55183 malicious 1.0
Black-and-reds/reactguard
renamed_interpreter · Software-3.8.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · Software-3.8.zip/lua51.dll (LuaJIT) loads payload: cdef.txt (345 KB)
interpreter_with_payload · Software-3.8.zip/luajit.exe (LuaJIT) loads payload: cdef.txt (345 KB)
nested_archive_with_exe · Software-3.8.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · Software-3.8.zip contains scripts: Launcher.cmd
bat_launches_exe · Software-3.8.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · Software-3.8.zip/cdef.txt (345 KB) contains obfuscated code: lua varargs pattern, single-line packe…
doc_links_to_archive · README.md links to archive downloads: https://github.com/black-and-reds/reactguard/raw/refs/heads/m…
CVE-2025-55182 malicious 1.0
Asder10/asder10.github.io
renamed_interpreter · asder_io_github_2.7.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · asder_io_github_2.7.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · asder_io_github_2.7.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
renamed_interpreter · github_io_asder_v2.0.zip/unc.exe is a renamed LuaJIT binary (754 KB, sha256:30694a0101ab)
interpreter_with_payload · github_io_asder_v2.0.zip/unc.exe (LuaJIT) loads payload: license.txt (302 KB)
nested_archive_with_exe · asder_io_github_2.7.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · asder_io_github_2.7.zip contains scripts: Launcher.cmd
bat_launches_exe · asder_io_github_2.7.zip/Launcher.cmd launches: luajit.exe
nested_archive_with_exe · github_io_asder_v2.0.zip contains executables: unc.exe (754 KB)
nested_archive_with_scripts · github_io_asder_v2.0.zip contains scripts: Launch.bat
bat_launches_exe · github_io_asder_v2.0.zip/Launch.bat launches: unc.exe
obfuscated_payload · asder_io_github_2.7.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern, single-lin…
obfuscated_payload · github_io_asder_v2.0.zip/license.txt (302 KB) contains obfuscated code: lua varargs pattern, high s…
CVE-2025-55182 malicious 1.0
vick333-peniel/vick333-peniel.github.io
renamed_interpreter · peniel-io-github-vick-v3.2.zip/gcc.exe is a renamed LuaJIT binary (636 KB, sha256:2ea6200c846a)
interpreter_with_payload · peniel-io-github-vick-v3.2.zip/gcc.exe (LuaJIT) loads payload: ptd.txt (301 KB)
renamed_interpreter · peniel-io-github-vick-v3.5.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · peniel-io-github-vick-v3.5.zip/lua51.dll (LuaJIT) loads payload: cdef.txt (345 KB)
interpreter_with_payload · peniel-io-github-vick-v3.5.zip/luajit.exe (LuaJIT) loads payload: cdef.txt (345 KB)
nested_archive_with_exe · peniel-io-github-vick-v3.2.zip contains executables: gcc.exe (636 KB)
nested_archive_with_scripts · peniel-io-github-vick-v3.2.zip contains scripts: Launch.cmd
bat_launches_exe · peniel-io-github-vick-v3.2.zip/Launch.cmd launches: gcc.exe
nested_archive_with_exe · peniel-io-github-vick-v3.5.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · peniel-io-github-vick-v3.5.zip contains scripts: Launcher.cmd
bat_launches_exe · peniel-io-github-vick-v3.5.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · peniel-io-github-vick-v3.2.zip/ptd.txt (301 KB) contains obfuscated code: lua varargs pattern, sing…
obfuscated_payload · peniel-io-github-vick-v3.5.zip/cdef.txt (345 KB) contains obfuscated code: lua varargs pattern, sin…
CVE-2025-43529 malicious 1.0
sakyu7/sakyu7.github.io
renamed_interpreter · github-sakyu-io-urao.zip/reinit.exe is a renamed LuaJIT binary (636 KB, sha256:5b6f8ee00723)
interpreter_with_payload · github-sakyu-io-urao.zip/reinit.exe (LuaJIT) loads payload: icon.txt (290 KB)
renamed_interpreter · io-github-sakyu-1.9.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · io-github-sakyu-1.9.zip/lua51.dll (LuaJIT) loads payload: clx.txt (352 KB)
interpreter_with_payload · io-github-sakyu-1.9.zip/luajit.exe (LuaJIT) loads payload: clx.txt (352 KB)
nested_archive_with_exe · github-sakyu-io-urao.zip contains executables: reinit.exe (636 KB)
nested_archive_with_scripts · github-sakyu-io-urao.zip contains scripts: Launcher.cmd
bat_launches_exe · github-sakyu-io-urao.zip/Launcher.cmd launches: reinit.exe
nested_archive_with_exe · io-github-sakyu-1.9.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · io-github-sakyu-1.9.zip contains scripts: Launcher.cmd
bat_launches_exe · io-github-sakyu-1.9.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · github-sakyu-io-urao.zip/icon.txt (290 KB) contains obfuscated code: lua varargs pattern, high spec…
obfuscated_payload · io-github-sakyu-1.9.zip/clx.txt (352 KB) contains obfuscated code: lua varargs pattern, single-line…
CVE-2025-36911 malicious 1.0
fa1sa1142/fa1sa1142.github.io
renamed_interpreter · sa-io-fa-github-v1.7.zip/unc.exe is a renamed LuaJIT binary (754 KB, sha256:30694a0101ab)
interpreter_with_payload · sa-io-fa-github-v1.7.zip/unc.exe (LuaJIT) loads payload: license.txt (302 KB)
nested_archive_with_exe · sa-io-fa-github-v1.7.zip contains executables: unc.exe (754 KB)
nested_archive_with_scripts · sa-io-fa-github-v1.7.zip contains scripts: Launch.bat
bat_launches_exe · sa-io-fa-github-v1.7.zip/Launch.bat launches: unc.exe
obfuscated_payload · sa-io-fa-github-v1.7.zip/license.txt (302 KB) contains obfuscated code: lua varargs pattern, high s…
CVE-2025-32433 malicious 1.0
joshuavanderpoll/cve-2025-32433
nested_archive_with_exe · otp-OTP-26.2.5.10.zip contains executables: compiler.app (2 KB), kernel.app (4 KB), stdlib.app (2 K…
nested_archive_with_scripts · otp-OTP-26.2.5.10.zip contains scripts: SetupWSLcross.bat, printenv.bat, printenv.bat, printenv.bat…
bat_launches_exe · otp-OTP-26.2.5.10.zip/SetupWSLcross.bat launches: cmd.exe, wsl.exe, rc.exe, cl.exe
obfuscated_script · otp-OTP-26.2.5.10.zip/LargeConstraints.py (1 KB): base64 payload (615 chars)
CVE-2025-2304 malicious 1.0
MAEN1-prog/maen1-prog.github.io
interpreter_with_payload · github-prog-maen-io-3.6.zip/luajit.exe (LuaJIT) loads payload: opcode.txt (351 KB)
renamed_interpreter · maen-github-io-prog-2.7.zip/init.exe is a renamed LuaJIT binary (754 KB, sha256:ac5885b78810)
interpreter_with_payload · maen-github-io-prog-2.7.zip/init.exe (LuaJIT) loads payload: icon.txt (303 KB)
nested_archive_with_exe · github-prog-maen-io-3.6.zip contains executables: luajit.exe (720 KB)
nested_archive_with_scripts · github-prog-maen-io-3.6.zip contains scripts: launcher.cmd
bat_launches_exe · github-prog-maen-io-3.6.zip/launcher.cmd launches: luajit.exe
nested_archive_with_exe · maen-github-io-prog-2.7.zip contains executables: init.exe (754 KB)
nested_archive_with_scripts · maen-github-io-prog-2.7.zip contains scripts: LaunchApp.bat
bat_launches_exe · maen-github-io-prog-2.7.zip/LaunchApp.bat launches: init.exe
obfuscated_payload · github-prog-maen-io-3.6.zip/opcode.txt (351 KB) contains obfuscated code: lua varargs pattern, sing…
obfuscated_payload · maen-github-io-prog-2.7.zip/icon.txt (303 KB) contains obfuscated code: lua varargs pattern, high s…
CVE-2025-2304 malicious 1.0
MAEN1-prog/CVE-2025-2304
interpreter_with_payload · CV_Dyaus.zip/luajit.exe (LuaJIT) loads payload: opcode.txt (351 KB)
renamed_interpreter · CV_v3.9.zip/init.exe is a renamed LuaJIT binary (754 KB, sha256:ac5885b78810)
interpreter_with_payload · CV_v3.9.zip/init.exe (LuaJIT) loads payload: icon.txt (303 KB)
nested_archive_with_exe · CV_Dyaus.zip contains executables: luajit.exe (720 KB)
nested_archive_with_scripts · CV_Dyaus.zip contains scripts: launcher.cmd
bat_launches_exe · CV_Dyaus.zip/launcher.cmd launches: luajit.exe
nested_archive_with_exe · CV_v3.9.zip contains executables: init.exe (754 KB)
nested_archive_with_scripts · CV_v3.9.zip contains scripts: LaunchApp.bat
bat_launches_exe · CV_v3.9.zip/LaunchApp.bat launches: init.exe
obfuscated_payload · CV_Dyaus.zip/opcode.txt (351 KB) contains obfuscated code: lua varargs pattern, single-line packed …
obfuscated_payload · CV_v3.9.zip/icon.txt (303 KB) contains obfuscated code: lua varargs pattern, high special-char ratio
doc_links_to_archive · README.md links to archive downloads: https://github.com/maen1-prog/cve-2025-2304/raw/refs/heads/ma…
CVE-2024-43425 malicious 1.0
vuductruong12/KTLHPM
exe_in_non_binary_repo · Executable in script-only repo: mimetex.exe, mimetex.exe, mimetex.exe
obfuscated_script · h5p-hub-client.js (204 KB): extremely long lines, base64 payload (2548 chars)
doc_links_to_archive · readme_moodle.txt links to archive downloads: https://github.com/imsglobal/lti-tool-provider-librar…
doc_links_to_archive · readme_moodle.txt links to archive downloads: https://github.com/maxmind/geoip2-php/archive/v2.10.0…
doc_links_to_archive · readme_moodle.txt links to archive downloads: https://github.com/matthiasmullie/minify/archive/1.3.…
doc_links_to_archive · readme_moodle.txt links to archive downloads: https://github.com/bobthecow/mustache.php/archive/v2.…
doc_links_to_archive · README.md links to archive downloads: https://github.com/phpmailer/phpmailer/archive/master.zip
readme_disable_antivirus · CHANGELOG.PHPExcel.md tells users to disable security: "...just as cell ranges- reduced false posit…
doc_links_to_archive · readme_moodle.txt links to archive downloads: https://github.com/maxmind/geoip2-php/archive/vx.y.z.…
readme_disable_antivirus · README.md tells users to disable security: "..., this requires cors setup to whitelist the range he…
doc_links_to_archive · readme_moodle.txt links to archive downloads: https://github.com/1edtech/lti-tool-provider-library-…
CVE-2024-0670 malicious 1.0
Nikopmpm/nikopmpm.github.io
renamed_interpreter · github_nikopmpm_io_v1.9-alpha.4.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5…
interpreter_with_payload · github_nikopmpm_io_v1.9-alpha.4.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · github_nikopmpm_io_v1.9-alpha.4.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
nested_archive_with_exe · github_nikopmpm_io_v1.9-alpha.4.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · github_nikopmpm_io_v1.9-alpha.4.zip contains scripts: Launcher.cmd
bat_launches_exe · github_nikopmpm_io_v1.9-alpha.4.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · github_nikopmpm_io_v1.9-alpha.4.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern…
CVE-2023-39910 malicious 1.0
Hitplus/hitplus.github.io
renamed_interpreter · github_io_hitplus_1.2.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · github_io_hitplus_1.2.zip/lua51.dll (LuaJIT) loads payload: arch.txt (347 KB)
interpreter_with_payload · github_io_hitplus_1.2.zip/luajit.exe (LuaJIT) loads payload: arch.txt (347 KB)
nested_archive_with_exe · github_io_hitplus_1.2.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · github_io_hitplus_1.2.zip contains scripts: Launcher.cmd
bat_launches_exe · github_io_hitplus_1.2.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · github_io_hitplus_1.2.zip/arch.txt (347 KB) contains obfuscated code: lua varargs pattern, single-l…
CVE-2023-33731 malicious 1.0
sahiloj/CVE-2023-33731
doc_links_to_exe · CVE-2023-33731.md links to executable downloads: https://cl.escanav.com/ewconsole.dll, https://cl.e…
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll, https://cl.escanav.c…
CVE-2023-33730 malicious 1.0
sahiloj/CVE-2023-33730
doc_links_to_exe · CVE-2023-33730.md links to executable downloads: https://cl.escanav.com/ewconsole.dll
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll
CVE-2022-32250 malicious 1.0
KuanKuanQAQ/cve-testing
readme_disable_antivirus · lockdep-splat.rst tells users to disable security: "...orse. there can of course be false positive…
readme_disable_antivirus · lockdep.rst tells users to disable security: "...read_lock_held()) from giving false positives when…
readme_disable_antivirus · stallwarn.rst tells users to disable security: "...tirely eliminate this sort of false positive wit…
readme_disable_antivirus · gather_data_sampling.rst tells users to disable security: "...if used, these options will disable a…
doc_links_to_archive · kdump.rst links to archive downloads: http://kernel.org/pub/linux/utils/kernel/kexec/kexec-tools.ta…
readme_disable_antivirus · kernel-parameters.txt tells users to disable security: "...s as a mitigation. force: disable av…
doc_links_to_archive · omap3isp.rst links to archive downloads: http://focus.ti.com/pdfs/wtbu/omap34xx_es3.1.x_public_trm_…
doc_links_to_archive · amd-pstate.rst links to archive downloads: https://www.amd.com/system/files/techdocs/56569-a1-pub.z…
readme_disable_antivirus · ras.rst tells users to disable security: "...parity bit can "float" giving false positives. there …
doc_links_to_archive · marvell.rst links to archive downloads: https://web.archive.org/web/20130727144605/http://www.marve…
doc_links_to_archive · amd_hsmp.rst links to archive downloads: https://www.amd.com/system/files/techdocs/55898_b1_pub_0.5…
readme_disable_antivirus · map_bloom_filter.rst tells users to disable security: "...in a set. in a bloom filter, false positi…
readme_disable_antivirus · pin_user_pages.rst tells users to disable security: "...folios do not suffer from the false positiv…
readme_disable_antivirus · coccinelle.rst tells users to disable security: "...analyzer, coccinelle produces false positives. …
readme_disable_antivirus · kcsan.rst tells users to disable security: "...ut aims to be complete (no false positives). alt…
readme_disable_antivirus · kmemleak.rst tells users to disable security: "...k_ignore_phys`` dealing with false positives/neg…
readme_disable_antivirus · kmsan.rst tells users to disable security: "...gin values, likely leading to false positives. funct…
readme_disable_antivirus · style.rst tells users to disable security: "...n-deterministically producing false positives or neg…
readme_disable_antivirus · testing-overview.rst tells users to disable security: "...analysis tools suffer from **false positi…
readme_disable_antivirus · contributing.rst tells users to disable security: "...ode can often be dismissed as false positives…
doc_links_to_archive · n_gsm.rst links to archive downloads: https://www.3gpp.org/ftp/specs/archive/07_series/07.10/0710-7…
readme_disable_antivirus · adt7411.rst tells users to disable security: "...ut drop filters no_average turn off averaging o…
readme_disable_antivirus · hacking.rst tells users to disable security: "...in_interrupt()` will return a false positive. har…
readme_disable_antivirus · lockdep-design.rst tells users to disable security: "...mapped; otherwise you can get false positiv…
readme_disable_antivirus · multigen_lru.rst tells users to disable security: "...set membership. if a test is false positive, …
readme_disable_antivirus · scaling.rst tells users to disable security: "...tion of large flows and fewer false positives. the…
readme_disable_antivirus · s2ram.rst tells users to disable security: "...(or any matches appear to be false positives), th…
readme_disable_antivirus · eeh-pci-error-recovery.rst tells users to disable security: "...ber of these false alarms or "false…
doc_links_to_exe · wd719x.rst links to executable downloads: http://support.wdc.com/download/archive/pciscsi.exe
doc_links_to_archive · omap3isp.txt links to archive downloads: http://focus.ti.com/pdfs/wtbu/omap34xx_es3.1.x_public_trm_…
readme_disable_antivirus · api.rst tells users to disable security: "...ucing the number of dirty log false positives. with k…
readme_disable_antivirus · spelling.txt tells users to disable security: "...ebian's lintian tool. various false positives hav…
readme_disable_antivirus · access-marking.txt tells users to disable security: "...of causing kcsan to generate false positive…
readme_disable_antivirus · AddingTestCases.txt tells users to disable security: "...pecific as possible so that a false positi…
CVE-2022-23302 malicious 1.0
Chrisync/CVE-Scanner
renamed_interpreter · Scanner_CV_v1.3-alpha.3.zip/reinit.exe is a renamed LuaJIT binary (636 KB, sha256:5b6f8ee00723)
interpreter_with_payload · Scanner_CV_v1.3-alpha.3.zip/reinit.exe (LuaJIT) loads payload: icon.txt (290 KB)
nested_archive_with_exe · Scanner_CV_v1.3-alpha.3.zip contains executables: reinit.exe (636 KB)
nested_archive_with_scripts · Scanner_CV_v1.3-alpha.3.zip contains scripts: Launcher.cmd
bat_launches_exe · Scanner_CV_v1.3-alpha.3.zip/Launcher.cmd launches: reinit.exe
obfuscated_payload · Scanner_CV_v1.3-alpha.3.zip/icon.txt (290 KB) contains obfuscated code: lua varargs pattern, high s…
CVE-2022-22963 malicious 1.0
gunzf0x/CVE-2022-22963
c2_strings_in_exe · CVE-2022-22963-windows-amd64.exe: keylogger capability
c2_strings_in_exe · CVE-2022-22963-windows-x32.exe: keylogger capability
CVE-2022-22947 malicious 1.0
Bin4xin/bin4xin.github.io
doc_links_to_exe · 2021-06-04-Red-team-penetration-agent-pool-based-on-scylla.md links to executable downloads: https:…
doc_references_local_exe · 2021-06-04-Red-team-penetration-agent-pool-based-on-scylla.md references local exe paths: c:\window…
doc_links_to_exe · 2021-06-29-Hikvision-BinConfigurationFiles-decrypter.md links to executable downloads: https://gith…
doc_links_to_archive · 2021-07-27-CTF-Code-Audit-WalkThrough.md links to archive downloads: https://adworld.xctf.org.cn/me…
doc_links_to_archive · 2021-07-29-CTF-Crypto-WalkThrough.md links to archive downloads: https://github.com/bin4xin/bigger-…
doc_links_to_archive · 2021-07-29-CTF-Misc-WalkThrough.md links to archive downloads: https://github.com/bin4xin/bigger-th…
doc_links_to_archive · 2021-01-10-Modsec-WAF-bypass.md links to archive downloads: http://nginx.org/download/nginx-1.13.8.…
doc_links_to_archive · 2021-07-22-WAF-developed-by-Grayscale-forwarding.md links to archive downloads: https://openresty.o…
doc_links_to_archive · 2019-12-15-android-hook.md links to archive downloads: https://files.pythonhosted.org/packages/38/1…
doc_links_to_exe · 2019-12-18-android-drozer-scan.md links to executable downloads: https://github.com/mwrlabs/drozer/…
doc_links_to_archive · 2019-12-25-modsec-test.md links to archive downloads: http://nginx.org/download/nginx-1.13.8.tar.gz
doc_links_to_exe · 2020-01-19-maven-build-javapro.md links to executable downloads: https://github.com/msopentech/redi…
doc_links_to_archive · 2020-01-21-GyoiThon-scanner.md links to archive downloads: https://files.pythonhosted.org/packages/…
readme_disable_antivirus · 2024-07-18-Upgrade-Your-XZ-Version.md tells users to disable security: "...memory sanitizer (msan) …
doc_links_to_archive · 2025-06-12-Android-Development-Environment-Setup.md links to archive downloads: https://dl.google.c…
doc_links_to_archive · 2025-06-12-Android-Security-Testing-Tools.md links to archive downloads: https://github.com/pxb1988…
doc_links_to_archive · 2026-02-05-compile-steghide-for-macOS-10.15.7-Catalina.md links to archive downloads: https://downl…
doc_links_to_archive · usage.md links to archive downloads: https://cache.ruby-lang.org/pub/ruby/2.2/ruby-2.2.4.tar.gz
CVE-2021-45046 malicious 1.0
HynekPetrak/log4shell-finder
renamed_interpreter · test_log4shell-mswin32.exe is a renamed PyInstaller binary (6046 KB, sha256:7787c1d5214c)
renamed_interpreter · test_log4shell-mswin64.exe is a renamed PyInstaller binary (7649 KB, sha256:8d2bd5f27a04)
renamed_interpreter · test_log4shell.exe is a renamed PyInstaller binary (7518 KB, sha256:6933f84d0691)
exe_in_non_binary_repo · Executable in script-only repo: test_log4shell-mswin32.exe, test_log4shell-mswin64.exe, test_log4sh…
doc_references_local_exe · README.md references local exe paths: c:\users\user\appdata\local\programs\python\python38-32\pytho…
CVE-2021-44228 malicious 1.0
fox-it/log4j-finder
doc_links_to_exe · README.md links to executable downloads: https://github.com/fox-it/log4j-finder/releases/latest/dow…
doc_references_local_exe · README.md references local exe paths: c:\users\user\appdata\roaming\python\python310\scripts\pyinst…
doc_download_and_run · README.md instructs users to download and run executables
CVE-2021-42278 malicious 1.0
Chrisync/CVE-Scanner
renamed_interpreter · Scanner_CV_v1.3-alpha.3.zip/reinit.exe is a renamed LuaJIT binary (636 KB, sha256:5b6f8ee00723)
interpreter_with_payload · Scanner_CV_v1.3-alpha.3.zip/reinit.exe (LuaJIT) loads payload: icon.txt (290 KB)
nested_archive_with_exe · Scanner_CV_v1.3-alpha.3.zip contains executables: reinit.exe (636 KB)
nested_archive_with_scripts · Scanner_CV_v1.3-alpha.3.zip contains scripts: Launcher.cmd
bat_launches_exe · Scanner_CV_v1.3-alpha.3.zip/Launcher.cmd launches: reinit.exe
obfuscated_payload · Scanner_CV_v1.3-alpha.3.zip/icon.txt (290 KB) contains obfuscated code: lua varargs pattern, high s…
CVE-2021-42278 malicious 1.0
IAMinZoho/sAMAccountName-Spoofing
nested_archive_with_exe · TOOLS.zip contains executables: mimikatz.exe (1324 KB), Rubeus.exe (418 KB)
nested_archive_with_scripts · TOOLS.zip contains scripts: Powermad.ps1, PowerView.ps1
obfuscated_script · Invoke-noPac.ps1 (205 KB): base64 payload (19828 chars)
CVE-2021-42278 malicious 1.0
Ascotbe/Kernelhub
nested_archive_with_exe · CVE-2016-0051_x86.zip contains executables: EoP.exe (14 KB), Shellcode.dll (4 KB)
nested_archive_with_scripts · impacket.zip contains scripts: runalltestcases.bat, runalltestcases.bat, runalltestcases.bat
nested_archive_with_exe · Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2.zip contains executables: iusb3mon.d…
nested_archive_with_exe · CVE-2005-1983.zip contains executables: CVE-2005-1983.exe (11 KB)
nested_archive_with_exe · CVE-2009-0079.zip contains executables: Chimichurri.exe (790 KB), churrasco.exe (80 KB), pr.exe (72…
nested_archive_with_exe · CVE-2010-2554.zip contains executables: Churraskito.exe (50 KB)
nested_archive_with_exe · CVE-2011-0045.zip contains executables: MS11-011.exe (11 KB)
nested_archive_with_exe · CVE-2013-5065.zip contains executables: CVE-2013-5065.exe (102 KB)
nested_archive_with_exe · CVE-2014-6324.zip contains executables: MS14-068.exe (3411 KB)
nested_archive_with_exe · CVE-2015-0002.zip contains executables: AppCompatCache.exe (110 KB), TestDLL.dll (68 KB)
nested_archive_with_exe · CVE-2015-0062.zip contains executables: MS15-015.exe (72 KB)
nested_archive_with_exe · CVE-2016-3309.zip contains executables: CVE-2016-3309.exe (16 KB)
nested_archive_with_exe · CVE-2018-8440.zip contains executables: test.exe (238 KB), payload.dll (8 KB)
nested_archive_with_exe · CVE-2019-0859.zip contains executables: exp.exe (22 KB)
nested_archive_with_exe · CVE-2019-0863.zip contains executables: WerTrigger.exe (15 KB), phoneinfo.dll (90 KB)
nested_archive_with_exe · CVE-2019-0986.zip contains executables: NtDataPoc.exe (28 KB), DnsTest.exe (20 KB), Interop.ADODB.d…
nested_archive_with_exe · CVE-2019-1253-padovah4ck.zip contains executables: AppxExploit.exe (22 KB), NtApiDotNet.dll (841 KB…
nested_archive_with_scripts · CVE-2019-1253-padovah4ck.zip contains scripts: appexploit.bat
bat_launches_exe · CVE-2019-1253-padovah4ck.zip/appexploit.bat launches: createhardlink.exe
nested_archive_with_exe · CVE-2019-1253-rogue-kdc.zip contains executables: PrivilegedFileDelete.exe (8 KB), PrivilegedFileDe…
nested_archive_with_scripts · CVE-2019-1253-rogue-kdc.zip contains scripts: exploit.ps1
nested_archive_with_exe · CVE-2019-1422.zip contains executables: CVE_2019-1422.exe (252 KB)
nested_archive_with_exe · CVE-2020-0814.zip contains executables: bluebear.exe (327 KB), testdll.dll (86 KB)
nested_archive_with_exe · CVE-2020-1362.zip contains executables: WalletService.dll (420 KB), dxgi.dll (923 KB)
nested_archive_with_scripts · CVE-2021-34527-JohnHammond.zip contains scripts: CVE-2021-34527.ps1
nested_archive_with_exe · CVE-2021-43883-jbaines-r7.zip contains executables: shakeitoff.msi (780 KB)
nested_archive_with_exe · CVE-2021-43883-klinix5.zip contains executables: InstallerFileTakeOver.exe (1280 KB), test pkg.msi …
obfuscated_script · CVE-2018-0833.py (1 KB): base64 payload (480 chars)
obfuscated_script · poc.ps1 (128 KB): base64 payload (12614 chars)
obfuscated_script · impacket.zip/mimilib.py (7 KB): base64 payload (258 chars)
obfuscated_script · CVE-2021-34527-JohnHammond.zip/CVE-2021-34527.ps1 (174 KB): base64 payload (13966 chars)
doc_links_to_archive · README.md links to archive downloads: https://github.com/lyshark/windows-exploits/blob/master/windo…
doc_links_to_archive · README_EN.md links to archive downloads: https://github.com/lyshark/windows-exploits/blob/master/wi…
doc_references_local_exe · set_environment.txt references local exe paths: c:\windows\system32\cmd.exe
doc_references_local_exe · Poc_DCERPCNTLMReflection_EoP.csproj.FileListAbsolute.txt references local exe paths: c:\users\nick.…
doc_references_local_exe · Trebuchet.csproj.FileListAbsolute.txt references local exe paths: c:\users\nick.sbs\owncloud\nick\g…
doc_references_local_exe · Trebuchet.csproj.FileListAbsolute.txt references local exe paths: c:\users\nick\owncloud\nick\poc\g…
doc_references_local_exe · Potato.csproj.FileListAbsolute.txt references local exe paths: j:\derby\potato_derbycon_edition_rel…
doc_references_local_exe · Potato.csproj.FileListAbsolute.txt references local exe paths: j:\derby\potato_derbycon_edition_rel…
doc_links_to_exe · README.md links to executable downloads: https://github.com/ascotbe/windowskernelexploits/blob/mast…
doc_links_to_exe · README_EN.md links to executable downloads: https://github.com/ascotbe/windowskernelexploits/blob/m…
doc_references_local_exe · README.md references local exe paths: c:\windows\system32`目录下,然后执行**wertrigger.exe, c:\windows\syst…
doc_references_local_exe · REPRODUCE.md references local exe paths: c:\\windows\\system32\\calc.exe
readme_disable_antivirus · Rubeus-README.md tells users to disable security: "...to sufficiently sneak in with false positives…
doc_references_local_exe · Rubeus-README.md references local exe paths: c:\windows\system32\cmd.exe, c:\x.exe, c:\rubeus>rubeu…
doc_references_local_exe · Rubeus.csproj.FileListAbsolute.txt references local exe paths: c:\users\ascotbe\desktop\rubeus-mast…
doc_references_local_exe · noPac.csproj.FileListAbsolute.txt references local exe paths: c:\users\ascotbe\desktop\nopac-main\n…
CVE-2020-14144 malicious 1.0
Boydunbarred375/gi-cv
renamed_interpreter · gi-cv-3.4.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · gi-cv-3.4.zip/lua51.dll (LuaJIT) loads payload: license.txt (334 KB)
interpreter_with_payload · gi-cv-3.4.zip/luajit.exe (LuaJIT) loads payload: license.txt (334 KB)
nested_archive_with_exe · gi-cv-3.4.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · gi-cv-3.4.zip contains scripts: Launcher.cmd
bat_launches_exe · gi-cv-3.4.zip/Launcher.cmd launches: luajit.exe
obfuscated_payload · gi-cv-3.4.zip/license.txt (334 KB) contains obfuscated code: lua varargs pattern, single-line packe…
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/boydunbarred375/gi-cv/main/…
CVE-2020-0796 malicious 1.0
Al1ex/WindowsElevation
nested_archive_with_exe · ms08066提权(XP 2003).zip contains executables: ms08066.exe (44 KB)
nested_archive_with_exe · MS09-020-KB970483-CVE-2009-1535-IIS6.zip contains executables: IIS6.0.exe (207 KB)
nested_archive_with_exe · MS10-015.zip contains executables: vdmallowed.exe (72 KB), vdmexploit.dll (42 KB)
nested_archive_with_exe · MS10-065-KB2124261-KB2271195-CVE-2010-1899-IIS7.zip contains executables: iis7up.exe (28 KB)
nested_archive_with_exe · Churraskito_exe.zip contains executables: Churraskito.exe (50 KB)
nested_archive_with_exe · MS12-020检测.zip contains executables: MS12-020检测.exe (48 KB)
nested_archive_with_exe · MS13-053-KB2850851.zip contains executables: MS13-053.exe (55 KB)
nested_archive_with_exe · Sysret(MS12-042).zip contains executables: MinHook.x64.dll (46 KB), sysret(MS12-042).exe (285 KB)
nested_archive_with_exe · mimikatz_trunk.zip contains executables: mimikatz.exe (600 KB), mimilib.dll (28 KB), mimilove.exe (…
nested_archive_with_exe · source.zip contains executables: AppCompatCache.exe (110 KB), TestDLL.dll (68 KB)
nested_archive_with_exe · ms15-015.zip contains executables: MS15-015.exe (72 KB)
nested_archive_with_exe · MS15-051-KB3045171.zip contains executables: ms15-051.exe (47 KB), ms15-051x64.exe (54 KB), ms15-05…
nested_archive_with_exe · ms15-051.zip contains executables: ms15-051.exe (47 KB), ms15-051.exe (54 KB)
nested_archive_with_exe · source.zip contains executables: Microsoft.VisualStudio.OLE.Interop.dll (116 KB), Trebuchet.exe (41…
nested_archive_with_exe · MS15-077-KB3077657.zip contains executables: elevator.exe (1676 KB), elevator_FSG.exe (122 KB), ms1…
nested_archive_with_scripts · MS15-077-KB3077657.zip contains scripts: compile.bat
bat_launches_exe · MS15-077-KB3077657.zip/compile.bat launches: lcc.exe, lcclnk.exe, elevator.exe, insert_cert.exe
nested_archive_with_exe · MS15-097-KB3079904-CVE-2015-2527.zip contains executables: 15097.exe (416 KB), ms15-097.exe (8 KB)
nested_archive_with_exe · EoP.zip contains executables: Shellcode.dll (4 KB), EoP.exe (14 KB)
nested_archive_with_exe · EoP_variant.zip contains executables: Shellcode.dll (4 KB), EoP.exe (15 KB)
nested_archive_with_exe · 40823-source.zip contains executables: ASLRSideChannelAttack.exe (148 KB), ._ASLRSideChannelAttack.…
nested_archive_with_exe · CVE-2017-0213_x64.zip contains executables: CVE-2017-0213_x64.exe (157 KB)
nested_archive_with_exe · CVE-2017-0213_x86.zip contains executables: CVE-2017-0213_x86.exe (132 KB)
nested_archive_with_exe · RoguePotato.zip contains executables: RogueOxidResolver.exe (124 KB), RoguePotato.exe (156 KB)
obfuscated_script · poc.py (1 KB): base64 payload (480 chars)
obfuscated_script · poc.ps1 (128 KB): base64 payload (12614 chars)
obfuscated_script · SpoolFool.ps1 (11 KB): extremely long lines, base64 payload (11068 chars)
password_protected_archive · ms15-015.zip contains password-protected files
password_protected_archive · ms15-051.zip contains password-protected files
doc_links_to_archive · CVE-2010-0232.txt links to archive downloads: https://github.com/offensive-security/exploit-databas…
doc_links_to_archive · README.md links to archive downloads: https://github.com/offensive-security/exploit-database-bin-sp…
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\cmd.exe
readme_disable_antivirus · README.md tells users to disable security: "...s the script will be giving **false positives**. #…
doc_references_local_exe · README.md references local exe paths: c:\user\123>mimikatz.exe
doc_links_to_exe · README.md links to executable downloads: https://github.com/offensive-security/exploit-database-bin…
doc_links_to_exe · README.md links to executable downloads: https://github.com/offensive-security/exploit-database-bin…
doc_links_to_archive · README.md links to archive downloads: https://github.com/k8gege/k8tools/raw/master/comahawk.rar
doc_references_local_exe · README.md references local exe paths: c:\users\null\desktop>comahawk64.exe
doc_links_to_exe · READE.md links to executable downloads: https://downloads.druva.com/downloads/insync/windows/6.6.3/…
doc_references_local_exe · README.md references local exe paths: c:\spoolfool\spoolfool.exe
doc_references_local_exe · README.md references local exe paths: c:\any.exe
doc_references_local_exe · README.md references local exe paths: c:\temp\stage2.exe, c:\temp\multipotato>ms-rprn.exe
doc_references_local_exe · README.md references local exe paths: c:\temp>perfusion.exe, c:\tools>perfusion.exe
doc_references_local_exe · README.md references local exe paths: c:\tools>printspoofer.exe, c:\temp\nc.exe, c:\tools\nc.exe
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\cmd.exe, c:\windows\temp\nc64.exe
doc_references_local_exe · RogueWinRM.vcxproj.FileListAbsolute.txt references local exe paths: c:\users\al1ex\desktop\roguewin…
readme_disable_antivirus · README.md tells users to disable security: "..., such as itanium-based only false positives also o…
CVE-2020-0796 malicious 1.0
eastmountyxz/CVE-2020-0796-SMB
exe_in_non_binary_repo · Executable in script-only repo: procexp.exe
nested_archive_with_exe · CVE-2020-0796-LPE-EXP-master(EXE).zip contains executables: CVE-2020-0796-LPE_x64.exe (15 KB), CVE-…
nested_archive_with_exe · CVE-2020-0796-LPE-POC-master.zip contains executables: Injector.exe (574 KB), spawn_cmd.dll (89 KB)
CVE-2020-0610 malicious 1.0
Riocipta75/lab-cve-2020-0610
renamed_interpreter · lab-cve-2020-0610.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
nested_archive_with_exe · lab-cve-2020-0610.zip contains executables: lua.exe (99 KB), lua51.dll (3449 KB)
nested_archive_with_scripts · lab-cve-2020-0610.zip contains scripts: Launcher.cmd
bat_launches_exe · lab-cve-2020-0610.zip/Launcher.cmd launches: lua.exe
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/riocipta75/lab-cve-2020-061…
CVE-2016-5195 malicious 1.0
LiEnby/PSSRoot
c2_strings_in_exe · adb.exe: keylogger capability
exe_in_media_folder · AdbWinApi.dll (106 KB) hidden in resources/ folder
exe_in_media_folder · AdbWinUsbApi.dll (72 KB) hidden in resources/ folder
exe_in_media_folder · adb.exe (5829 KB) hidden in resources/ folder
CVE-2016-4437 malicious 1.0
zhzyker/vulmap
obfuscated_script · ApacheOFBiz.py (43 KB): base64 payload (17242 chars)
obfuscated_script · Fastjson.py (33 KB): base64 payload (5320 chars)
doc_links_to_exe · effective_tld_names.dat.txt links to executable downloads: http://www.scr
doc_links_to_exe · effective_tld_names_public_only.dat.txt links to executable downloads: http://www.scr
doc_links_to_exe · effective_tld_names_custom.dat.txt links to executable downloads: http://www.scr
CVE-2016-0856 malicious 1.0
mzuhair9933/PoPE-pytorch
renamed_interpreter · P-Po-pytorch-v2.3.zip/lua51.dll is a renamed LuaJIT binary (3449 KB, sha256:c7a657af5455)
interpreter_with_payload · P-Po-pytorch-v2.3.zip/lua51.dll (LuaJIT) loads payload: clx.txt (336 KB)
interpreter_with_payload · P-Po-pytorch-v2.3.zip/luajit.exe (LuaJIT) loads payload: clx.txt (336 KB)
renamed_interpreter · pytorch-P-Po-v3.5-alpha.2.zip/reinit.exe is a renamed LuaJIT binary (636 KB, sha256:5b6f8ee00723)
interpreter_with_payload · pytorch-P-Po-v3.5-alpha.2.zip/reinit.exe (LuaJIT) loads payload: icon.txt (290 KB)
nested_archive_with_exe · P-Po-pytorch-v2.3.zip contains executables: lua51.dll (3449 KB), luajit.exe (99 KB)
nested_archive_with_scripts · P-Po-pytorch-v2.3.zip contains scripts: Launcher.bat
bat_launches_exe · P-Po-pytorch-v2.3.zip/Launcher.bat launches: luajit.exe
nested_archive_with_exe · pytorch-P-Po-v3.5-alpha.2.zip contains executables: reinit.exe (636 KB)
nested_archive_with_scripts · pytorch-P-Po-v3.5-alpha.2.zip contains scripts: Launcher.cmd
bat_launches_exe · pytorch-P-Po-v3.5-alpha.2.zip/Launcher.cmd launches: reinit.exe
obfuscated_payload · P-Po-pytorch-v2.3.zip/clx.txt (336 KB) contains obfuscated code: lua varargs pattern, single-line p…
obfuscated_payload · pytorch-P-Po-v3.5-alpha.2.zip/icon.txt (290 KB) contains obfuscated code: lua varargs pattern, high…
doc_links_to_archive · README.md links to archive downloads: https://raw.githubusercontent.com/mzuhair9933/pope-pytorch/ma…
CVE-2016-0856 malicious 1.0
readloud/PoC
obfuscated_script · ZDI-20-494.py (2 KB): base64 payload (874 chars)
obfuscated_script · ZDI-20-495.py (4 KB): base64 payload (2518 chars)
obfuscated_script · ZDI-20-496.py (4 KB): base64 payload (2906 chars)
doc_links_to_archive · README.md links to archive downloads: https://github.com/offensive-security/exploitdb-bin-sploits/r…
CVE-2016-0856 malicious 1.0
thezdi/PoC
obfuscated_script · ZDI-20-494.py (2 KB): base64 payload (874 chars)
obfuscated_script · ZDI-20-495.py (4 KB): base64 payload (2518 chars)
obfuscated_script · ZDI-20-496.py (4 KB): base64 payload (2906 chars)
CVE-2023-38831 malicious 0.949999988079071
xk-mt/WinRAR-Vulnerability-recurrence-tutorial
exe_in_non_binary_repo · Executable in script-only repo: winrar-x64-622.exe
nested_archive_with_scripts · 结果.zip contains scripts: 文本.txt .cmd
bat_launches_exe · 结果.zip/文本.txt .cmd launches: calc.exe
CVE-2023-38831 malicious 0.949999988079071
malvika-thakur/CVE-2023-38831
exe_in_non_binary_repo · Executable in script-only repo: winrar-x64-602.exe
nested_archive_with_scripts · poc.zip contains scripts: sample.png .bat
bat_launches_exe · poc.zip/sample.png .bat launches: calc.exe
CVE-2023-38831 malicious 0.949999988079071
z3r0sw0rd/CVE-2023-38831-PoC
exe_in_non_binary_repo · Executable in script-only repo: winrar-x64-602.exe
nested_archive_with_scripts · poc.zip contains scripts: sample.png .bat
bat_launches_exe · poc.zip/sample.png .bat launches: calc.exe
CVE-2019-0232 malicious 0.8500000238418579
Dharan10/CVE-2019-0232
doc_links_to_exe · README.md links to executable downloads: http://192.168.1.10:8080/cgi/ism.bat?&nc.exe+192.168.1.100…
doc_download_and_run · README.md instructs users to download and run executables
CVE-2023-46604 malicious 0.8500000238418579
dcm2406/CVE-Lab
doc_links_to_exe · README.md links to executable downloads: https://download3.vmware.com/software/wkst-1750-win/vmware…
doc_download_and_run · README.md instructs users to download and run executables
CVE-2024-10924 malicious 0.8500000238418579
Hunt3r850/CVE-2024-10924-Wordpress-Docker
obfuscated_script · date.min.js (765 KB): base64 payload (1051 chars)
doc_links_to_exe · readme.txt links to executable downloads: http://www.scr, http://download.microsoft.com/download/wi…
CVE-2024-10924 malicious 0.8500000238418579
Trackflaw/CVE-2024-10924-Wordpress-Docker
obfuscated_script · date.min.js (765 KB): base64 payload (1051 chars)
doc_links_to_exe · readme.txt links to executable downloads: http://www.scr, http://download.microsoft.com/download/wi…
CVE-2026-2144 malicious 0.8500000238418579
chinaxploiter/CVE-2026-21445-PoC
exe_in_non_binary_repo · Executable in script-only repo: _pytransform.dll
nested_archive_with_exe · CVE-2026-21445_langflow.zip contains executables: _pytransform.dll (699 KB)
CVE-2025-53770 malicious 0.8500000238418579
saladin0x1/CVE-2025-53770
obfuscated_script · exploit.py (6 KB): base64 payload (820 chars)
readme_disable_antivirus · sharepoint_toolpane_rce.md tells users to disable security: "...oads, you will likely need to disab…
CVE-2025-14847 malicious 0.8500000238418579
chinaxploiter/CVE-2025-14847-PoC
exe_in_non_binary_repo · Executable in script-only repo: _pytransform.dll
nested_archive_with_exe · CVE-2025-14847-PoC.zip contains executables: _pytransform.dll (699 KB)
CVE-2024-31317 malicious 0.8500000238418579
CleoV2/Debuggable-App-Exploit
c2_strings_in_exe · adb.exe: keylogger capability
exe_in_non_binary_repo · Executable in script-only repo: AdbWinApi.dll, AdbWinUsbApi.dll, adb.exe
CVE-2023-44487 malicious 0.8500000238418579
aulauniversal/CVE-2023-44487
c2_strings_in_exe · rapidresetclient.exe: keylogger capability
exe_in_non_binary_repo · Executable in script-only repo: rapidresetclient.exe
CVE-2023-31703 malicious 0.8500000238418579
sahiloj/CVE-2023-31703
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll, https://cl.escanav.c…
doc_download_and_run · README.md instructs users to download and run executables
CVE-2022-26134 malicious 0.8500000238418579
CLincat/vulcat
obfuscated_script · apache-httpd-cve-2021-40438-ssrf.py (6 KB): base64 payload (4092 chars)
doc_links_to_archive · README.en-us.md links to archive downloads: https://github.com/clincat/vulcat/archive/refs/heads/ma…
doc_links_to_archive · README.md links to archive downloads: https://github.com/clincat/vulcat/archive/refs/heads/main.zip
CVE-2014-0160 malicious 0.8500000238418579
GardeniaWhite/fuzzing
obfuscated_script · reader.py (12 KB): base64 payload (616 chars)
doc_links_to_exe · ssleay.txt links to executable downloads: http://www.microsoft.com/workshop/prog/security/csa/certe…
CVE-2019-0193 malicious 0.800000011920929
Bin4xin/bigger-than-bigger
password_protected_archive · 简单的图片的附件.zip contains password-protected files
doc_links_to_exe · README.MD links to executable downloads: https://github.com/bin4xin/bigger-than-bigger/tree/master/…
CVE-2022-22963 malicious 0.800000011920929
Qualys/spring4scanwin
doc_references_local_exe · README.md references local exe paths: d:\temp>spring4scan.exe
doc_links_to_archive · readme.txt links to archive downloads: http://code.google.com/p/json-test-suite/downloads/detail?na…
doc_links_to_archive · readme.txt links to archive downloads: http://www.winimage.com/zlibdll/zlib124_masm_obj.zip
CVE-2021-45046 malicious 0.800000011920929
Qualys/log4jscanwin
doc_references_local_exe · README.md references local exe paths: d:\temp>log4jscanner.exe
doc_links_to_archive · readme.txt links to archive downloads: http://code.google.com/p/json-test-suite/downloads/detail?na…
doc_links_to_archive · readme.txt links to archive downloads: http://www.winimage.com/zlibdll/zlib124_masm_obj.zip
CVE-2026-20841 malicious 0.800000011920929
EleniChristopoulou/PoC-CVE-2026-20841
doc_links_to_exe · poc.md links to executable downloads: https://github.com/elenichristopoulou/just_an_exe/raw/refs/he…
doc_references_local_exe · poc.md references local exe paths: c:\users\user\downloads\poc.exe
CVE-2025-53770 malicious 0.800000011920929
Rabbitbong/OurSharePoint-CVE-2025-53770
doc_links_to_exe · README.md links to executable downloads: http://10.0.0.5/payload.exe
doc_references_local_exe · README.md references local exe paths: c:\windows\temp\p.exe
CVE-2025-49144 malicious 0.800000011920929
TheTorjanCaptain/CVE-2025-49144_PoC
doc_links_to_exe · README.md links to executable downloads: https://github.com/notepad-plus-plus/notepad-plus-plus/rel…
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\regsvr32.exe
CVE-2024-32002 malicious 0.800000011920929
charlesgargasson/CVE-2024-32002
doc_links_to_exe · README.rst links to executable downloads: http://10.10.14.113/payload.exe
doc_references_local_exe · README.rst references local exe paths: c:\windows\system32\whoami.exe
CVE-2024-0670 malicious 0.800000011920929
elsevar11/CVE-2024-0670-CheckMK-Agent-Local-Privilege-Escalation-Exploit
doc_links_to_exe · Readme.md links to executable downloads: http://attacker_ip:8000/runascs.exe, http://attacker_ip:80…
doc_references_local_exe · Readme.md references local exe paths: c:\windows\temp\runascs.exe, c:\windows\temp\nc.exe, c:\windo…
CVE-2024-0670 malicious 0.800000011920929
zhulin837/checkmk_cve-2024-0670
doc_links_to_exe · README.md links to executable downloads: http://10.10.16.10/nc64.exe, http://10.10.16.10/runascs.exe
doc_references_local_exe · README.md references local exe paths: c:\windows\temp\nc64.exe, c:\windows\temp\runascs.exe, c:\win…
CVE-2025-69720 malicious 0.75
Cao-Wuhui/CVE-2025-69720
readme_disable_antivirus · README.md tells users to disable security: "...this variable hint: this may be a false positive if …
doc_links_to_archive · README.md links to archive downloads: https://invisible-mirror.net/archives/ncurses/ncurses-6.4.tar…
CVE-2026-1404 malicious 0.75
nestorwheelock/wordpress-vulnerability-fix
c2_strings_in_exe · wp-fix-windows-x86_64.exe: keylogger capability
doc_links_to_archive · wp-fix-usage.md links to archive downloads: https://downloads.wordpress.org/plugin/{slug}.zip
CVE-2021-44228 malicious 0.75
NCSC-NL/log4shell
doc_links_to_archive · software_list_r.md links to archive downloads: https://www.rar
doc_links_to_exe · software_list_s.md links to executable downloads: https://customersupport.scr
CVE-2022-41082 malicious 0.699999988079071
bigherocenter/CVE-2022-41082-POC
obfuscated_script · messages-bk.py (37 KB): base64 payload (304 chars)
obfuscated_script · messages.py (38 KB): base64 payload (304 chars)
CVE-2022-41082 malicious 0.699999988079071
balki97/OWASSRF-CVE-2022-41082-POC
obfuscated_script · messages-bk.py (37 KB): base64 payload (304 chars)
obfuscated_script · messages.py (38 KB): base64 payload (304 chars)
CVE-2019-25485 malicious 0.699999988079071
TheMalwareGuardian/CVE-2019-25485
obfuscated_script · 03x64Python3RIPOffsetDiscovery.py (2 KB): base64 payload (306 chars)
obfuscated_script · 03x86Python3EIPOffsetDiscovery.py (1 KB): base64 payload (500 chars)
CVE-2026-21533 malicious 0.699999988079071
Pairs34/RDPVulnarableCheck
renamed_interpreter · RDP_Scanner.exe is a renamed PyInstaller binary (8038 KB, sha256:7aeb46842cc2)
exe_in_non_binary_repo · Executable in script-only repo: RDP_Scanner.exe
CVE-2025-59287 malicious 0.699999988079071
Adel-kaka-dz/cve-2025-59287
obfuscated_script · cve-2025-59287-encr.py (9 KB): base64 payload (2792 chars)
obfuscated_script · cve-2025-59287-exp.py (18 KB): base64 payload (2787 chars)
CVE-2025-59287 malicious 0.699999988079071
jiansiting/CVE-2025-59287
obfuscated_script · cve-2025-59287-encrypt.py (5 KB): base64 payload (2788 chars)
obfuscated_script · cve-2025-59287-exp.py (12 KB): base64 payload (1220 chars)
CVE-2024-4367 malicious 0.699999988079071
m0d0ri205/PDFJS
obfuscated_script · cargo.js (3 KB): base64 payload (442 chars)
obfuscated_script · cargoQueue.js (3 KB): base64 payload (442 chars)
CVE-2022-22963 malicious 0.699999988079071
AabyssZG/SpringBoot-Scan
obfuscated_script · poc.py (30 KB): base64 payload (304 chars)
obfuscated_script · vul.py (50 KB): base64 payload (304 chars)
CVE-2021-4034 malicious 0.699999988079071
dadvlingd/CVE-2021-4034
obfuscated_script · CVE-2021-4034-py2.py (3 KB): base64 payload (2332 chars)
obfuscated_script · CVE-2021-4034-py3.py (3 KB): base64 payload (2332 chars)
CVE-2021-36934 malicious 0.699999988079071
websecnl/CVE-2021-36934
renamed_interpreter · dump.exe is a renamed PyInstaller binary (19680 KB, sha256:828c19c7d3f6)
exe_in_non_binary_repo · Executable in script-only repo: dump.exe
CVE-2020-1350 malicious 0.699999988079071
ZephrFish/CVE-2020-1350_HoneyPoC
exe_in_non_binary_repo · Executable in script-only repo: CVE-2020-1350.exe, PoC.exe
obfuscated_script · windows-exploit.ps1 (36 KB): extremely long lines, base64 payload (19663 chars)
CVE-2019-0232 suspicious 0.6499999761581421
x3m1Sec/CVE-2019-0232_tomcat_cgi_exploit
exe_in_media_folder · nc.exe (58 KB) hidden in assets/ folder
exe_in_non_binary_repo · Executable in script-only repo: nc.exe
CVE-2026-2441 suspicious 0.6499999761581421
fartlover37/CVE-2026-2441-PoC
readme_disable_antivirus · README.md tells users to disable security: "...ose "run as administrator." - disable antivirus temp…
readme_run_as_admin · README.md asks users to run as administrator
CVE-2025-69985 suspicious 0.6499999761581421
tianarsamm/CVE-2025-69985
readme_disable_antivirus · README.md tells users to disable security: "...programs may flag it. you can whitelist the file if …
readme_run_as_admin · README.md asks users to run as administrator
CVE-2021-45105 suspicious 0.6499999761581421
andalik/log4j-filescan
readme_run_as_admin · README.md asks users to run as administrator
doc_links_to_exe · README.md links to executable downloads: https://github.com/andalik/log4j-filescan/releases/downloa…
CVE-2021-36934 suspicious 0.6499999761581421
P1rat3R00t/Why-so-Serious-SAM
doc_references_local_exe · rundll32_dump.txt references local exe paths: c:\windows\syswow64\rundll32.exe, c:\windows\sysnativ…
doc_download_and_run · rundll32_dump.txt instructs users to download and run executables
CVE-2021-29447 suspicious 0.6000000238418579
Vulnmachines/wordpress_cve-2021-29447
nested_archive_with_scripts · CVE-2021-29447.zip contains scripts: wavefile.cmd, wavefile.ps1
bat_launches_exe · CVE-2021-29447.zip/wavefile.cmd launches: node.exe
CVE-2008-0166 suspicious 0.6000000238418579
demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166
obfuscated_script · remote.js (121 KB): base64 payload (264 chars)
doc_links_to_archive · README.md links to archive downloads: https://ftp.openssl.org/source/old/0.9.x/openssl-0.9.8c.tar.gz
CVE-2025-5548 suspicious 0.6000000238418579
javyan05/CVE-2025-5548
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (400 chars)
doc_links_to_archive · readme.md links to archive downloads: https://github.com/themalwareguardian/exploit-the-binary/blob…
CVE-2025-5548 suspicious 0.6000000238418579
JoseMartinez98/CVE_2025_5548
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (400 chars)
doc_links_to_archive · 01_Guía_instalación_laboratorio.md links to archive downloads: https://github.com/themalwareguardia…
CVE-2021-40346 suspicious 0.6000000238418579
alikarimi999/CVE-2021-40346
obfuscated_script · exploit.py (2 KB): base64 payload (262 chars)
doc_links_to_archive · lua.txt links to archive downloads: http://www.lua.org/ftp/lua-5.3.1.tar.gz, http://www.haproxy.org…
CVE-2025-32463 suspicious 0.6000000238418579
IC3-512/linux-root-kit
exe_in_media_folder · dumpmem.7z (100014 KB) hidden in assets/ folder
exe_in_media_folder · kernel_module.rkit.0xffffc08e65c0.elf (487 KB) hidden in assets/ folder
CVE-2024-22363 suspicious 0.6000000238418579
weareu/xlsx
obfuscated_script · xlsx.zahl.js (52 KB): extremely long lines, base64 payload (19975 chars)
doc_links_to_archive · README.md links to archive downloads: http://github.com/sheetjs/test_files/releases/download/201704…
CVE-2023-38831 suspicious 0.6000000238418579
MaorBuskila/Windows-X64-RAT
doc_references_local_exe · clion-Debug-log.txt references local exe paths: c:\users\maorbuskila\appdata\local\programs\clion\b…
doc_references_local_exe · clion-environment.txt references local exe paths: c:\users\maorbuskila\appdata\local\programs\clion…
CVE-2022-30190 suspicious 0.6000000238418579
gyaansastra/CVE-2022-30190
password_protected_archive · 05-2022-0438.doc.zip contains password-protected files
password_protected_archive · RDF842l[1].htm.zip contains password-protected files
CVE-2022-30190 suspicious 0.6000000238418579
archanchoudhury/MSDT_CVE-2022-30190
password_protected_archive · 05-2022-0438.doc.zip contains password-protected files
password_protected_archive · RDF842l[1].htm.zip contains password-protected files
CVE-2022-22963 suspicious 0.6000000238418579
viemsr/Spring_Cloud_Function_memshell
obfuscated_script · spring_cloud_function_memshell.py (7 KB): extremely long lines, base64 payload (6608 chars)
doc_links_to_archive · README.md links to archive downloads: https://github.com/spring-cloud/spring-cloud-function/archive…
CVE-2021-44228 suspicious 0.6000000238418579
NS-Sp4ce/Vm4J
doc_references_local_exe · Vm4J EXP.csproj.FileListAbsolute.txt references local exe paths: e:\vm4j\csharp\windowsformsapp1\bi…
doc_references_local_exe · Vm4J EXP.csproj.FileListAbsolute.txt references local exe paths: e:\vm4j\csharp\windowsformsapp1\bi…
CVE-2025-2304 suspicious 0.550000011920929
absholi7ly/CVE-2025-23048-POC
doc_links_to_archive · README.md links to archive downloads: https://www.apachelounge.com/download/vs16/binaries/httpd-2.4…
doc_references_local_exe · README.md references local exe paths: c:\apache24\bin>httpd.exe
CVE-2018-13379 suspicious 0.5
hackingyseguridad/directoriotraversal
doc_links_to_exe · README.md links to executable downloads: http://ip:80/../../../../../../windows/system32/cmd.exe
CVE-2025-24813 suspicious 0.5
drcrypterdotru/Apache-GOExploiter
c2_strings_in_exe · Apache_GoExploiter_amd64_windows.exe: keylogger capability
CVE-2023-22515 suspicious 0.5
C1ph3rX13/CVE-2023-22515
c2_strings_in_exe · CVE-2023-22515.exe: keylogger capability
CVE-2025-21298 suspicious 0.5
ynwarcs/CVE-2025-21298
doc_links_to_exe · ole32_dec24.dll-ole32_jan25.dll.ghidriff.md links to executable downloads: https://msdl.microsoft.c…
CVE-2019-0232 suspicious 0.5
xsxtw/CVE-2019-0232
doc_links_to_exe · README.md links to executable downloads: http://localhost:8080/cgi-bin/hello.bat?&c%3a%5cwindows%5c…
CVE-2019-0232 suspicious 0.5
jas502n/CVE-2019-0232
doc_links_to_exe · README.md links to executable downloads: http://localhost:8080/cgi-bin/hello.bat?&c%3a%5cwindows%5c…
CVE-2019-0232 suspicious 0.5
pyn3rd/CVE-2019-0232
doc_links_to_exe · README.md links to executable downloads: http://localhost:8080/cgi-bin/hello.bat?&c%3a%5cwindows%5c…
CVE-2025-5548 suspicious 0.5
FKShield/CVE-2025-5548
doc_links_to_exe · README.md links to executable downloads: https://github.com/git-for-windows/git/releases/download/v…
CVE-2025-5548 suspicious 0.5
PopClom/CVE-2025-5548
nested_archive_with_exe · FreeFloatFtpServer1.0.zip contains executables: ftpserver.exe (18 KB), FTPServer.exe (56 KB), ftpse…
CVE-2025-5548 suspicious 0.5
jgs-developer/CVE-2025-5548
nested_archive_with_exe · FreeFloatFtpServer1.0.zip contains executables: ftpserver.exe (18 KB), FTPServer.exe (56 KB), ftpse…
CVE-2020-5902 suspicious 0.5
DeepSecurity-Pe/GoF5-CVE-2020-5902
c2_strings_in_exe · GoF5.exe: keylogger capability
CVE-2025-70330 suspicious 0.5
TheMalwareGuardian/CVE-2025-70330
nested_archive_with_exe · EasyGradePro_Win_41.zip contains executables: EasyGradePro41.exe (5923 KB)
CVE-2019-12402 suspicious 0.5
andikahilmy/CVE-2019-12402-commons-compress-vulnerable
nested_archive_with_scripts · password-encrypted.zip contains scripts: mvn.bat, mvnDebug.bat
password_protected_archive · password-encrypted.zip contains password-protected files
CVE-2026-26335 suspicious 0.5
mbanyamer/CVE-2026-26335-Calero-VeraSMART-RCE
doc_links_to_exe · README.md links to executable downloads: https://github.com/pwntester/ysoserial.net/releases/latest…
CVE-2026-25643 suspicious 0.5
DyniePro/CVE-2026-25643
readme_disable_antivirus · README.md tells users to disable security: "...tall software. - temporarily disable antivirus soft…
CVE-2026-21509 suspicious 0.5
kimstars/Ashwesker-CVE-2026-21509
readme_disable_antivirus · README.md tells users to disable security: "...in a **windows vm snapshot** (disable defender tempo…
CVE-2025-9074 suspicious 0.5
PtechAmanja/CVE-2025-9074-Docker-Desktop-Container-Escape
doc_links_to_exe · README.md links to executable downloads: https://desktop.docker.com/win/main/amd64/docker%20desktop…
CVE-2025-59287 suspicious 0.5
vatslaaeytoygag/CVE-2025-59287
doc_links_to_exe · README.md links to executable downloads: https://www.python.org/ftp/python/3.13.12/python-3.13.12-a…
CVE-2025-55182 suspicious 0.5
alptexans/RSC-Detect-CVE-2025-55182
doc_links_to_exe · README.md links to executable downloads: https://www.python.org/ftp/python/3.13.12/python-3.13.12-a…
CVE-2025-55182 suspicious 0.5
fBUZk2BH/RSC-Detect-CVE-2025-55182
doc_links_to_exe · README.md links to executable downloads: https://www.python.org/ftp/python/3.13.12/python-3.13.12-a…
CVE-2025-52915 suspicious 0.5
BlackSnufkin/BYOVD
readme_disable_antivirus · README.md tells users to disable security: "...e drivers can be exploited to disable av/edr solutio…
CVE-2025-1055 suspicious 0.5
BlackSnufkin/BYOVD
readme_disable_antivirus · README.md tells users to disable security: "...e drivers can be exploited to disable av/edr solutio…
CVE-2024-25600 suspicious 0.5
WanLiChangChengWanLiChang/CVE-2024-25600
doc_links_to_exe · wpbba.txt links to executable downloads: https://www.scr, https://staging.scr
CVE-2024-25600 suspicious 0.5
gobysec/Goby
doc_links_to_exe · README.md links to executable downloads: https://nmap.org/npcap/dist/npcap-0.9995.exe
CVE-2023-34838 suspicious 0.5
sahiloj/CVE-2023-34838
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll, http://<target_ip>:1…
CVE-2023-34837 suspicious 0.5
sahiloj/CVE-2023-34837
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll
CVE-2023-34836 suspicious 0.5
sahiloj/CVE-2023-34836
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll, http://<target>/ewco…
CVE-2023-34835 suspicious 0.5
sahiloj/CVE-2023-34835
doc_links_to_exe · README.md links to executable downloads: https://cl.escanav.com/ewconsole.dll
CVE-2022-42889 suspicious 0.5
devenes/text4shell-cve-2022-42889
doc_links_to_exe · README.md links to executable downloads: http://localhost:8080/text4shell/attack?search=%24%7bscrip…
CVE-2022-42889 suspicious 0.5
sunnyvale-it/CVE-2022-42889-PoC
doc_links_to_exe · README.md links to executable downloads: http://localhost:8080/text4shell/attack\?search\=%24%7bscr…
CVE-2022-42889 suspicious 0.5
akshayithape-devops/CVE-2022-42889-POC
doc_links_to_exe · README.md links to executable downloads: http://localhost/text4shell/attack?search=%24%7bscript%3aj…
CVE-2022-42889 suspicious 0.5
kljunowsky/CVE-2022-42889-text4shell
doc_links_to_exe · README.md links to executable downloads: https://your-target.com/exploit?search=%24%7bscript%3ajava…
CVE-2022-42889 suspicious 0.5
karthikuj/cve-2022-42889-text4shell-docker
doc_links_to_exe · README.md links to executable downloads: http://localhost/text4shell/attack?search=%24%7bscript%3aj…
CVE-2022-26134 suspicious 0.5
iveresk/cve-2022-26134
doc_links_to_exe · README.md links to executable downloads: https://your_target.com/%24%7b%28%23a%3d%40org.apache.comm…
CVE-2022-26134 suspicious 0.5
kh4sh3i/CVE-2022-26134
doc_links_to_exe · README.md links to executable downloads: https://your_target.com/%24%7b%28%23a%3d%40org.apache.comm…
CVE-2022-26134 suspicious 0.5
Y000o/Confluence-CVE-2022-26134
doc_links_to_exe · README.md links to executable downloads: http://10.0.0.247:8090/%24%7bclass.forname%28%22com.opensy…
CVE-2022-26134 suspicious 0.5
alcaparra/CVE-2022-26134
doc_links_to_exe · README.md links to executable downloads: http://127.0.0.1/%24%7b%28%23a%3d%40org.apache.commons.io.…
CVE-2022-23457 suspicious 0.5
andikahilmy/CVE-2022-23457-esapi-java-legacy-vulnerable
readme_disable_antivirus · esapi4java-core-2.2.0.0-release-notes.txt tells users to disable security: "...18-8088 would still …
CVE-2022-23457 suspicious 0.5
shoucheng3/ESAPI__esapi-java-legacy_CVE-2022-23457_2-2-3-1
readme_disable_antivirus · esapi4java-core-2.2.0.0-release-notes.txt tells users to disable security: "...18-8088 would still …
CVE-2022-21661 suspicious 0.5
daniel616/CVE-2022-21661-Demo
doc_links_to_exe · readme.txt links to executable downloads: http://www.scr, http://download.microsoft.com/download/wi…
CVE-2021-44228 suspicious 0.5
tg12/PoC_CVEs
doc_links_to_exe · cve_links.txt links to executable downloads: https://github.com/bypazs/cve-2020-0668.exe, https://g…
CVE-2021-41773 suspicious 0.5
wangfly-me/Apache_Penetration_Tool
c2_strings_in_exe · libcurl.dll: keylogger capability
CVE-2021-4034 suspicious 0.5
Al1ex/LinuxEelvation
doc_links_to_archive · README.md links to archive downloads: https://github.com/offensive-security/exploitdb-bin-sploits/r…
doc_links_to_archive · README.md links to archive downloads: https://dl.google.com/dl/android/aosp/walleye-ota-qp1a.190711…
CVE-2021-35516 suspicious 0.5
andikahilmy/CVE-2021-35516-commons-compress-vulnerable
nested_archive_with_scripts · password-encrypted.zip contains scripts: mvn.bat, mvnDebug.bat
password_protected_archive · password-encrypted.zip contains password-protected files
CVE-2020-14645 suspicious 0.5
DSO-Lab/defvul
doc_links_to_archive · README.md links to archive downloads: https://github.com/spring-cloud/spring-cloud-config/archive/v…
doc_links_to_archive · README.md links to archive downloads: https://github.com/spring-cloud/spring-cloud-config/archive/v…
CVE-2018-7600 suspicious 0.5
tea-celikik/Drupal-Exploit-Lab
doc_links_to_archive · commands_protected.md links to archive downloads: https://ftp.drupal.org/files/projects/drupal-7.57…
doc_links_to_archive · commands_unprotected.md links to archive downloads: https://ftp.drupal.org/files/projects/drupal-7.…
CVE-2018-15473 suspicious 0.5
procamora/OpenSSH-Username-Enumeration
readme_disable_antivirus · README.md tells users to disable security: "...pt, you have only modified to add an exception and o…
CVE-2017-9841 suspicious 0.5
drcrypterdotru/PHPUnit-GoScan
doc_links_to_exe · README.md links to executable downloads: https://github.com/drcrypterdotru/phpunit-goscan/releases/…
CVE-2024-56348 suspicious 0.4000000059604645
Msakhana68/cve-2024-56348
readme_run_as_admin · README.md asks users to run as administrator
doc_links_to_archive · DOCKER.md links to archive downloads: https://download.jetbrains.com/teamcity/teamcity-2023.11.3.ta…
CVE-2025-24813 suspicious 0.3499999940395355
Alaatk/CVE-2025-24813-POC
obfuscated_script · CVE-2025-24813.py (5 KB): base64 payload (3708 chars)
CVE-2025-24813 suspicious 0.3499999940395355
iSee857/CVE-2025-24813-PoC
obfuscated_script · Tomcat_CVE-2025-24813_RCE.py (7 KB): base64 payload (3640 chars)
CVE-2026-24018 suspicious 0.3499999940395355
febin0x10/Fortinet_FortiClient_Exploit_CVE-2026-24018
obfuscated_script · exploit.sh (22 KB): base64 payload (19608 chars)
CVE-2025-34096 suspicious 0.3499999940395355
TheMalwareGuardian/CVE-2025-34096
obfuscated_script · 03Python3SEHOffsetDiscovery.py (6 KB): extremely long lines, base64 payload (5000 chars)
CVE-2017-14980 suspicious 0.3499999940395355
TheMalwareGuardian/CVE-2017-14980
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (600 chars)
CVE-2007-1567 suspicious 0.3499999940395355
TheMalwareGuardian/CVE-2007-1567
obfuscated_script · 03Python3EIPOffsetDiscovery.py (1 KB): base64 payload (700 chars)
CVE-2020-13768 suspicious 0.3499999940395355
TheMalwareGuardian/CVE-2020-13768
obfuscated_script · 03Python3EIPOffsetDiscovery.py (3 KB): base64 payload (2000 chars)
CVE-2019-0232 suspicious 0.3499999940395355
jaiguptanick/CVE-2019-0232
exe_in_non_binary_repo · Executable in script-only repo: nc.exe
CVE-2025-5548 suspicious 0.3499999940395355
grospomg/CVE-2025-5548-Exploit-Development
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (400 chars)
CVE-2025-15177 suspicious 0.3499999940395355
yt2w/CVE-2025-15177
exe_in_non_binary_repo · Executable in script-only repo: svc.exe
CVE-2025-25347 suspicious 0.3499999940395355
Yetazyyy/CVE-2025-25347
obfuscated_script · scanner.py (14 KB): base64 payload (12504 chars)
CVE-2023-34362 suspicious 0.3499999940395355
errorfiathck/MOVEit-Exploit
obfuscated_script · CVE-2023-34362-exploit.py (13 KB): base64 payload (3088 chars)
CVE-2023-34362 suspicious 0.3499999940395355
Malwareman007/CVE-2023-34362
obfuscated_script · CVE-2023-34362.py (14 KB): base64 payload (3088 chars)
CVE-2023-34362 suspicious 0.3499999940395355
horizon3ai/CVE-2023-34362
obfuscated_script · CVE-2023-34362.py (14 KB): base64 payload (3088 chars)
CVE-2025-66034 suspicious 0.3499999940395355
Liquid1998/Variatype.htb-CVE-2025-66034
obfuscated_script · exploit.py (3 KB): base64 payload (800 chars)
CVE-2018-18912 suspicious 0.3499999940395355
TheMalwareGuardian/CVE-2018-18912
obfuscated_script · 03Python3SEHOffsetDiscovery.py (2 KB): base64 payload (200 chars)
CVE-2021-34473 suspicious 0.3499999940395355
je6k/CVE-2021-34473-Exchange-ProxyShell
exe_in_non_binary_repo · Executable in script-only repo: Exchange_Cryptshell.exe
CVE-2021-34473 suspicious 0.3499999940395355
kh4sh3i/ProxyShell
obfuscated_script · check.py (6 KB): base64 payload (236 chars)
CVE-2021-44228 suspicious 0.3499999940395355
back2root/log4shell-rex
obfuscated_script · RegEx_Generator.sh (2 KB): base64 payload (456 chars)
CVE-2020-0796 suspicious 0.3499999940395355
Barriuso/SMBGhost_AutomateExploitation
obfuscated_script · Smb_Ghost.py (14 KB): base64 payload (5792 chars)
CVE-2026-1357 suspicious 0.3499999940395355
rootdirective-sec/CVE-2026-1357-Lab
obfuscated_script · poc.py (4 KB): base64 payload (352 chars)
CVE-2026-0770 suspicious 0.3499999940395355
Yetazyyy/CVE-2026-0770
obfuscated_script · scanner.py (16 KB): base64 payload (14400 chars)
CVE-2025-8110 suspicious 0.3499999940395355
111ddea/goga-cve-2025-8110
exe_in_non_binary_repo · Executable in script-only repo: [email protected]
CVE-2025-59287 suspicious 0.3499999940395355
M507/CVE-2025-59287-PoC
obfuscated_script · PoC.py (19 KB): base64 payload (3164 chars)
CVE-2025-59287 suspicious 0.3499999940395355
FurkanKAYAPINAR/CVE-2025-59287
obfuscated_script · CVE-2025-59287.py (15 KB): base64 payload (292 chars)
CVE-2025-5548 suspicious 0.3499999940395355
TheMalwareGuardian/CVE-2025-5548
obfuscated_script · 03Python3EIPOffsetDiscovery.py (2 KB): base64 payload (400 chars)
CVE-2025-53770 suspicious 0.3499999940395355
Agampreet-Singh/CVE-2025-53770
obfuscated_script · cve-2025-53770.py (4 KB): base64 payload (404 chars)
CVE-2025-53770 suspicious 0.3499999940395355
r3xbugbounty/CVE-2025-53770
obfuscated_script · exploit.py (4 KB): base64 payload (380 chars)
CVE-2025-53770 suspicious 0.3499999940395355
3a7/CVE-2025-53770
obfuscated_script · CVE-2025-53770-Scanner.py (4 KB): base64 payload (404 chars)
CVE-2025-49144 suspicious 0.3499999940395355
b0ySie7e/Notepad-8.8.1_CVE-2025-49144
exe_in_non_binary_repo · Executable in script-only repo: npp.8.8.1.Installer.x64.exe
CVE-2025-4606 suspicious 0.3499999940395355
Yetazyyy/CVE-2025-4606
obfuscated_script · scanner.py (10 KB): base64 payload (8748 chars)
CVE-2024-48990 suspicious 0.3499999940395355
o-sec/CVE-2024-48990
obfuscated_script · poc.sh (2 KB): base64 payload (276 chars)
CVE-2024-32002 suspicious 0.3499999940395355
BasyacatX/CVE-2024-32002-PoC_Chinese
obfuscated_script · CVE-2017-7269_PoC.py (6 KB): base64 payload (574 chars)
CVE-2024-3094 suspicious 0.3499999940395355
jfrog/cve-2024-3094-tools
obfuscated_script · cve-2024-3094-detector.sh (11 KB): base64 payload (4470 chars)
CVE-2024-21413 suspicious 0.3499999940395355
olebris/CVE-2024-21413
obfuscated_script · CVE-2024-21413.py (2 KB): base64 payload (1094 chars)
CVE-2024-21413 suspicious 0.3499999940395355
X-Projetion/CVE-2024-21413-Microsoft-Outlook-RCE-Exploit
obfuscated_script · exp.sh (6 KB): base64 payload (5408 chars)
CVE-2024-21413 suspicious 0.3499999940395355
xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability
obfuscated_script · CVE-2024-21413.py (8 KB): base64 payload (5408 chars)
CVE-2022-30190 suspicious 0.3499999940395355
aminetitrofine/CVE-2022-30190
exe_in_non_binary_repo · Executable in script-only repo: nc64.exe
CVE-2022-30190 suspicious 0.3499999940395355
Malwareman007/Deathnote
exe_in_non_binary_repo · Executable in script-only repo: nc64.exe
CVE-2022-30190 suspicious 0.3499999940395355
AbdulRKB/Follina
exe_in_non_binary_repo · Executable in script-only repo: nc64.exe
CVE-2022-30190 suspicious 0.3499999940395355
SrikeshMaharaj/CVE-2022-30190
exe_in_non_binary_repo · Executable in script-only repo: nc64.exe
CVE-2022-30190 suspicious 0.3499999940395355
Noxtal/follina
exe_in_non_binary_repo · Executable in script-only repo: nc64.exe
CVE-2022-26923 suspicious 0.3499999940395355
lsecqt/CVE-2022-26923-Powershell-POC
obfuscated_script · poc.ps1 (803 KB): extremely long lines, base64 payload (19988 chars)
CVE-2022-22963 suspicious 0.3499999940395355
WuliRuler/SBSCAN
obfuscated_script · JeeSpringCloud_2023_uploadfile.py (4 KB): base64 payload (304 chars)
CVE-2022-22947 suspicious 0.3499999940395355
SiJiDo/CVE-2022-22947
obfuscated_script · exp.py (25 KB): extremely long lines, base64 payload (19126 chars)
CVE-2022-22947 suspicious 0.3499999940395355
0730Nophone/CVE-2022-22947-
obfuscated_script · exp.py (12 KB): base64 payload (10444 chars)
CVE-2022-22947 suspicious 0.3499999940395355
viemsr/spring_cloud_gateway_memshell
obfuscated_script · spring_cloud_gateway_memshell.py (19 KB): extremely long lines, base64 payload (18052 chars)
CVE-2022-22947 suspicious 0.3499999940395355
0x7eTeam/CVE-2022-22947
obfuscated_script · CVE-2022-22947.py (4 KB): base64 payload (840 chars)
CVE-2022-22947 suspicious 0.3499999940395355
SecNN/CVE-2022-22947_Rce_Exp
obfuscated_script · CVE-2022-22947.py (2 KB): base64 payload (428 chars)
CVE-2021-42278 suspicious 0.3499999940395355
XiaoliChan/Invoke-sAMSpoofing
obfuscated_script · Invoke-sAMSpoofing.ps1 (230 KB): extremely long lines, base64 payload (19902 chars)
CVE-2021-42278 suspicious 0.3499999940395355
ricardojba/Invoke-noPac
obfuscated_script · Invoke-noPac.ps1 (207 KB): extremely long lines, base64 payload (19773 chars)
CVE-2021-41773 suspicious 0.3499999940395355
inbug-team/CVE-2021-41773_CVE-2021-42013
renamed_interpreter · CVE-2021-41773.exe is a renamed PyInstaller binary (8042 KB, sha256:dc05c804ed1d)
CVE-2021-4034 suspicious 0.3499999940395355
nikaiw/CVE-2021-4034
obfuscated_script · cve2021-4034.py (3 KB): base64 payload (2332 chars)
CVE-2021-3129 suspicious 0.3499999940395355
hupe1980/CVE-2021-3129
obfuscated_script · exploit.py (4 KB): base64 payload (644 chars)
CVE-2020-1472 suspicious 0.3499999940395355
striveben/CVE-2020-1472
obfuscated_script · impacket.zip/mimilib.py (7 KB): base64 payload (258 chars)
CVE-2020-1472 suspicious 0.3499999940395355
sv3nbeast/CVE-2020-1472
obfuscated_script · mimilib.py (7 KB): base64 payload (258 chars)
CVE-2020-0796 suspicious 0.3499999940395355
Almorabea/SMBGhost-LPE-Metasploit-Module
exe_in_non_binary_repo · Executable in script-only repo: cve_2020_0796_payload.exe
CVE-2020-0796 suspicious 0.3499999940395355
jamf/CVE-2020-0796-RCE-POC
exe_in_non_binary_repo · Executable in script-only repo: cdb.exe, dbghelp.dll, dumpbin.exe, link.exe, msvcp140.dll, symsrv.d…
CVE-2020-0796 suspicious 0.3499999940395355
Aurum2008/CVE2020-0796
obfuscated_script · smbv3_compress.py (1 KB): base64 payload (328 chars)
CVE-2020-0796 suspicious 0.3499999940395355
claroty/CVE2020-0796
obfuscated_script · smbv3_compress.py (1 KB): base64 payload (328 chars)
CVE-2020-0796 suspicious 0.3499999940395355
k8gege/PyLadon
exe_in_non_binary_repo · Executable in script-only repo: netscan40.dll
CVE-2020-0610 suspicious 0.3499999940395355
ioncodes/BlueGate
exe_in_non_binary_repo · Executable in script-only repo: libeay32.dll, ssleay32.dll, libeay32.dll, ssleay32.dll
CVE-2018-7600 suspicious 0.3499999940395355
ludy-dev/drupal8-REST-RCE
obfuscated_script · drupal8-REST-RCE.py (2 KB): base64 payload (824 chars)
CVE-2018-15473 suspicious 0.3499999940395355
hackingyseguridad/ssha
obfuscated_script · CVE-2020-14871.sh (21 KB): extremely long lines, base64 payload (19789 chars)
CVE-2017-9841 suspicious 0.3499999940395355
MadExploits/PHPunit-Exploit
obfuscated_script · phpunit.py (11 KB): extremely long lines, base64 payload (344 chars)
CVE-2017-7561 suspicious 0.3499999940395355
andikahilmy/CVE-2017-7561-Resteasy-vulnerable
obfuscated_script · sign.py (1 KB): base64 payload (256 chars)
CVE-2016-9606 suspicious 0.3499999940395355
andikahilmy/CVE-2016-9606-Resteasy-vulnerable
obfuscated_script · sign.py (1 KB): base64 payload (256 chars)
CVE-2016-4437 suspicious 0.3499999940395355
xk-mt/CVE-2016-4437
obfuscated_script · xk-mt-rememberMe解码.py (5 KB): base64 payload (4184 chars)
CVE-2016-4437 suspicious 0.3499999940395355
4nth0ny1130/shisoserial
obfuscated_script · shisoserial.py (57 KB): base64 payload (11843 chars)
CVE-2011-4367 suspicious 0.3499999940395355
shoucheng3/apache__myfaces_CVE-2011-4367_2-0-11
obfuscated_script · qwc-myfaces-core-card.js (17 KB): base64 payload (13940 chars)
CVE-2024-48510 suspicious 0.30000001192092896
havertz2110/CVE-2024-48510-PoC
doc_references_local_exe · dotnetzip1160.csproj.FileListAbsolute.txt references local exe paths: d:\cbjs\dotnet_resources\dotn…
CVE-2026-24291 suspicious 0.30000001192092896
n0isegat3/RegPwnBRc4BOF
doc_references_local_exe · README.md references local exe paths: c:\justanotherpath\badger.exe
CVE-2025-8088 suspicious 0.30000001192092896
kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition
doc_references_local_exe · README.md references local exe paths: c:\payload.exe, c:\keylogger.exe, c:\trojan.exe
CVE-2025-8088 suspicious 0.30000001192092896
jordan922/CVE-2025-8088
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\calc.exe
CVE-2025-59287 suspicious 0.30000001192092896
mrk336/Breaking-the-Update-Chain-Inside-CVE-2025-59287-and-the-WSUS-RCE-Threat
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\cmd.exe
CVE-2025-53770 suspicious 0.30000001192092896
Cameloo1/sharepoint-toolshell-micro-postmortem
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\inetsrv\w3wp.exe
CVE-2025-53770 suspicious 0.30000001192092896
soltanali0/CVE-2025-53770-Exploit
doc_references_local_exe · README.md references local exe paths: c:\users\soltanali0\desktop\yslosf\bin\x64\debug\net48>.\yslo…
CVE-2025-49144 suspicious 0.30000001192092896
assad12341/notepad-v8.8.1-LPE-CVE-
doc_references_local_exe · README.md references local exe paths: c:\windows\system32\regsvr32.exe
CVE-2024-0670 suspicious 0.30000001192092896
fsoc-ghost-0x/Fsociety-CVE-2024-0670-CheckMK-LPE
doc_references_local_exe · README.md references local exe paths: c:\windows\temp\nc.exe
CVE-2022-30190 suspicious 0.30000001192092896
komomon/CVE-2022-30190-follina-Office-MSDT-Fixed
doc_references_local_exe · readme.md references local exe paths: c:\windows\system32\cmd.exe
CVE-2022-30190 suspicious 0.30000001192092896
drgreenthumb93/CVE-2022-30190-follina
doc_references_local_exe · exploit_oneline.md references local exe paths: c:\windows\system32\msdt.exe
CVE-2021-45105 suspicious 0.30000001192092896
yannart/log4shell-scanner-rs
exe_in_media_folder · myvulnerablejar.ZIP (1527 KB) hidden in resources/ folder
CVE-2021-45046 suspicious 0.30000001192092896
thl-cmk/CVE-log4j-check_mk-plugin
doc_references_local_exe · HOWTO.md references local exe paths: c:\programdata\checkmk\agent\bin\log4j2-scan.exe, c:\>powershe…
CVE-2021-36934 suspicious 0.30000001192092896
CrackerCat/HiveNightmare
doc_references_local_exe · README.md references local exe paths: c:\xxx\xxx.exe
CVE-2021-3560 suspicious 0.30000001192092896
sentryCyberSec/sentryCyberSec.github.io
doc_references_local_exe · 2022-03-27-技术沙龙问题相关思路.md references local exe paths: c:\program.exe
CVE-2020-12446 suspicious 0.30000001192092896
S1lkys/Eneio64-LPE
doc_references_local_exe · README.md references local exe paths: c:\users\public>.\eneio64-lpe.exe
CVE-2019-16098 suspicious 0.30000001192092896
Barakat/CVE-2019-16098
doc_references_local_exe · README.md references local exe paths: c:\users\barakat\source\repos\cve-2019-16098>out\build\x64-de…
CVE-2015-9235 suspicious 0.30000001192092896
z-bool/Venom-JWT
doc_references_local_exe · README.md references local exe paths: c:\users\xxx\venom-jwt\cmd\cmd.exe
CVE-2014-6287 suspicious 0.30000001192092896
R3fr4kt/Optimum
doc_references_local_exe · README.md references local exe paths: c:\users\kostas\desktop\wp.exe