mttaggart wtfbins issues

mttaggart / wtfbins

WTF are these binaries doing?! A list of benign applications that mimic malicious behavior.

MIT License

141 stars 10 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

[New WTFBin]: OpenVAS runs WMIExec

#54 mttaggart opened 1 month ago
0
[New WTFBin]: WTFBIN Here

#53 ThureinOo opened 3 months ago
0
[New WTFBin]: WTFBIN Here

#52 ThureinOo opened 3 months ago
0
[New WTFBin]: Jetbrains IDE using WMI to query antivirus product

#51 ThureinOo closed 3 months ago
2
[New WTFBin]: IBM Storage Insights Data Collector Runs Batch Script with WMIC Process Call Create

#50 mbabinski closed 3 months ago
2
[New WTFBin]: WTFBIN Here

#49 0xDeadcell closed 5 months ago
1
[New WTFBin]: code.exe spawn cmd.exe

#48 ThureinOo closed 5 months ago
1
[New WTFBin]: Trojan.exe

#47 mvarian closed 5 months ago
2
[New WTFBin]: Nutanix Guest Tools Runs Encoded Powershell Commands

#46 mbabinski closed 9 months ago
1
[New WTFBin]: Cisco Jabber outputs system info to files

#45 Alex-Walston closed 5 months ago
8
[New WTFBin]: SecurityHealthService.exe

#44 59e5aaf4 opened 1 year ago
0
[New WTFBin]: SenseIR Executes Encoded PowerShell

#43 adamcysec closed 9 months ago
3
[New WTFBin]: WTFBIN Here

#42 alexvzd closed 1 year ago
1
[New WTFBin]: gc_worker.exe

#41 rcegan closed 1 year ago
1
[New WTFBin]: Guest user tries to login whenever a folder gets shared with "Everyone"

#40 ygil1234 closed 9 months ago
1
[New WTFBin]: iManage Document Protection

#39 cbecks2 closed 1 year ago
1
[New WTFBin]: Avast Antivirus attempts SSH connections to neighbor hosts

#38 mttaggart closed 1 year ago
1
[New WTFBin]: TrendMicro HostedAgent.exe

#37 biffalo closed 1 year ago
1
[New WTFBin]: AdobeUpdateService

#36 joshnck opened 1 year ago
1
[New WTFBin]: microsoft.todos.systemtrayextension.exe

#35 redblueops closed 1 year ago
1
Nextjs

#34 mttaggart closed 1 year ago
0
[New WTFBin]: McAfee antivirus

#33 pspacek closed 1 year ago
3
[New WTFBin]: ESET protection suite

#32 pspacek closed 1 year ago
3
[New WTFBin]: SCS' PowerView.exe triggers PowerSploit's detection

#31 Purp1eW0lf closed 1 year ago
2
[New WTFBin]: WTFBIN Here

#30 mthrfcknruckus closed 1 year ago
3
[New WTFBin]: logmein.com

#29 joaociocca closed 1 year ago
1
[New WTFBin]: ArcGIS deploys whoami.exe

#28 Purp1eW0lf closed 1 year ago
1
[New WTFBin]: Android MobileWips App Makes DNS Query for google[.]com[.]onion

#27 mbabinski closed 1 year ago
3
[New WTFBin]: Snow Inventory Agent (snowagent.exe) runs PowerShell which resembles shellcode

#26 lukejjh closed 1 year ago
1
[New WTFBin]: PsExec v2.30

#25 umairqamar closed 1 year ago
4
[New WTFBin]: SentinelOne

#24 Purp1eW0lf closed 2 years ago
4
Rich text for WTFBin Descriptions

#23 mttaggart closed 2 years ago
2
[New WTFBin]: Suspicious characters in command line arguments for Ivanti Endpoint Manager logging processes

#22 mbabinski closed 2 years ago
1
[New WTFBin]: WTFBIN bdbicextractor.exe

#21 redblueops closed 2 years ago
1
[New WTFBin]: WTFBIN Here

#20 dakinedakine99 closed 1 year ago
6
[GetPendingUpdates_vbs.CMD]: GetPendingUpdates_vbs.CMD from Solarwinds

#19 umairqamar closed 1 year ago
2
Powershell_ise.exe

#18 dakkmaddy closed 2 years ago
1
[New WTFBin]: AGMServive.exe LSASS read

#17 g1ng3rr00t closed 2 years ago
1
[New WTFBin]: WTFBIN Here

#16 MATTANDERS0N closed 2 years ago
1
[Update] Update Nimlang Binaries WTF Bin with this gem of a screenshot

#15 HuskyHacks closed 2 years ago
1
[New WTFBin]: Silver Bullet Technology's Ranger runs a Bloodhound.exe

#14 Purp1eW0lf closed 2 years ago
3
[DameWare Mini Control]: DameWare.exe

#13 tallcyberguy opened 2 years ago
2
Cisco AnyConnect: Diagnose Connection Issues, WHOAMI as system

#12 no2aq opened 2 years ago
1
[New WTFBin]: RingCentral.exe (Meeting platform)

#11 WidespreadPandemic closed 2 years ago
2
Squirrel.exe: (MS Teams)

#10 SpikeRoche closed 2 years ago
4
LogMeIn.exe (LogMeIn Product Suite)

#9 WidespreadPandemic closed 2 years ago
2
Add common installation paths

#8 hRun opened 2 years ago
0
[New WTFBin]: reader_sl.exe" launches "I run" for no damn reason

#7 59e5aaf4 closed 2 years ago
3
[New WTFBin]: Windows USB Link-local IP addresses (169.254.0.0/16) on the host PC

#6 knightwolfjk closed 2 years ago
2
[New WTFBin]: Network Detective Data Collector

#5 Purp1eW0lf closed 2 years ago
2